Vulnerabilities > CVE-2012-6540 - Information Exposure vulnerability in Linux Kernel

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1798-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(65872);
  script_version("1.10");
  script_cvs_date("Date: 2019/09/19 12:54:29");

  script_cve_id("CVE-2012-6537", "CVE-2012-6539", "CVE-2012-6540", "CVE-2013-0914", "CVE-2013-1767", "CVE-2013-1792");
  script_bugtraq_id(58177, 58368, 58426, 58977, 58985, 58986);
  script_xref(name:"USN", value:"1798-1");

  script_name(english:"Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1798-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Mathias Krause discovered several errors in the Linux kernel's
xfrm_user implementation. A local attacker could exploit these flaws
to examine parts of kernel memory. (CVE-2012-6537)

Mathias Krause discovered information leak in the Linux kernel's
compat ioctl interface. A local user could exploit the flaw to examine
parts of kernel stack memory (CVE-2012-6539)

Mathias Krause discovered an information leak in the Linux kernel's
getsockopt for IP_VS_SO_GET_TIMEOUT. A local user could exploit this
flaw to examine parts of kernel stack memory. (CVE-2012-6540)

Emese Revfy discovered that in the Linux kernel signal handlers could
leak address information across an exec, making it possible to by pass
ASLR (Address Space Layout Randomization). A local user could use this
flaw to by pass ASLR to reliably deliver an exploit payload that would
otherwise be stopped (by ASLR). (CVE-2013-0914)

A memory use after free error was discover in the Linux kernel's tmpfs
filesystem. A local user could exploit this flaw to gain privileges or
cause a denial of service (system crash). (CVE-2013-1767)

Mateusz Guzik discovered a race in the Linux kernel's keyring. A local
user could exploit this flaw to cause a denial of service (system
crash). (CVE-2013-1792).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1798-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected linux-image-2.6-ec2 package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/09");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2012-6537", "CVE-2012-6539", "CVE-2012-6540", "CVE-2013-0914", "CVE-2013-1767", "CVE-2013-1792");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1798-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-351-ec2", pkgver:"2.6.32-351.63")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-ec2");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2668. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(66431);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");

  script_cve_id("CVE-2012-2121", "CVE-2012-3552", "CVE-2012-4461", "CVE-2012-4508", "CVE-2012-6537", "CVE-2012-6539", "CVE-2012-6540", "CVE-2012-6542", "CVE-2012-6544", "CVE-2012-6545", "CVE-2012-6546", "CVE-2012-6548", "CVE-2012-6549", "CVE-2013-0349", "CVE-2013-0914", "CVE-2013-1767", "CVE-2013-1773", "CVE-2013-1774", "CVE-2013-1792", "CVE-2013-1796", "CVE-2013-1798", "CVE-2013-1826", "CVE-2013-1860", "CVE-2013-1928", "CVE-2013-1929", "CVE-2013-2015", "CVE-2013-2634", "CVE-2013-3222", "CVE-2013-3223", "CVE-2013-3224", "CVE-2013-3225", "CVE-2013-3228", "CVE-2013-3229", "CVE-2013-3231", "CVE-2013-3234", "CVE-2013-3235");
  script_bugtraq_id(53162, 55359, 56238, 56414, 58112, 58177, 58200, 58202, 58368, 58381, 58426, 58510, 58597, 58604, 58607, 58906, 58908, 58985, 58986, 58989, 58990, 58991, 58992, 58994, 59377, 59380, 59381, 59383, 59385, 59389, 59390, 59393, 59397, 59512);
  script_xref(name:"DSA", value:"2668");

  script_name(english:"Debian DSA-2668-1 : linux-2.6 - privilege escalation/denial of service/information leak");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, information leak or privilege
escalation. The Common Vulnerabilities and Exposures project
identifies the following problems :

  - CVE-2012-2121
    Benjamin Herrenschmidt and Jason Baron discovered issues
    with the IOMMU mapping of memory slots used in KVM
    device assignment. Local users with the ability to
    assign devices could cause a denial of service due to a
    memory page leak.

  - CVE-2012-3552
    Hafid Lin reported an issue in the IP networking
    subsystem. A remote user can cause a denial of service
    (system crash) on servers running applications that set
    options on sockets which are actively being processed.

  - CVE-2012-4461
    Jon Howell reported a denial of service issue in the KVM
    subsystem. On systems that do not support the XSAVE
    feature, local users with access to the /dev/kvm
    interface can cause a system crash.

  - CVE-2012-4508
    Dmitry Monakhov and Theodore Ts'o reported a race
    condition in the ext4 filesystem. Local users could gain
    access to sensitive kernel memory.

  - CVE-2012-6537
    Mathias Krause discovered information leak issues in the
    Transformation user configuration interface. Local users
    with the CAP_NET_ADMIN capability can gain access to
    sensitive kernel memory.

  - CVE-2012-6539
    Mathias Krause discovered an issue in the networking
    subsystem. Local users on 64-bit systems can gain access
    to sensitive kernel memory.

  - CVE-2012-6540
    Mathias Krause discovered an issue in the Linux virtual
    server subsystem. Local users can gain access to
    sensitive kernel memory. Note: this issue does not
    affect Debian provided kernels, but may affect custom
    kernels built from Debian's linux-source-2.6.32 package.

  - CVE-2012-6542
    Mathias Krause discovered an issue in the LLC protocol
    support code. Local users can gain access to sensitive
    kernel memory.

  - CVE-2012-6544
    Mathias Krause discovered issues in the Bluetooth
    subsystem. Local users can gain access to sensitive
    kernel memory.

  - CVE-2012-6545
    Mathias Krause discovered issues in the Bluetooth RFCOMM
    protocol support. Local users can gain access to
    sensitive kernel memory.

  - CVE-2012-6546
    Mathias Krause discovered issues in the ATM networking
    support. Local users can gain access to sensitive kernel
    memory.

  - CVE-2012-6548
    Mathias Krause discovered an issue in the UDF file
    system support. Local users can obtain access to
    sensitive kernel memory.

  - CVE-2012-6549
    Mathias Krause discovered an issue in the isofs file
    system support. Local users can obtain access to
    sensitive kernel memory.

  - CVE-2013-0349
    Anderson Lizardo discovered an issue in the Bluetooth
    Human Interface Device Protocol (HIDP) stack. Local
    users can obtain access to sensitive kernel memory.

  - CVE-2013-0914
    Emese Revfy discovered an issue in the signal
    implementation. Local users may be able to bypass the
    address space layout randomization (ASLR) facility due
    to a leaking of information to child processes.

  - CVE-2013-1767
    Greg Thelen reported an issue in the tmpfs virtual
    memory filesystem. Local users with sufficient privilege
    to mount filesystems can cause a denial of service or
    possibly elevated privileges due to a use-after free
    defect.

  - CVE-2013-1773
    Alan Stern provided a fix for a defect in the
    UTF8->UTF16 string conversion facility used by the VFAT
    filesystem. A local user could cause a buffer overflow
    condition, resulting in a denial of service or
    potentially elevated privileges.

  - CVE-2013-1774
    Wolfgang Frisch provided a fix for a NULL pointer
    dereference defect in the driver for some serial USB
    devices from Inside Out Networks. Local users with
    permission to access these devices can create a denial
    of service (kernel oops) by causing the device to be
    removed while it is in use.

  - CVE-2013-1792
    Mateusz Guzik of Red Hat EMEA GSS SEG Team discovered a
    race condition in the access key retention support in
    the kernel. A local user could cause a denial of service
    (NULL pointer dereference).

  - CVE-2013-1796
    Andrew Honig of Google reported an issue in the KVM
    subsystem. A user in a guest operating system could
    corrupt kernel memory, resulting in a denial of service.

  - CVE-2013-1798
    Andrew Honig of Google reported an issue in the KVM
    subsystem. A user in a guest operating system could
    cause a denial of service due to a use after-free
    defect.

  - CVE-2013-1826
    Mathias Krause discovered an issue in the Transformation
    (XFRM) user configuration interface of the networking
    stack. A user with the CAP_NET_ADMIN capability may be
    able to gain elevated privileges.

  - CVE-2013-1860
    Oliver Neukum discovered an issue in the USB CDC WCM
    Device Management driver. Local users with the ability
    to attach devices can cause a denial of service (kernel
    crash) or potentially gain elevated privileges.

  - CVE-2013-1928
    Kees Cook provided a fix for an information leak in the
    VIDEO_SET_SPU_PALETTE ioctl for 32-bit applications
    running on a 64-bit kernel. Local users can gain access
    to sensitive kernel memory.

  - CVE-2013-1929
    Oded Horovitz and Brad Spengler reported an issue in the
    device driver for Broadcom Tigon3 based gigabit
    Ethernet. Users with the ability to attach untrusted
    devices can create an overflow condition, resulting in a
    denial of service or elevated privileges.

  - CVE-2013-2015
    Theodore Ts'o provided a fix for an issue in the ext4
    filesystem. Local users with the ability to mount a
    specially crafted filesystem can cause a denial of
    service (infinite loop).

  - CVE-2013-2634
    Mathias Krause discovered a few issues in the Data
    Center Bridging (DCB) netlink interface. Local users can
    gain access to sensitive kernel memory.

  - CVE-2013-3222
    Mathias Krause discovered an issue in the Asynchronous
    Transfer Mode (ATM) protocol support. Local users can
    gain access to sensitive kernel memory.

  - CVE-2013-3223
    Mathias Krause discovered an issue in the Amateur Radio
    AX.25 protocol support. Local users can gain access to
    sensitive kernel memory.

  - CVE-2013-3224
    Mathias Krause discovered an issue in the Bluetooth
    subsystem. Local users can gain access to sensitive
    kernel memory.

  - CVE-2013-3225
    Mathias Krause discovered an issue in the Bluetooth
    RFCOMM protocol support. Local users can gain access to
    sensitive kernel memory.

  - CVE-2013-3228
    Mathias Krause discovered an issue in the IrDA
    (infrared) subsystem support. Local users can gain
    access to sensitive kernel memory.

  - CVE-2013-3229
    Mathias Krause discovered an issue in the IUCV support
    on s390 systems. Local users can gain access to
    sensitive kernel memory.

  - CVE-2013-3231
    Mathias Krause discovered an issue in the ANSI/IEEE
    802.2 LLC type 2 protocol support. Local users can gain
    access to sensitive kernel memory.

  - CVE-2013-3234
    Mathias Krause discovered an issue in the Amateur Radio
    X.25 PLP (Rose) protocol support. Local users can gain
    access to sensitive kernel memory.

  - CVE-2013-3235
    Mathias Krause discovered an issue in the Transparent
    Inter Process Communication (TIPC) protocol support.
    Local users can gain access to sensitive kernel memory."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-2121"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-3552"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-4461"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-4508"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-6537"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-6539"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-6540"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-6542"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-6544"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-6545"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-6546"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-6548"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2012-6549"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-0349"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-0914"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-1767"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-1773"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-1774"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-1792"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-1796"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-1798"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-1826"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-1860"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-1928"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-1929"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-2015"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-2634"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-3222"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-3223"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-3224"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-3225"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-3228"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-3229"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-3231"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-3234"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-3235"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze/linux-2.6"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2013/dsa-2668"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the linux-2.6 and user-mode-linux packages.

For the oldstable distribution (squeeze), this problem has been fixed
in version 2.6.32-48squeeze3.

The following matrix lists additional source packages that were
rebuilt for compatibility with or to take advantage of this update :

                          Debian 6.0 (squeeze)     
  user-mode-linux          2.6.32-1um-4+48squeeze3  
Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or 'leap-frog' fashion."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-2.6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/05/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/05/15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"firmware-linux-free", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-base", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-doc-2.6.32", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-486", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-4kc-malta", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-5kc-malta", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-686", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-686-bigmem", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-amd64", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-armel", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-i386", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-ia64", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-mips", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-mipsel", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-powerpc", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-s390", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-sparc", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-amd64", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-openvz", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-vserver", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-xen", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-iop32x", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-itanium", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-ixp4xx", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-kirkwood", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-mckinley", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-openvz-686", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-openvz-amd64", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-orion5x", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-powerpc", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-powerpc-smp", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-powerpc64", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-r4k-ip22", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-r5k-cobalt", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-r5k-ip32", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-s390x", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sb1-bcm91250a", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sb1a-bcm91480b", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sparc64", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-sparc64-smp", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-versatile", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-686", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-686-bigmem", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-amd64", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-itanium", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-mckinley", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-powerpc", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-powerpc64", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-s390x", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-sparc64", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-xen-686", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-xen-amd64", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-486", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-4kc-malta", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-5kc-malta", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686-bigmem", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686-bigmem-dbg", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-amd64", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-amd64-dbg", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-iop32x", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-itanium", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-ixp4xx", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-kirkwood", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-mckinley", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-686", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-686-dbg", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-amd64", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-amd64-dbg", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-orion5x", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-powerpc", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-powerpc-smp", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-powerpc64", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-r4k-ip22", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-r5k-cobalt", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-r5k-ip32", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-s390x", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-s390x-tape", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sb1-bcm91250a", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sb1a-bcm91480b", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sparc64", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-sparc64-smp", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-versatile", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686-bigmem", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686-bigmem-dbg", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-amd64", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-amd64-dbg", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-itanium", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-mckinley", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-powerpc", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-powerpc64", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-s390x", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-sparc64", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-686", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-686-dbg", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-amd64", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-amd64-dbg", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-libc-dev", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-manual-2.6.32", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-patch-debian-2.6.32", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-source-2.6.32", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-support-2.6.32-5", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"linux-tools-2.6.32", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"xen-linux-system-2.6.32-5-xen-686", reference:"2.6.32-48squeeze3")) flag++;
if (deb_check(release:"6.0", prefix:"xen-linux-system-2.6.32-5-xen-amd64", reference:"2.6.32-48squeeze3")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2013:1832-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(83603);
  script_version("2.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2009-4020", "CVE-2009-4067", "CVE-2010-3880", "CVE-2010-4249", "CVE-2011-1170", "CVE-2011-1171", "CVE-2011-1172", "CVE-2011-2203", "CVE-2011-2213", "CVE-2011-2484", "CVE-2011-2492", "CVE-2011-2494", "CVE-2011-2525", "CVE-2011-2534", "CVE-2011-2699", "CVE-2011-2928", "CVE-2011-3209", "CVE-2011-3363", "CVE-2011-4077", "CVE-2011-4110", "CVE-2011-4132", "CVE-2011-4324", "CVE-2011-4330", "CVE-2012-2136", "CVE-2012-3510", "CVE-2012-4444", "CVE-2012-4530", "CVE-2012-6537", "CVE-2012-6539", "CVE-2012-6540", "CVE-2012-6541", "CVE-2012-6542", "CVE-2012-6544", "CVE-2012-6545", "CVE-2012-6546", "CVE-2012-6547", "CVE-2012-6549", "CVE-2013-0160", "CVE-2013-0268", "CVE-2013-0871", "CVE-2013-0914", "CVE-2013-1827", "CVE-2013-1928", "CVE-2013-2141", "CVE-2013-2147", "CVE-2013-2164", "CVE-2013-2206", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2237", "CVE-2013-3222", "CVE-2013-3223", "CVE-2013-3224", "CVE-2013-3228", "CVE-2013-3229", "CVE-2013-3231", "CVE-2013-3232", "CVE-2013-3234", "CVE-2013-3235");
  script_bugtraq_id(44665, 45037, 46919, 46921, 48236, 48333, 48383, 48441, 48641, 48687, 48802, 49256, 49626, 50311, 50314, 50370, 50663, 50750, 50755, 50798, 53721, 55144, 55878, 56891, 57176, 57838, 57986, 58383, 58409, 58426, 58906, 58977, 58985, 58986, 58987, 58989, 58990, 58991, 58992, 58993, 58996, 59377, 59380, 59381, 59383, 59389, 59390, 59393, 59394, 59397, 60254, 60280, 60375, 60715, 60874, 60893, 60953);

  script_name(english:"SUSE SLES10 Security Update : kernel (SUSE-SU-2013:1832-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise Server 10 SP3 LTSS kernel received a roll up
update to fix lots of moderate security issues and several bugs.

The Following security issues have been fixed :

CVE-2012-4530: The load_script function in fs/binfmt_script.c in the
Linux kernel did not properly handle recursion, which allowed local
users to obtain sensitive information from kernel stack memory via a
crafted application.

CVE-2011-2494: kernel/taskstats.c in the Linux kernel
allowed local users to obtain sensitive I/O statistics by
sending taskstats commands to a netlink socket, as
demonstrated by discovering the length of another users
password.

CVE-2013-2234: The (1) key_notify_sa_flush and (2)
key_notify_policy_flush functions in net/key/af_key.c in the
Linux kernel did not initialize certain structure members,
which allowed local users to obtain sensitive information
from kernel heap memory by reading a broadcast message from
the notify interface of an IPSec key_socket.

CVE-2013-2237: The key_notify_policy_flush function in
net/key/af_key.c in the Linux kernel did not initialize a
certain structure member, which allowed local users to
obtain sensitive information from kernel heap memory by
reading a broadcast message from the notify_policy interface
of an IPSec key_socket.

CVE-2013-2147: The HP Smart Array controller disk-array
driver and Compaq SMART2 controller disk-array driver in the
Linux kernel did not initialize certain data structures,
which allowed local users to obtain sensitive information
from kernel memory via (1) a crafted IDAGETPCIINFO command
for a /dev/ida device, related to the ida_locked_ioctl
function in drivers/block/cpqarray.c or (2) a crafted
CCISS_PASSTHRU32 command for a /dev/cciss device, related to
the cciss_ioctl32_passthru function in
drivers/block/cciss.c.

CVE-2013-2141: The do_tkill function in kernel/signal.c in
the Linux kernel did not initialize a certain data
structure, which allowed local users to obtain sensitive
information from kernel memory via a crafted application
that makes a (1) tkill or (2) tgkill system call.

CVE-2013-0160: The Linux kernel allowed local users to
obtain sensitive information about keystroke timing by using
the inotify API on the /dev/ptmx device.

CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel did
not initialize certain structures, which allowed local users
to obtain sensitive information from kernel memory by
leveraging the CAP_NET_ADMIN capability.

CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c
in the Linux kernel did not initialize a certain length
variable, which allowed local users to obtain sensitive
information from kernel stack memory via a crafted recvmsg
or recvfrom system call.

CVE-2013-3223: The ax25_recvmsg function in
net/ax25/af_ax25.c in the Linux kernel did not initialize a
certain data structure, which allowed local users to obtain
sensitive information from kernel stack memory via a crafted
recvmsg or recvfrom system call.

CVE-2013-3224: The bt_sock_recvmsg function in
net/bluetooth/af_bluetooth.c in the Linux kernel did not
properly initialize a certain length variable, which allowed
local users to obtain sensitive information from kernel
stack memory via a crafted recvmsg or recvfrom system call.

CVE-2013-3228: The irda_recvmsg_dgram function in
net/irda/af_irda.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to obtain
sensitive information from kernel stack memory via a crafted
recvmsg or recvfrom system call.

CVE-2013-3229: The iucv_sock_recvmsg function in
net/iucv/af_iucv.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to obtain
sensitive information from kernel stack memory via a crafted
recvmsg or recvfrom system call.

CVE-2013-3231: The llc_ui_recvmsg function in
net/llc/af_llc.c in the Linux kernel did not initialize a
certain length variable, which allowed local users to obtain
sensitive information from kernel stack memory via a crafted
recvmsg or recvfrom system call.

CVE-2013-3232: The nr_recvmsg function in
net/netrom/af_netrom.c in the Linux kernel did not
initialize a certain data structure, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.

CVE-2013-3234: The rose_recvmsg function in
net/rose/af_rose.c in the Linux kernel did not initialize a
certain data structure, which allowed local users to obtain
sensitive information from kernel stack memory via a crafted
recvmsg or recvfrom system call.

CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not
initialize a certain data structure and a certain length
variable, which allowed local users to obtain sensitive
information from kernel stack memory via a crafted recvmsg
or recvfrom system call.

CVE-2013-1827: net/dccp/ccid.h in the Linux kernel allowed
local users to gain privileges or cause a denial of service
(NULL pointer dereference and system crash) by leveraging
the CAP_NET_ADMIN capability for a certain (1) sender or (2)
receiver getsockopt call.

CVE-2012-6549: The isofs_export_encode_fh function in
fs/isofs/export.c in the Linux kernel did not initialize a
certain structure member, which allowed local users to
obtain sensitive information from kernel heap memory via a
crafted application.

CVE-2012-6547: The __tun_chr_ioctl function in
drivers/net/tun.c in the Linux kernel did not initialize a
certain structure, which allowed local users to obtain
sensitive information from kernel stack memory via a crafted
application.

CVE-2012-6546: The ATM implementation in the Linux kernel
did not initialize certain structures, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted application.

CVE-2012-6544: The Bluetooth protocol stack in the Linux
kernel did not properly initialize certain structures, which
allowed local users to obtain sensitive information from
kernel stack memory via a crafted application that targets
the (1) L2CAP or (2) HCI implementation.

CVE-2012-6545: The Bluetooth RFCOMM implementation in the
Linux kernel did not properly initialize certain structures,
which allowed local users to obtain sensitive information
from kernel memory via a crafted application.

CVE-2012-6542: The llc_ui_getname function in
net/llc/af_llc.c in the Linux kernel had an incorrect return
value in certain circumstances, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted application that leverages an uninitialized pointer
argument.

CVE-2012-6541: The ccid3_hc_tx_getsockopt function in
net/dccp/ccids/ccid3.c in the Linux kernel did not
initialize a certain structure, which allowed local users to
obtain sensitive information from kernel stack memory via a
crafted application.

CVE-2012-6540: The do_ip_vs_get_ctl function in
net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel did not
initialize a certain structure for IP_VS_SO_GET_TIMEOUT
commands, which allowed local users to obtain sensitive
information from kernel stack memory via a crafted
application.

CVE-2013-0914: The flush_signal_handlers function in
kernel/signal.c in the Linux kernel preserved the value of
the sa_restorer field across an exec operation, which made
it easier for local users to bypass the ASLR protection
mechanism via a crafted application containing a sigaction
system call.

CVE-2011-2492: The bluetooth subsystem in the Linux kernel
did not properly initialize certain data structures, which
allowed local users to obtain potentially sensitive
information from kernel memory via a crafted getsockopt
system call, related to (1) the l2cap_sock_getsockopt_old
function in net/bluetooth/l2cap_sock.c and (2) the
rfcomm_sock_getsockopt_old function in
net/bluetooth/rfcomm/sock.c.

CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in
net/sctp/sm_statefuns.c in the SCTP implementation in the
Linux kernel did not properly handle associations during the
processing of a duplicate COOKIE ECHO chunk, which allowed
remote attackers to cause a denial of service (NULL pointer
dereference and system crash) or possibly have unspecified
other impact via crafted SCTP traffic.

CVE-2012-6539: The dev_ifconf function in net/socket.c in
the Linux kernel did not initialize a certain structure,
which allowed local users to obtain sensitive information
from kernel stack memory via a crafted application.

CVE-2013-2232: The ip6_sk_dst_check function in
net/ipv6/ip6_output.c in the Linux kernel allowed local
users to cause a denial of service (system crash) by using
an AF_INET6 socket for a connection to an IPv4 interface.

CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in
drivers/cdrom/cdrom.c in the Linux kernel allowed local
users to obtain sensitive information from kernel memory via
a read operation on a malfunctioning CD-ROM drive.

CVE-2012-4444: The ip6_frag_queue function in
net/ipv6/reassembly.c in the Linux kernel allowed remote
attackers to bypass intended network restrictions via
overlapping IPv6 fragments.

CVE-2013-1928: The do_video_set_spu_palette function in
fs/compat_ioctl.c in the Linux kernel on unspecified
architectures lacked a certain error check, which might have
allowed local users to obtain sensitive information from
kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE
ioctl call on a /dev/dvb device.

CVE-2013-0871: Race condition in the ptrace functionality in
the Linux kernel allowed local users to gain privileges via
a PTRACE_SETREGS ptrace system call in a crafted
application, as demonstrated by ptrace_death.

CVE-2013-0268: The msr_open function in
arch/x86/kernel/msr.c in the Linux kernel allowed local
users to bypass intended capability restrictions by
executing a crafted application as root, as demonstrated by
msr32.c.

CVE-2012-3510: Use-after-free vulnerability in the
xacct_add_tsk function in kernel/tsacct.c in the Linux
kernel allowed local users to obtain potentially sensitive
information from kernel memory or cause a denial of service
(system crash) via a taskstats TASKSTATS_CMD_ATTR_PID
command.

CVE-2011-4110: The user_update function in
security/keys/user_defined.c in the Linux kernel allowed
local users to cause a denial of service (NULL pointer
dereference and kernel oops) via vectors related to a
user-defined key and 'updating a negative key into a fully
instantiated key.'

CVE-2012-2136: The sock_alloc_send_pskb function in
net/core/sock.c in the Linux kernel did not properly
validate a certain length value, which allowed local users
to cause a denial of service (heap-based buffer overflow and
system crash) or possibly gain privileges by leveraging
access to a TUN/TAP device.

CVE-2009-4020: Stack-based buffer overflow in the hfs
subsystem in the Linux kernel allowed remote attackers to
have an unspecified impact via a crafted Hierarchical File
System (HFS) filesystem, related to the hfs_readdir function
in fs/hfs/dir.c.

CVE-2011-2928: The befs_follow_link function in
fs/befs/linuxvfs.c in the Linux kernel did not validate the
length attribute of long symlinks, which allowed local users
to cause a denial of service (incorrect pointer dereference
and OOPS) by accessing a long symlink on a malformed Be
filesystem.

CVE-2011-4077: Buffer overflow in the xfs_readlink function
in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel, when
CONFIG_XFS_DEBUG is disabled, allowed local users to cause a
denial of service (memory corruption and crash) and possibly
execute arbitrary code via an XFS image containing a
symbolic link with a long pathname.

CVE-2011-4324: The encode_share_access function in
fs/nfs/nfs4xdr.c in the Linux kernel allowed local users to
cause a denial of service (BUG and system crash) by using
the mknod system call with a pathname on an NFSv4
filesystem.

CVE-2011-4330: Stack-based buffer overflow in the
hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel
allowed local users to cause a denial of service (crash) and
possibly execute arbitrary code via an HFS image with a
crafted len field.

CVE-2011-1172: net/ipv6/netfilter/ip6_tables.c in the IPv6
implementation in the Linux kernel did not place the
expected 0 character at the end of string data in the values
of certain structure members, which allowed local users to
obtain potentially sensitive information from kernel memory
by leveraging the CAP_NET_ADMIN capability to issue a
crafted request, and then reading the argument to the
resulting modprobe process.

CVE-2011-2525: The qdisc_notify function in
net/sched/sch_api.c in the Linux kernel did not prevent
tc_fill_qdisc function calls referencing builtin (aka
CQ_F_BUILTIN) Qdisc structures, which allowed local users to
cause a denial of service (NULL pointer dereference and
OOPS) or possibly have unspecified other impact via a
crafted call.

CVE-2011-2699: The IPv6 implementation in the Linux kernel
did not generate Fragment Identification values separately
for each destination, which made it easier for remote
attackers to cause a denial of service (disrupted
networking) by predicting these values and sending crafted
packets.

CVE-2011-1171: net/ipv4/netfilter/ip_tables.c in the IPv4
implementation in the Linux kernel did not place the
expected 0 character at the end of string data in the values
of certain structure members, which allowed local users to
obtain potentially sensitive information from kernel memory
by leveraging the CAP_NET_ADMIN capability to issue a
crafted request, and then reading the argument to the
resulting modprobe process.

CVE-2011-1170: net/ipv4/netfilter/arp_tables.c in the IPv4
implementation in the Linux kernel did not place the
expected 0 character at the end of string data in the values
of certain structure members, which allowed local users to
obtain potentially sensitive information from kernel memory
by leveraging the CAP_NET_ADMIN capability to issue a
crafted request, and then reading the argument to the
resulting modprobe process.

CVE-2011-3209: The div_long_long_rem implementation in
include/asm-x86/div64.h in the Linux kernel on the x86
platform allowed local users to cause a denial of service
(Divide Error Fault and panic) via a clock_gettime system
call.

CVE-2011-2213: The inet_diag_bc_audit function in
net/ipv4/inet_diag.c in the Linux kernel did not properly
audit INET_DIAG bytecode, which allowed local users to cause
a denial of service (kernel infinite loop) via crafted
INET_DIAG_REQ_BYTECODE instructions in a netlink message, as
demonstrated by an INET_DIAG_BC_JMP instruction with a zero
yes value, a different vulnerability than CVE-2010-3880.

CVE-2011-2534: Buffer overflow in the clusterip_proc_write
function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux
kernel might have allowed local users to cause a denial of
service or have unspecified other impact via a crafted write
operation, related to string data that lacks a terminating 0
character.

CVE-2011-2699: The IPv6 implementation in the Linux kernel
did not generate Fragment Identification values separately
for each destination, which made it easier for remote
attackers to cause a denial of service (disrupted
networking) by predicting these values and sending crafted
packets.

CVE-2011-2203: The hfs_find_init function in the Linux
kernel allowed local users to cause a denial of service
(NULL pointer dereference and Oops) by mounting an HFS file
system with a malformed MDB extent record.

CVE-2009-4067: A USB string descriptor overflow in the
auerwald USB driver was fixed, which could be used by
physically proximate attackers to cause a kernel crash.

CVE-2011-3363: The setup_cifs_sb function in
fs/cifs/connect.c in the Linux kernel did not properly
handle DFS referrals, which allowed remote CIFS servers to
cause a denial of service (system crash) by placing a
referral at the root of a share.

CVE-2011-2484: The add_del_listener function in
kernel/taskstats.c in the Linux kernel did not prevent
multiple registrations of exit handlers, which allowed local
users to cause a denial of service (memory and CPU
consumption), and bypass the OOM Killer, via a crafted
application.

CVE-2011-4132: The cleanup_journal_tail function in the
Journaling Block Device (JBD) functionality in the Linux
kernel allowed local users to cause a denial of service
(assertion error and kernel oops) via an ext3 or ext4 image
with an 'invalid log first block value.'

CVE-2010-4249: The wait_for_unix_gc function in
net/unix/garbage.c in the Linux kernel before
2.6.37-rc3-next-20101125 does not properly select times for
garbage collection of inflight sockets, which allows local
users to cause a denial of service (system hang) via crafted
use of the socketpair and sendmsg system calls for
SOCK_SEQPACKET sockets.

The following bugs have been fixed :

patches.fixes/allow-executables-larger-than-2GB.patch: Allow
executables larger than 2GB (bnc#836856).

cio: prevent kernel panic after unexpected I/O interrupt
(bnc#649868,LTC#67975).

  - cio: Add timeouts for internal IO
    (bnc#701550,LTC#72691). kernel: first time swap use
    results in heavy swapping (bnc#701550,LTC#73132).

    qla2xxx: Do not be so verbose on underrun detected

    patches.arch/i386-run-tsc-calibration-5-times.patch: Fix
    the patch, the logic was wrong (bnc#537165, bnc#826551).

    xfs: Do not reclaim new inodes in xfs_sync_inodes()
    (bnc#770980 bnc#811752).

    kbuild: Fix gcc -x syntax (bnc#773831).

    e1000e: stop cleaning when we reach tx_ring->next_to_use
    (bnc#762825).

    Fix race condition about network device name allocation
    (bnc#747576).

    kdump: bootmem map over crash reserved region
    (bnc#749168, bnc#722400, bnc#742881).

    tcp: fix race condition leading to premature termination
    of sockets in FIN_WAIT2 state and connection being reset
    (bnc#745760)

    tcp: drop SYN+FIN messages (bnc#765102).

    net/linkwatch: Handle jiffies wrap-around (bnc#740131).

    patches.fixes/vm-dirty-bytes: Provide
    /proc/sys/vm/dirty_{background_,}bytes for tuning
    (bnc#727597).

    ipmi: Fix deadlock in start_next_msg() (bnc#730749).

    cpu-hotplug: release workqueue_mutex properly on CPU
    hot-remove (bnc#733407).

    libiscsi: handle init task failures (bnc#721351).

    NFS/sunrpc: do not use a credential with extra groups
    (bnc#725878).

    x86_64: fix reboot hang when 'reboot=b' is passed to the
    kernel (bnc#721267).

    nf_nat: do not add NAT extension for confirmed
    conntracks (bnc#709213).

    xfs: fix memory reclaim recursion deadlock on locked
    inode buffer (bnc#699355 bnc#699354 bnc#721830).

    ipmi: do not grab locks in run-to-completion mode
    (bnc#717421).

    cciss: do not attempt to read from a write-only register
    (bnc#683101).

    qla2xxx: Disable MSI-X initialization (bnc#693513).

    Allow balance_dirty_pages to help other filesystems
    (bnc#709369).

  - nfs: fix congestion control (bnc#709369).

  - NFS: Separate metadata and page cache revalidation
    mechanisms (bnc#709369). knfsd: nfsd4: fix laundromat
    shutdown race (bnc#752556).

    x87: Do not synchronize TSCs across cores if they
    already should be synchronized by HW (bnc#615418
    bnc#609220).

    reiserfs: Fix int overflow while calculating free space
    (bnc#795075).

    af_unix: limit recursion level (bnc#656153).

    bcm43xx: netlink deadlock fix (bnc#850241).

    jbd: Issue cache flush after checkpointing (bnc#731770).

    cfq: Fix infinite loop in cfq_preempt_queue()
    (bnc#724692).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://download.suse.com/patch/finder/?keywords=2edd49abdf9ae71916d1b5acb9177a75
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?84146da5"
  );
  # http://download.suse.com/patch/finder/?keywords=ab3d3594ee8b8099b9bc0f2a2095b6b6
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?63bff963"
  );
  # http://download.suse.com/patch/finder/?keywords=ffdbcc106c0e9486ae78943c42345dbd
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?c83cccb2"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2009-4020.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2009-4067.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-4249.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-1170.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-1171.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-1172.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-2203.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-2213.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-2484.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-2492.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-2494.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-2525.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-2534.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-2699.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-2928.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-3209.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-3363.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-4077.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-4110.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-4132.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-4324.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-4330.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-2136.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-3510.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4444.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4530.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6537.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6539.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6540.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6541.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6542.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6544.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6545.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6546.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6547.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6549.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0160.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0268.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0871.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0914.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1827.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1928.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2141.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2147.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2164.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2206.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2232.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2234.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2237.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3222.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3223.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3224.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3228.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3229.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3231.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3232.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3234.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3235.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/537165"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/609220"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/615418"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/649868"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/656153"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/681180"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/681181"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/681185"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/683101"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/693513"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/699354"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/699355"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/699709"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/700879"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/701550"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/702014"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/702037"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/703153"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/703156"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/706375"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/707288"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/709213"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/709369"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/713430"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/717421"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/718028"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/721267"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/721351"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/721830"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/722400"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/724692"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/725878"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/726064"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/726600"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/727597"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/730118"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/730749"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/731673"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/731770"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/732613"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/733407"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/734056"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/735612"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/740131"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/742881"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/745760"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/747576"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/749168"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/752556"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/760902"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/762825"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/765102"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/765320"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/770980"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/773831"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/776888"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/786013"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/789831"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/795075"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/797175"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/802642"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/804154"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/808827"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809889"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809891"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809892"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809893"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809894"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809898"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809899"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809900"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809901"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809903"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/811354"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/811752"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/813735"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/815745"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/816668"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/823260"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/823267"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/824295"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/826102"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/826551"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/827749"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/827750"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/828119"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/836856"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/850241"
  );
  # https://www.suse.com/support/update/announcement/2013/suse-su-20131832-1.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?a9303456"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel packages"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-bigsmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kdump");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kdumppae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vmi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vmipae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xenpae");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:10");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/12/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! ereg(pattern:"^(SLES10)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES10", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES10" && (! ereg(pattern:"^3$", string:sp))) audit(AUDIT_OS_NOT, "SLES10 SP3", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"kernel-debug-2.6.16.60-0.113.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"kernel-kdump-2.6.16.60-0.113.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"kernel-smp-2.6.16.60-0.113.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"kernel-xen-2.6.16.60-0.113.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"kernel-bigsmp-2.6.16.60-0.113.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"kernel-kdumppae-2.6.16.60-0.113.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"kernel-vmi-2.6.16.60-0.113.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"kernel-vmipae-2.6.16.60-0.113.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"x86_64", reference:"kernel-xenpae-2.6.16.60-0.113.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", reference:"kernel-default-2.6.16.60-0.113.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", reference:"kernel-source-2.6.16.60-0.113.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", reference:"kernel-syms-2.6.16.60-0.113.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"i586", reference:"kernel-debug-2.6.16.60-0.113.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"i586", reference:"kernel-kdump-2.6.16.60-0.113.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"i586", reference:"kernel-smp-2.6.16.60-0.113.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"i586", reference:"kernel-xen-2.6.16.60-0.113.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"i586", reference:"kernel-bigsmp-2.6.16.60-0.113.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"i586", reference:"kernel-kdumppae-2.6.16.60-0.113.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"i586", reference:"kernel-vmi-2.6.16.60-0.113.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"i586", reference:"kernel-vmipae-2.6.16.60-0.113.1")) flag++;
if (rpm_check(release:"SLES10", sp:"3", cpu:"i586", reference:"kernel-xenpae-2.6.16.60-0.113.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2014:0536-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(83618);
  script_version("2.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2011-2492", "CVE-2011-2494", "CVE-2012-6537", "CVE-2012-6539", "CVE-2012-6540", "CVE-2012-6541", "CVE-2012-6542", "CVE-2012-6544", "CVE-2012-6545", "CVE-2012-6546", "CVE-2012-6547", "CVE-2012-6549", "CVE-2013-0343", "CVE-2013-0914", "CVE-2013-1827", "CVE-2013-2141", "CVE-2013-2164", "CVE-2013-2206", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2237", "CVE-2013-2888", "CVE-2013-2893", "CVE-2013-2897", "CVE-2013-3222", "CVE-2013-3223", "CVE-2013-3224", "CVE-2013-3228", "CVE-2013-3229", "CVE-2013-3231", "CVE-2013-3232", "CVE-2013-3234", "CVE-2013-3235", "CVE-2013-4162", "CVE-2013-4387", "CVE-2013-4470", "CVE-2013-4483", "CVE-2013-4588", "CVE-2013-6383", "CVE-2014-1444", "CVE-2014-1445", "CVE-2014-1446");
  script_bugtraq_id(48441, 50314, 58383, 58409, 58426, 58795, 58977, 58985, 58986, 58987, 58989, 58990, 58991, 58992, 58993, 58996, 59377, 59380, 59381, 59383, 59389, 59390, 59393, 59394, 59397, 60254, 60375, 60715, 60874, 60893, 60953, 61411, 62043, 62044, 62050, 62696, 63359, 63445, 63744, 63888, 64952, 64953, 64954);

  script_name(english:"SUSE SLES10 Security Update : kernel (SUSE-SU-2014:0536-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The SUSE Linux Enterprise Server 10 Service Pack 4 LTSS kernel has
been updated to fix various security issues and several bugs.

The following security issues have been addressed :

CVE-2011-2492: The bluetooth subsystem in the Linux kernel before
3.0-rc4 does not properly initialize certain data structures, which
allows local users to obtain potentially sensitive information from
kernel memory via a crafted getsockopt system call, related to (1) the
l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and
(2) the rfcomm_sock_getsockopt_old function in
net/bluetooth/rfcomm/sock.c. (bnc#702014)

CVE-2011-2494: kernel/taskstats.c in the Linux kernel before
3.1 allows local users to obtain sensitive I/O statistics by
sending taskstats commands to a netlink socket, as
demonstrated by discovering the length of another user's
password. (bnc#703156)

CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel
before 3.6 does not initialize certain structures, which
allows local users to obtain sensitive information from
kernel memory by leveraging the CAP_NET_ADMIN capability.
(bnc#809889)

CVE-2012-6539: The dev_ifconf function in net/socket.c in
the Linux kernel before 3.6 does not initialize a certain
structure, which allows local users to obtain sensitive
information from kernel stack memory via a crafted
application. (bnc#809891)

CVE-2012-6540: The do_ip_vs_get_ctl function in
net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before
3.6 does not initialize a certain structure for
IP_VS_SO_GET_TIMEOUT commands, which allows local users to
obtain sensitive information from kernel stack memory via a
crafted application. (bnc#809892)

CVE-2012-6541: The ccid3_hc_tx_getsockopt function in
net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does
not initialize a certain structure, which allows local users
to obtain sensitive information from kernel stack memory via
a crafted application. (bnc#809893)

CVE-2012-6542: The llc_ui_getname function in
net/llc/af_llc.c in the Linux kernel before 3.6 has an
incorrect return value in certain circumstances, which
allows local users to obtain sensitive information from
kernel stack memory via a crafted application that leverages
an uninitialized pointer argument. (bnc#809894)

CVE-2012-6544: The Bluetooth protocol stack in the Linux
kernel before 3.6 does not properly initialize certain
structures, which allows local users to obtain sensitive
information from kernel stack memory via a crafted
application that targets the (1) L2CAP or (2) HCI
implementation. (bnc#809898)

CVE-2012-6545: The Bluetooth RFCOMM implementation in the
Linux kernel before 3.6 does not properly initialize certain
structures, which allows local users to obtain sensitive
information from kernel memory via a crafted application.
(bnc#809899)

CVE-2012-6546: The ATM implementation in the Linux kernel
before 3.6 does not initialize certain structures, which
allows local users to obtain sensitive information from
kernel stack memory via a crafted application. (bnc#809900)

CVE-2012-6547: The __tun_chr_ioctl function in
drivers/net/tun.c in the Linux kernel before 3.6 does not
initialize a certain structure, which allows local users to
obtain sensitive information from kernel stack memory via a
crafted application. (bnc#809901)

CVE-2012-6549: The isofs_export_encode_fh function in
fs/isofs/export.c in the Linux kernel before 3.6 does not
initialize a certain structure member, which allows local
users to obtain sensitive information from kernel heap
memory via a crafted application. (bnc#809903)

CVE-2013-0343: The ipv6_create_tempaddr function in
net/ipv6/addrconf.c in the Linux kernel through 3.8 does not
properly handle problems with the generation of IPv6
temporary addresses, which allows remote attackers to cause
a denial of service (excessive retries and
address-generation outage), and consequently obtain
sensitive information, via ICMPv6 Router Advertisement (RA)
messages. (bnc#805226)

CVE-2013-0914: The flush_signal_handlers function in
kernel/signal.c in the Linux kernel before 3.8.4 preserves
the value of the sa_restorer field across an exec operation,
which makes it easier for local users to bypass the ASLR
protection mechanism via a crafted application containing a
sigaction system call. (bnc#808827)

CVE-2013-1827: net/dccp/ccid.h in the Linux kernel before
3.5.4 allows local users to gain privileges or cause a
denial of service (NULL pointer dereference and system
crash) by leveraging the CAP_NET_ADMIN capability for a
certain (1) sender or (2) receiver getsockopt call.
(bnc#811354)

CVE-2013-2141: The do_tkill function in kernel/signal.c in
the Linux kernel before 3.8.9 does not initialize a certain
data structure, which allows local users to obtain sensitive
information from kernel memory via a crafted application
that makes a (1) tkill or (2) tgkill system call.
(bnc#823267)

CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in
drivers/cdrom/cdrom.c in the Linux kernel through 3.10
allows local users to obtain sensitive information from
kernel memory via a read operation on a malfunctioning
CD-ROM drive. (bnc#824295)

CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in
net/sctp/sm_statefuns.c in the SCTP implementation in the
Linux kernel before 3.8.5 does not properly handle
associations during the processing of a duplicate COOKIE
ECHO chunk, which allows remote attackers to cause a denial
of service (NULL pointer dereference and system crash) or
possibly have unspecified other impact via crafted SCTP
traffic. (bnc#826102)

CVE-2013-2232: The ip6_sk_dst_check function in
net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows
local users to cause a denial of service (system crash) by
using an AF_INET6 socket for a connection to an IPv4
interface. (bnc#827750)

CVE-2013-2234: The (1) key_notify_sa_flush and (2)
key_notify_policy_flush functions in net/key/af_key.c in the
Linux kernel before 3.10 do not initialize certain structure
members, which allows local users to obtain sensitive
information from kernel heap memory by reading a broadcast
message from the notify interface of an IPSec key_socket.
(bnc#827749)

CVE-2013-2237: The key_notify_policy_flush function in
net/key/af_key.c in the Linux kernel before 3.9 does not
initialize a certain structure member, which allows local
users to obtain sensitive information from kernel heap
memory by reading a broadcast message from the notify_policy
interface of an IPSec key_socket. (bnc#828119)

CVE-2013-2888: Multiple array index errors in
drivers/hid/hid-core.c in the Human Interface Device (HID)
subsystem in the Linux kernel through 3.11 allow physically
proximate attackers to execute arbitrary code or cause a
denial of service (heap memory corruption) via a crafted
device that provides an invalid Report ID. (bnc#835839)

CVE-2013-2893: The Human Interface Device (HID) subsystem in
the Linux kernel through 3.11, when CONFIG_LOGITECH_FF,
CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled,
allows physically proximate attackers to cause a denial of
service (heap-based out-of-bounds write) via a crafted
device, related to (1) drivers/hid/hid-lgff.c, (2)
drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c.
(bnc#835839)

CVE-2013-2897: Multiple array index errors in
drivers/hid/hid-multitouch.c in the Human Interface Device
(HID) subsystem in the Linux kernel through 3.11, when
CONFIG_HID_MULTITOUCH is enabled, allow physically proximate
attackers to cause a denial of service (heap memory
corruption, or NULL pointer dereference and OOPS) via a
crafted device. (bnc#835839)

CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c
in the Linux kernel before 3.9-rc7 does not initialize a
certain length variable, which allows local users to obtain
sensitive information from kernel stack memory via a crafted
recvmsg or recvfrom system call. (bnc#816668)

CVE-2013-3223: The ax25_recvmsg function in
net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does
not initialize a certain data structure, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3224: The bt_sock_recvmsg function in
net/bluetooth/af_bluetooth.c in the Linux kernel before
3.9-rc7 does not properly initialize a certain length
variable, which allows local users to obtain sensitive
information from kernel stack memory via a crafted recvmsg
or recvfrom system call. (bnc#816668)

CVE-2013-3228: The irda_recvmsg_dgram function in
net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does
not initialize a certain length variable, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3229: The iucv_sock_recvmsg function in
net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does
not initialize a certain length variable, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3231: The llc_ui_recvmsg function in
net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not
initialize a certain length variable, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3232: The nr_recvmsg function in
net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7
does not initialize a certain data structure, which allows
local users to obtain sensitive information from kernel
stack memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3234: The rose_recvmsg function in
net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does
not initialize a certain data structure, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3235: net/tipc/socket.c in the Linux kernel before
3.9-rc7 does not initialize a certain data structure and a
certain length variable, which allows local users to obtain
sensitive information from kernel stack memory via a crafted
recvmsg or recvfrom system call. (bnc#816668)

CVE-2013-4162: The udp_v6_push_pending_frames function in
net/ipv6/udp.c in the IPv6 implementation in the Linux
kernel through 3.10.3 makes an incorrect function call for
pending data, which allows local users to cause a denial of
service (BUG and system crash) via a crafted application
that uses the UDP_CORK option in a setsockopt system call.
(bnc#831058)

CVE-2013-4387: net/ipv6/ip6_output.c in the Linux kernel
through 3.11.4 does not properly determine the need for UDP
Fragmentation Offload (UFO) processing of small packets
after the UFO queueing of a large packet, which allows
remote attackers to cause a denial of service (memory
corruption and system crash) or possibly have unspecified
other impact via network traffic that triggers a large
response packet. (bnc#843430)

CVE-2013-4470: The Linux kernel before 3.12, when UDP
Fragmentation Offload (UFO) is enabled, does not properly
initialize certain data structures, which allows local users
to cause a denial of service (memory corruption and system
crash) or possibly gain privileges via a crafted application
that uses the UDP_CORK option in a setsockopt system call
and sends both short and long packets, related to the
ip_ufo_append_data function in net/ipv4/ip_output.c and the
ip6_ufo_append_data function in net/ipv6/ip6_output.c.
(bnc#847672)

CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in
the Linux kernel before 3.10 does not properly manage a
reference count, which allows local users to cause a denial
of service (memory consumption or system crash) via a
crafted application. (bnc#848321)

CVE-2013-4588: Multiple stack-based buffer overflows in
net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before
2.6.33, when CONFIG_IP_VS is used, allow local users to gain
privileges by leveraging the CAP_NET_ADMIN capability for
(1) a getsockopt system call, related to the
do_ip_vs_get_ctl function, or (2) a setsockopt system call,
related to the do_ip_vs_set_ctl function. (bnc#851095)

CVE-2013-6383: The aac_compat_ioctl function in
drivers/scsi/aacraid/linit.c in the Linux kernel before
3.11.8 does not require the CAP_SYS_RAWIO capability, which
allows local users to bypass intended access restrictions
via a crafted ioctl call. (bnc#852558)

CVE-2014-1444: The fst_get_iface function in
drivers/net/wan/farsync.c in the Linux kernel before 3.11.7
does not properly initialize a certain data structure, which
allows local users to obtain sensitive information from
kernel memory by leveraging the CAP_NET_ADMIN capability for
an SIOCWANDEV ioctl call. (bnc#858869)

CVE-2014-1445: The wanxl_ioctl function in
drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7
does not properly initialize a certain data structure, which
allows local users to obtain sensitive information from
kernel memory via an ioctl call. (bnc#858870)

CVE-2014-1446: The yam_ioctl function in
drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8
does not initialize a certain structure member, which allows
local users to obtain sensitive information from kernel
memory by leveraging the CAP_NET_ADMIN capability for an
SIOCYAMGCFG ioctl call. (bnc#858872)

Also the following non-security bugs have been fixed :

  - kernel: Remove newline from execve audit log
    (bnc#827855).

  - kernel: sclp console hangs (bnc#830344, LTC#95711).

  - kernel: fix flush_tlb_kernel_range (bnc#825052,
    LTC#94745). kernel: lost IPIs on CPU hotplug
    (bnc#825052, LTC#94784).

    sctp: deal with multiple COOKIE_ECHO chunks
    (bnc#826102).

  - net: Uninline kfree_skb and allow NULL argument
    (bnc#853501).

  - netback: don't disconnect frontend when seeing oversize
    packet. netfront: reduce gso_max_size to account for max
    TCP header.

    fs/dcache: Avoid race in d_splice_alias and vfs_rmdir
    (bnc#845028).

  - fs/proc: proc_task_lookup() fix memory pinning
    (bnc#827362 bnc#849765).

  - blkdev_max_block: make private to fs/buffer.c
    (bnc#820338).

  - vfs: avoid 'attempt to access beyond end of device'
    warnings (bnc#820338).

  - vfs: fix O_DIRECT read past end of block device
    (bnc#820338).

  - cifs: don't use CIFSGetSrvInodeNumber in
    is_path_accessible (bnc#832603).

  - xfs: Fix kABI breakage caused by AIL list transformation
    (bnc#806219).

  - xfs: Replace custom AIL linked-list code with struct
    list_head (bnc#806219).

  - reiserfs: fix problems with chowning setuid file w/
    xattrs (bnc#790920).

  - reiserfs: fix spurious multiple-fill in
    reiserfs_readdir_dentry (bnc#822722). jbd: Fix forever
    sleeping process in do_get_write_access() (bnc#827983).

    HID: check for NULL field when setting values
    (bnc#835839).

  - HID: provide a helper for validating hid reports
    (bnc#835839).

  - bcm43xx: netlink deadlock fix (bnc#850241).

  - bnx2: Close device if tx_timeout reset fails
    (bnc#857597).

  - xfrm: invalidate dst on policy insertion/deletion
    (bnc#842239).

  - xfrm: prevent ipcomp scratch buffer race condition
    (bnc#842239).

  - lpfc: Update to 8.2.0.106 (bnc#798050).

  - Make lpfc task management timeout configurable
    (bnc#798050).

  - dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050).

  - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset
    (bnc#798050).

  - advansys: Remove 'last_reset' references (bnc#798050).

  - tmscsim: Move 'last_reset' into host structure
    (bnc#798050). dc395: Move 'last_reset' into internal
    host structure (bnc#798050).

    scsi: remove check for 'resetting' (bnc#798050).

  - scsi: Allow error handling timeout to be specified
    (bnc#798050).

  - scsi: Eliminate error handler overload of the SCSI
    serial number (bnc#798050).

  - scsi: Reduce sequential pointer derefs in scsi_error.c
    and reduce size as well (bnc#798050).

  - scsi: Reduce error recovery time by reducing use of TURs
    (bnc#798050).

  - scsi: fix eh wakeup (scsi_schedule_eh vs
    scsi_restart_operations)

  - scsi: cleanup setting task state in scsi_error_handler()
    (bnc#798050).

  - scsi: Add 'eh_deadline' to limit SCSI EH runtime
    (bnc#798050).

  - scsi: Fixup compilation warning (bnc#798050).

  - scsi: fc class: fix scanning when devs are offline
    (bnc#798050).

  - scsi: Warn on invalid command completion (bnc#798050).

  - scsi: Retry failfast commands after EH (bnc#798050).

  - scsi: kABI fixes (bnc#798050).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://download.suse.com/patch/finder/?keywords=bd99d2fcd47fefd9c76757c1e9e1cccb
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?f2aa0bd1"
  );
  # http://download.suse.com/patch/finder/?keywords=d046a694b83b003f9bb6b21b6c0e8e6f
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?978cc4de"
  );
  # http://download.suse.com/patch/finder/?keywords=e59a3c9997ba1bed5bbf01d34d34a3d7
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3d3e6e8e"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-2492.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-2494.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6537.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6539.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6540.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6541.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6542.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6544.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6545.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6546.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6547.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6549.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0343.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0914.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1827.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2141.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2164.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2206.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2232.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2234.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2237.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2888.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2893.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2897.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3222.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3223.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3224.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3228.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3229.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3231.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3232.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3234.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3235.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4162.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4387.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4470.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4483.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4588.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6383.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1444.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1445.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1446.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/702014"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/703156"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/790920"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/798050"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/805226"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/806219"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/808827"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809889"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809891"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809892"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809893"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809894"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809898"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809899"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809900"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809901"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809903"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/811354"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/816668"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/820338"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/822722"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/823267"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/824295"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/825052"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/826102"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/826551"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/827362"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/827749"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/827750"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/827855"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/827983"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/828119"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/830344"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/831058"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/832603"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/835839"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/842239"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/843430"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/845028"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/847672"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/848321"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849765"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/850241"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/851095"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/852558"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/853501"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/857597"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/858869"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/858870"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/858872"
  );
  # https://www.suse.com/support/update/announcement/2014/suse-su-20140536-1.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?df916a1b"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel packages"
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-bigsmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kdump");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kdumppae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vmi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vmipae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xenpae");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:10");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/04/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! ereg(pattern:"^(SLES10)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES10", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES10" && (! ereg(pattern:"^4$", string:sp))) audit(AUDIT_OS_NOT, "SLES10 SP4", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-debug-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-kdump-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-smp-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-xen-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-bigsmp-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-kdumppae-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-vmi-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-vmipae-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-xenpae-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", reference:"kernel-default-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", reference:"kernel-source-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", reference:"kernel-syms-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-debug-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-kdump-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-smp-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-xen-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-bigsmp-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-kdumppae-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-vmi-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-vmipae-2.6.16.60-0.105.1")) flag++;
if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-xenpae-2.6.16.60-0.105.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}

#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2014:0287-1.
# The text itself is copyright (C) SUSE.
#

include("compat.inc");

if (description)
{
  script_id(83611);
  script_version("2.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");

  script_cve_id("CVE-2011-1083", "CVE-2011-3593", "CVE-2012-1601", "CVE-2012-2137", "CVE-2012-2372", "CVE-2012-2745", "CVE-2012-3375", "CVE-2012-3412", "CVE-2012-3430", "CVE-2012-3511", "CVE-2012-4444", "CVE-2012-4530", "CVE-2012-4565", "CVE-2012-6537", "CVE-2012-6538", "CVE-2012-6539", "CVE-2012-6540", "CVE-2012-6541", "CVE-2012-6542", "CVE-2012-6544", "CVE-2012-6545", "CVE-2012-6546", "CVE-2012-6547", "CVE-2012-6548", "CVE-2012-6549", "CVE-2013-0160", "CVE-2013-0216", "CVE-2013-0231", "CVE-2013-0268", "CVE-2013-0310", "CVE-2013-0343", "CVE-2013-0349", "CVE-2013-0871", "CVE-2013-0914", "CVE-2013-1767", "CVE-2013-1773", "CVE-2013-1774", "CVE-2013-1792", "CVE-2013-1796", "CVE-2013-1797", "CVE-2013-1798", "CVE-2013-1827", "CVE-2013-1928", "CVE-2013-1943", "CVE-2013-2015", "CVE-2013-2141", "CVE-2013-2147", "CVE-2013-2164", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2237", "CVE-2013-2634", "CVE-2013-2851", "CVE-2013-2852", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2892", "CVE-2013-2893", "CVE-2013-2897", "CVE-2013-2929", "CVE-2013-3222", "CVE-2013-3223", "CVE-2013-3224", "CVE-2013-3225", "CVE-2013-3228", "CVE-2013-3229", "CVE-2013-3231", "CVE-2013-3232", "CVE-2013-3234", "CVE-2013-3235", "CVE-2013-4345", "CVE-2013-4470", "CVE-2013-4483", "CVE-2013-4511", "CVE-2013-4587", "CVE-2013-4588", "CVE-2013-4591", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6378", "CVE-2013-6383", "CVE-2014-1444", "CVE-2014-1445", "CVE-2014-1446");
  script_bugtraq_id(46630, 50767, 53488, 54062, 54063, 54283, 54365, 54702, 54763, 55151, 55878, 56346, 56891, 57176, 57740, 57743, 57838, 57986, 58052, 58112, 58177, 58200, 58202, 58368, 58383, 58409, 58426, 58597, 58604, 58605, 58607, 58795, 58906, 58977, 58978, 58985, 58986, 58987, 58989, 58990, 58991, 58992, 58993, 58994, 58996, 59377, 59380, 59381, 59383, 59385, 59389, 59390, 59393, 59394, 59397, 59512, 60254, 60280, 60375, 60409, 60410, 60466, 60874, 60893, 60953, 62042, 62043, 62044, 62049, 62050, 62740, 63359, 63445, 63512, 63744, 63791, 63886, 63888, 64111, 64270, 64291, 64328, 64952, 64953, 64954);

  script_name(english:"SUSE SLES11 Security Update : kernel (SUSE-SU-2014:0287-1)");
  script_summary(english:"Checks rpm output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SUSE host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update to
fix a lot of security issues and non-security bugs.

The following security bugs have been fixed :

CVE-2011-3593: A certain Red Hat patch to the vlan_hwaccel_do_receive
function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red
Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a
denial of service (system crash) via priority-tagged VLAN frames.
(bnc#735347)

CVE-2012-1601: The KVM implementation in the Linux kernel
before 3.3.6 allows host OS users to cause a denial of
service (NULL pointer dereference and host OS crash) by
making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU
already exists. (bnc#754898)

CVE-2012-2137: Buffer overflow in virt/kvm/irq_comm.c in the
KVM subsystem in the Linux kernel before 3.2.24 allows local
users to cause a denial of service (crash) and possibly
execute arbitrary code via vectors related to Message
Signaled Interrupts (MSI), irq routing entries, and an
incorrect check by the setup_routing_entry function before
invoking the kvm_set_irq function. (bnc#767612)

CVE-2012-2372: The rds_ib_xmit function in net/rds/ib_send.c
in the Reliable Datagram Sockets (RDS) protocol
implementation in the Linux kernel 3.7.4 and earlier allows
local users to cause a denial of service (BUG_ON and kernel
panic) by establishing an RDS connection with the source IP
address equal to the IPoIB interfaces own IP address, as
demonstrated by rds-ping. (bnc#767610)

CVE-2012-2745: The copy_creds function in kernel/cred.c in
the Linux kernel before 3.3.2 provides an invalid
replacement session keyring to a child process, which allows
local users to cause a denial of service (panic) via a
crafted application that uses the fork system call.
(bnc#770695)

CVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c
in the Linux kernel before 3.2.24 does not properly handle
ELOOP errors in EPOLL_CTL_ADD operations, which allows local
users to cause a denial of service (file-descriptor
consumption and system crash) via a crafted application that
attempts to create a circular epoll dependency. NOTE: this
vulnerability exists because of an incorrect fix for
CVE-2011-1083. (bnc#769896)

CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in
the Linux kernel before 3.2.30 allows remote attackers to
cause a denial of service (DMA descriptor consumption and
network-controller outage) via crafted TCP packets that
trigger a small MSS value. (bnc#774523)

CVE-2012-3430: The rds_recvmsg function in net/rds/recv.c in
the Linux kernel before 3.0.44 does not initialize a certain
structure member, which allows local users to obtain
potentially sensitive information from kernel stack memory
via a (1) recvfrom or (2) recvmsg system call on an RDS
socket. (bnc#773383)

CVE-2012-3511: Multiple race conditions in the
madvise_remove function in mm/madvise.c in the Linux kernel
before 3.4.5 allow local users to cause a denial of service
(use-after-free and system crash) via vectors involving a
(1) munmap or (2) close system call. (bnc#776885)

CVE-2012-4444: The ip6_frag_queue function in
net/ipv6/reassembly.c in the Linux kernel before 2.6.36
allows remote attackers to bypass intended network
restrictions via overlapping IPv6 fragments. (bnc#789831)

CVE-2012-4530: The load_script function in
fs/binfmt_script.c in the Linux kernel before 3.7.2 does not
properly handle recursion, which allows local users to
obtain sensitive information from kernel stack memory via a
crafted application. (bnc#786013)

CVE-2012-4565: The tcp_illinois_info function in
net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19,
when the net.ipv4.tcp_congestion_control illinois setting is
enabled, allows local users to cause a denial of service
(divide-by-zero error and OOPS) by reading TCP stats.
(bnc#787576)

CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel
before 3.6 does not initialize certain structures, which
allows local users to obtain sensitive information from
kernel memory by leveraging the CAP_NET_ADMIN capability.
(bnc#809889)

CVE-2012-6538: The copy_to_user_auth function in
net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an
incorrect C library function for copying a string, which
allows local users to obtain sensitive information from
kernel heap memory by leveraging the CAP_NET_ADMIN
capability. (bnc#809889)

CVE-2012-6539: The dev_ifconf function in net/socket.c in
the Linux kernel before 3.6 does not initialize a certain
structure, which allows local users to obtain sensitive
information from kernel stack memory via a crafted
application. (bnc#809891)

CVE-2012-6540: The do_ip_vs_get_ctl function in
net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before
3.6 does not initialize a certain structure for
IP_VS_SO_GET_TIMEOUT commands, which allows local users to
obtain sensitive information from kernel stack memory via a
crafted application. (bnc#809892)

CVE-2012-6541: The ccid3_hc_tx_getsockopt function in
net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does
not initialize a certain structure, which allows local users
to obtain sensitive information from kernel stack memory via
a crafted application. (bnc#809893)

CVE-2012-6542: The llc_ui_getname function in
net/llc/af_llc.c in the Linux kernel before 3.6 has an
incorrect return value in certain circumstances, which
allows local users to obtain sensitive information from
kernel stack memory via a crafted application that leverages
an uninitialized pointer argument. (bnc#809894)

CVE-2012-6544: The Bluetooth protocol stack in the Linux
kernel before 3.6 does not properly initialize certain
structures, which allows local users to obtain sensitive
information from kernel stack memory via a crafted
application that targets the (1) L2CAP or (2) HCI
implementation. (bnc#809898)

CVE-2012-6545: The Bluetooth RFCOMM implementation in the
Linux kernel before 3.6 does not properly initialize certain
structures, which allows local users to obtain sensitive
information from kernel memory via a crafted application.
(bnc#809899)

CVE-2012-6546: The ATM implementation in the Linux kernel
before 3.6 does not initialize certain structures, which
allows local users to obtain sensitive information from
kernel stack memory via a crafted application. (bnc#809900)

CVE-2012-6547: The __tun_chr_ioctl function in
drivers/net/tun.c in the Linux kernel before 3.6 does not
initialize a certain structure, which allows local users to
obtain sensitive information from kernel stack memory via a
crafted application. (bnc#809901)

CVE-2012-6548: The udf_encode_fh function in fs/udf/namei.c
in the Linux kernel before 3.6 does not initialize a certain
structure member, which allows local users to obtain
sensitive information from kernel heap memory via a crafted
application. (bnc#809902)

CVE-2012-6549: The isofs_export_encode_fh function in
fs/isofs/export.c in the Linux kernel before 3.6 does not
initialize a certain structure member, which allows local
users to obtain sensitive information from kernel heap
memory via a crafted application. (bnc#809903)

CVE-2013-0160: The Linux kernel through 3.7.9 allows local
users to obtain sensitive information about keystroke timing
by using the inotify API on the /dev/ptmx device.
(bnc#797175)

CVE-2013-0216: The Xen netback functionality in the Linux
kernel before 3.7.8 allows guest OS users to cause a denial
of service (loop) by triggering ring pointer corruption.
(bnc#800280)(XSA-39)

CVE-2013-0231: The pciback_enable_msi function in the PCI
backend driver
(drivers/xen/pciback/conf_space_capability_msi.c) in Xen for
the Linux kernel 2.6.18 and 3.8 allows guest OS users with
PCI device access to cause a denial of service via a large
number of kernel log messages. NOTE: some of these details
are obtained from third-party information.
(bnc#801178)(XSA-43)

CVE-2013-0268: The msr_open function in
arch/x86/kernel/msr.c in the Linux kernel before 3.7.6
allows local users to bypass intended capability
restrictions by executing a crafted application as root, as
demonstrated by msr32.c. (bnc#802642)

CVE-2013-0310: The cipso_v4_validate function in
net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8
allows local users to cause a denial of service (NULL
pointer dereference and system crash) or possibly have
unspecified other impact via an IPOPT_CIPSO IP_OPTIONS
setsockopt system call. (bnc#804653)

CVE-2013-0343: The ipv6_create_tempaddr function in
net/ipv6/addrconf.c in the Linux kernel through 3.8 does not
properly handle problems with the generation of IPv6
temporary addresses, which allows remote attackers to cause
a denial of service (excessive retries and
address-generation outage), and consequently obtain
sensitive information, via ICMPv6 Router Advertisement (RA)
messages. (bnc#805226)

CVE-2013-0349: The hidp_setup_hid function in
net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6
does not properly copy a certain name field, which allows
local users to obtain sensitive information from kernel
memory by setting a long name and making an HIDPCONNADD
ioctl call. (bnc#805227)

CVE-2013-0871: Race condition in the ptrace functionality in
the Linux kernel before 3.7.5 allows local users to gain
privileges via a PTRACE_SETREGS ptrace system call in a
crafted application, as demonstrated by ptrace_death.
(bnc#804154)

CVE-2013-0914: The flush_signal_handlers function in
kernel/signal.c in the Linux kernel before 3.8.4 preserves
the value of the sa_restorer field across an exec operation,
which makes it easier for local users to bypass the ASLR
protection mechanism via a crafted application containing a
sigaction system call. (bnc#808827)

CVE-2013-1767: Use-after-free vulnerability in the
shmem_remount_fs function in mm/shmem.c in the Linux kernel
before 3.7.10 allows local users to gain privileges or cause
a denial of service (system crash) by remounting a tmpfs
filesystem without specifying a required mpol (aka
mempolicy) mount option. (bnc#806138)

CVE-2013-1773: Buffer overflow in the VFAT filesystem
implementation in the Linux kernel before 3.3 allows local
users to gain privileges or cause a denial of service
(system crash) via a VFAT write operation on a filesystem
with the utf8 mount option, which is not properly handled
during UTF-8 to UTF-16 conversion. (bnc#806977)

CVE-2013-1774: The chase_port function in
drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4
allows local users to cause a denial of service (NULL
pointer dereference and system crash) via an attempted
/dev/ttyUSB read or write operation on a disconnected
Edgeport USB serial converter. (bnc#806976)

CVE-2013-1792: Race condition in the install_user_keyrings
function in security/keys/process_keys.c in the Linux kernel
before 3.8.3 allows local users to cause a denial of service
(NULL pointer dereference and system crash) via crafted
keyctl system calls that trigger keyring operations in
simultaneous threads. (bnc#808358)

CVE-2013-1796: The kvm_set_msr_common function in
arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does
not ensure a required time_page alignment during an
MSR_KVM_SYSTEM_TIME operation, which allows guest OS users
to cause a denial of service (buffer overflow and host OS
memory corruption) or possibly have unspecified other impact
via a crafted application. (bnc#806980)

CVE-2013-1797: Use-after-free vulnerability in
arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows
guest OS users to cause a denial of service (host OS memory
corruption) or possibly have unspecified other impact via a
crafted application that triggers use of a guest physical
address (GPA) in (1) movable or (2) removable memory during
an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.
(bnc#806980)

CVE-2013-1798: The ioapic_read_indirect function in
virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not
properly handle a certain combination of invalid
IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which
allows guest OS users to obtain sensitive information from
host OS memory or cause a denial of service (host OS OOPS)
via a crafted application. (bnc#806980)

CVE-2013-1827: net/dccp/ccid.h in the Linux kernel before
3.5.4 allows local users to gain privileges or cause a
denial of service (NULL pointer dereference and system
crash) by leveraging the CAP_NET_ADMIN capability for a
certain (1) sender or (2) receiver getsockopt call.
(bnc#811354)

CVE-2013-1928: The do_video_set_spu_palette function in
fs/compat_ioctl.c in the Linux kernel before 3.6.5 on
unspecified architectures lacks a certain error check, which
might allow local users to obtain sensitive information from
kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE
ioctl call on a /dev/dvb device. (bnc#813735)

CVE-2013-1943: The KVM subsystem in the Linux kernel before
3.0 does not check whether kernel addresses are specified
during allocation of memory slots for use in a guests
physical address space, which allows local users to gain
privileges or obtain sensitive information from kernel
memory via a crafted application, related to
arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c.
(bnc#828012)

CVE-2013-2015: The ext4_orphan_del function in
fs/ext4/namei.c in the Linux kernel before 3.7.3 does not
properly handle orphan-list entries for non-journal
filesystems, which allows physically proximate attackers to
cause a denial of service (system hang) via a crafted
filesystem on removable media, as demonstrated by the
e2fsprogs tests/f_orphan_extents_inode/image.gz test.
(bnc#817377)

CVE-2013-2141: The do_tkill function in kernel/signal.c in
the Linux kernel before 3.8.9 does not initialize a certain
data structure, which allows local users to obtain sensitive
information from kernel memory via a crafted application
that makes a (1) tkill or (2) tgkill system call.
(bnc#823267)

CVE-2013-2147: The HP Smart Array controller disk-array
driver and Compaq SMART2 controller disk-array driver in the
Linux kernel through 3.9.4 do not initialize certain data
structures, which allows local users to obtain sensitive
information from kernel memory via (1) a crafted
IDAGETPCIINFO command for a /dev/ida device, related to the
ida_locked_ioctl function in drivers/block/cpqarray.c or (2)
a crafted CCISS_PASSTHRU32 command for a /dev/cciss device,
related to the cciss_ioctl32_passthru function in
drivers/block/cciss.c. (bnc#823260)

CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in
drivers/cdrom/cdrom.c in the Linux kernel through 3.10
allows local users to obtain sensitive information from
kernel memory via a read operation on a malfunctioning
CD-ROM drive. (bnc#824295)

CVE-2013-2232: The ip6_sk_dst_check function in
net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows
local users to cause a denial of service (system crash) by
using an AF_INET6 socket for a connection to an IPv4
interface. (bnc#827750)

CVE-2013-2234: The (1) key_notify_sa_flush and (2)
key_notify_policy_flush functions in net/key/af_key.c in the
Linux kernel before 3.10 do not initialize certain structure
members, which allows local users to obtain sensitive
information from kernel heap memory by reading a broadcast
message from the notify interface of an IPSec key_socket.
(bnc#827749)

CVE-2013-2237: The key_notify_policy_flush function in
net/key/af_key.c in the Linux kernel before 3.9 does not
initialize a certain structure member, which allows local
users to obtain sensitive information from kernel heap
memory by reading a broadcast message from the notify_policy
interface of an IPSec key_socket. (bnc#828119)

CVE-2013-2634: net/dcb/dcbnl.c in the Linux kernel before
3.8.4 does not initialize certain structures, which allows
local users to obtain sensitive information from kernel
stack memory via a crafted application. (bnc#810473)

CVE-2013-2851: Format string vulnerability in the
register_disk function in block/genhd.c in the Linux kernel
through 3.9.4 allows local users to gain privileges by
leveraging root access and writing format string specifiers
to /sys/module/md_mod/parameters/new_array in order to
create a crafted /dev/md device name. (bnc#822575)

CVE-2013-2852: Format string vulnerability in the
b43_request_firmware function in
drivers/net/wireless/b43/main.c in the Broadcom B43 wireless
driver in the Linux kernel through 3.9.4 allows local users
to gain privileges by leveraging root access and including
format string specifiers in an fwpostfix modprobe parameter,
leading to improper construction of an error message.
(bnc#822579)

CVE-2013-2888: Multiple array index errors in
drivers/hid/hid-core.c in the Human Interface Device (HID)
subsystem in the Linux kernel through 3.11 allow physically
proximate attackers to execute arbitrary code or cause a
denial of service (heap memory corruption) via a crafted
device that provides an invalid Report ID. (bnc#835839)

CVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface
Device (HID) subsystem in the Linux kernel through 3.11,
when CONFIG_HID_ZEROPLUS is enabled, allows physically
proximate attackers to cause a denial of service (heap-based
out-of-bounds write) via a crafted device. (bnc#835839)

CVE-2013-2892: drivers/hid/hid-pl.c in the Human Interface
Device (HID) subsystem in the Linux kernel through 3.11,
when CONFIG_HID_PANTHERLORD is enabled, allows physically
proximate attackers to cause a denial of service (heap-based
out-of-bounds write) via a crafted device. (bnc#835839)

CVE-2013-2893: The Human Interface Device (HID) subsystem in
the Linux kernel through 3.11, when CONFIG_LOGITECH_FF,
CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled,
allows physically proximate attackers to cause a denial of
service (heap-based out-of-bounds write) via a crafted
device, related to (1) drivers/hid/hid-lgff.c, (2)
drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c.
(bnc#835839)

CVE-2013-2897: Multiple array index errors in
drivers/hid/hid-multitouch.c in the Human Interface Device
(HID) subsystem in the Linux kernel through 3.11, when
CONFIG_HID_MULTITOUCH is enabled, allow physically proximate
attackers to cause a denial of service (heap memory
corruption, or NULL pointer dereference and OOPS) via a
crafted device. (bnc#835839)

CVE-2013-2929: The Linux kernel before 3.12.2 does not
properly use the get_dumpable function, which allows local
users to bypass intended ptrace restrictions or obtain
sensitive information from IA64 scratch registers via a
crafted application, related to kernel/ptrace.c and
arch/ia64/include/asm/processor.h. (bnc#847652)

CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c
in the Linux kernel before 3.9-rc7 does not initialize a
certain length variable, which allows local users to obtain
sensitive information from kernel stack memory via a crafted
recvmsg or recvfrom system call. (bnc#816668)

CVE-2013-3223: The ax25_recvmsg function in
net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does
not initialize a certain data structure, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3224: The bt_sock_recvmsg function in
net/bluetooth/af_bluetooth.c in the Linux kernel before
3.9-rc7 does not properly initialize a certain length
variable, which allows local users to obtain sensitive
information from kernel stack memory via a crafted recvmsg
or recvfrom system call. (bnc#816668)

CVE-2013-3225: The rfcomm_sock_recvmsg function in
net/bluetooth/rfcomm/sock.c in the Linux kernel before
3.9-rc7 does not initialize a certain length variable, which
allows local users to obtain sensitive information from
kernel stack memory via a crafted recvmsg or recvfrom system
call. (bnc#816668)

CVE-2013-3228: The irda_recvmsg_dgram function in
net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does
not initialize a certain length variable, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3229: The iucv_sock_recvmsg function in
net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does
not initialize a certain length variable, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3231: The llc_ui_recvmsg function in
net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not
initialize a certain length variable, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3232: The nr_recvmsg function in
net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7
does not initialize a certain data structure, which allows
local users to obtain sensitive information from kernel
stack memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3234: The rose_recvmsg function in
net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does
not initialize a certain data structure, which allows local
users to obtain sensitive information from kernel stack
memory via a crafted recvmsg or recvfrom system call.
(bnc#816668)

CVE-2013-3235: net/tipc/socket.c in the Linux kernel before
3.9-rc7 does not initialize a certain data structure and a
certain length variable, which allows local users to obtain
sensitive information from kernel stack memory via a crafted
recvmsg or recvfrom system call. (bnc#816668)

CVE-2013-4345: Off-by-one error in the get_prng_bytes
function in crypto/ansi_cprng.c in the Linux kernel through
3.11.4 makes it easier for context-dependent attackers to
defeat cryptographic protection mechanisms via multiple
requests for small amounts of data, leading to improper
management of the state of the consumed data. (bnc#840226)

CVE-2013-4470: The Linux kernel before 3.12, when UDP
Fragmentation Offload (UFO) is enabled, does not properly
initialize certain data structures, which allows local users
to cause a denial of service (memory corruption and system
crash) or possibly gain privileges via a crafted application
that uses the UDP_CORK option in a setsockopt system call
and sends both short and long packets, related to the
ip_ufo_append_data function in net/ipv4/ip_output.c and the
ip6_ufo_append_data function in net/ipv6/ip6_output.c.
(bnc#847672)

CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in
the Linux kernel before 3.10 does not properly manage a
reference count, which allows local users to cause a denial
of service (memory consumption or system crash) via a
crafted application. (bnc#848321)

CVE-2013-4511: Multiple integer overflows in Alchemy LCD
frame-buffer drivers in the Linux kernel before 3.12 allow
local users to create a read-write memory mapping for the
entirety of kernel memory, and consequently gain privileges,
via crafted mmap operations, related to the (1)
au1100fb_fb_mmap function in drivers/video/au1100fb.c and
the (2) au1200fb_fb_mmap function in
drivers/video/au1200fb.c. (bnc#849021)

CVE-2013-4587: Array index error in the
kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in
the KVM subsystem in the Linux kernel through 3.12.5 allows
local users to gain privileges via a large id value.
(bnc#853050)

CVE-2013-4588: Multiple stack-based buffer overflows in
net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before
2.6.33, when CONFIG_IP_VS is used, allow local users to gain
privileges by leveraging the CAP_NET_ADMIN capability for
(1) a getsockopt system call, related to the
do_ip_vs_get_ctl function, or (2) a setsockopt system call,
related to the do_ip_vs_set_ctl function. (bnc#851095)

CVE-2013-4591: Buffer overflow in the
__nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the
Linux kernel before 3.7.2 allows local users to cause a
denial of service (memory corruption and system crash) or
possibly have unspecified other impact via a getxattr system
call for the system.nfs4_acl extended attribute of a
pathname on an NFSv4 filesystem. (bnc#851103)

CVE-2013-6367: The apic_get_tmcct function in
arch/x86/kvm/lapic.c in the KVM subsystem in the Linux
kernel through 3.12.5 allows guest OS users to cause a
denial of service (divide-by-zero error and host OS crash)
via crafted modifications of the TMICT value. (bnc#853051)

CVE-2013-6368: The KVM subsystem in the Linux kernel through
3.12.5 allows local users to gain privileges or cause a
denial of service (system crash) via a VAPIC synchronization
operation involving a page-end address. (bnc#853052)

CVE-2013-6378: The lbs_debugfs_write function in
drivers/net/wireless/libertas/debugfs.c in the Linux kernel
through 3.12.1 allows local users to cause a denial of
service (OOPS) by leveraging root privileges for a
zero-length write operation. (bnc#852559)

CVE-2013-6383: The aac_compat_ioctl function in
drivers/scsi/aacraid/linit.c in the Linux kernel before
3.11.8 does not require the CAP_SYS_RAWIO capability, which
allows local users to bypass intended access restrictions
via a crafted ioctl call. (bnc#852558)

CVE-2014-1444: The fst_get_iface function in
drivers/net/wan/farsync.c in the Linux kernel before 3.11.7
does not properly initialize a certain data structure, which
allows local users to obtain sensitive information from
kernel memory by leveraging the CAP_NET_ADMIN capability for
an SIOCWANDEV ioctl call. (bnc#858869)

CVE-2014-1445: The wanxl_ioctl function in
drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7
does not properly initialize a certain data structure, which
allows local users to obtain sensitive information from
kernel memory via an ioctl call. (bnc#858870)

CVE-2014-1446: The yam_ioctl function in
drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8
does not initialize a certain structure member, which allows
local users to obtain sensitive information from kernel
memory by leveraging the CAP_NET_ADMIN capability for an
SIOCYAMGCFG ioctl call. (bnc#858872)

Also the following non-security bugs have been fixed :

  - x86: Clear HPET configuration registers on startup
    (bnc#748896).

  - sched: fix divide by zero in task_utime() (bnc#761774).

  - sched: Fix pick_next_highest_task_rt() for cgroups
    (bnc#760596).

  - mm: hugetlbfs: Close race during teardown of hugetlbfs
    shared page tables.

  - mm: hugetlbfs: Correctly detect if page tables have just
    been shared. (Fix bad PMD message displayed while using
    hugetlbfs (bnc#762366)).

  - cpumask: Partition_sched_domains takes array of
    cpumask_var_t (bnc#812364).

  - cpumask: Simplify sched_rt.c (bnc#812364).

  - kabi: protect bind_conflict callback in struct
    inet_connection_sock_af_ops (bnc#823618).

  - memcg: fix init_section_page_cgroup pfn alignment
    (bnc#835481).

  - tty: fix up atime/mtime mess, take three (bnc#797175).

  - tty: fix atime/mtime regression (bnc#815745).

  - ptrace: ptrace_resume() should not wake up !TASK_TRACED
    thread (bnc#804154).

  - kbuild: Fix gcc -x syntax (bnc#773831).

  - ftrace: Disable function tracing during suspend/resume
    and hibernation, again (bnc#768668). proc: fix
    pagemap_read() error case (bnc#787573).

    net: Upgrade device features irrespective of mask
    (bnc#715250).

  - tcp: bind() fix autoselection to share ports
    (bnc#823618).

  - tcp: bind() use stronger condition for bind_conflict
    (bnc#823618).

  - tcp: ipv6: bind() use stronger condition for
    bind_conflict (bnc#823618).

  - netfilter: use RCU safe kfree for conntrack extensions
    (bnc#827416).

  - netfilter: prevent race condition breaking net reference
    counting (bnc#835094).

  - netfilter: send ICMPv6 message on fragment reassembly
    timeout (bnc#773577).

  - netfilter: fix sending ICMPv6 on netfilter reassembly
    timeout (bnc#773577).

  - tcp_cubic: limit delayed_ack ratio to prevent divide
    error (bnc#810045). bonding: in balance-rr mode, set
    curr_active_slave only if it is up (bnc#789648).

    scsi: Add 'eh_deadline' to limit SCSI EH runtime
    (bnc#798050).

  - scsi: Allow error handling timeout to be specified
    (bnc#798050).

  - scsi: Fixup compilation warning (bnc#798050).

  - scsi: Retry failfast commands after EH (bnc#798050).

  - scsi: Warn on invalid command completion (bnc#798050).

  - scsi: Always retry internal target error (bnc#745640,
    bnc#825227).

  - scsi: kABI fixes (bnc#798050).

  - scsi: remove check for 'resetting' (bnc#798050).

  - scsi: Eliminate error handler overload of the SCSI
    serial number (bnc#798050).

  - scsi: Reduce error recovery time by reducing use of TURs
    (bnc#798050).

  - scsi: Reduce sequential pointer derefs in scsi_error.c
    and reduce size as well (bnc#798050).

  - scsi: cleanup setting task state in scsi_error_handler()
    (bnc#798050).

  - scsi: fix eh wakeup (scsi_schedule_eh vs
    scsi_restart_operations) (bnc#798050). scsi: fix id
    computation in scsi_eh_target_reset() (bnc#798050).

    advansys: Remove 'last_reset' references (bnc#798050).

  - dc395: Move 'last_reset' into internal host structure
    (bnc#798050).

  - dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050).

  - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset
    (bnc#798050).

  - fc class: fix scanning when devs are offline
    (bnc#798050). tmscsim: Move 'last_reset' into host
    structure (bnc#798050).

    st: Store page order before driver buffer allocation
    (bnc#769644).

  - st: Increase success probability in driver buffer
    allocation (bnc#769644). st: work around broken
    __bio_add_page logic (bnc#769644).

    avoid race by ignoring flush_time in cache_check
    (bnc#814363).

    writeback: remove the internal 5% low bound on
    dirty_ratio

  - writeback: skip balance_dirty_pages() for in-memory fs
    (Do not dirty throttle ram-based filesystems
    (bnc#840858)). writeback: Do not sync data dirtied after
    sync start (bnc#833820).

    blkdev_max_block: make private to fs/buffer.c
    (bnc#820338).

  - vfs: avoid 'attempt to access beyond end of device'
    warnings (bnc#820338). vfs: fix O_DIRECT read past end
    of block device (bnc#820338).

    lib/radix-tree.c: make radix_tree_node_alloc() work
    correctly within interrupt (bnc#763463).

    xfs: allow writeback from kswapd (bnc#826707).

  - xfs: skip writeback from reclaim context (bnc#826707).

  - xfs: Serialize file-extending direct IO (bnc#818371).

  - xfs: Avoid pathological backwards allocation
    (bnc#805945). xfs: fix inode lookup race (bnc#763463).

    cifs: clarify the meaning of tcpStatus == CifsGood
    (bnc#776024).

    cifs: do not allow cifs_reconnect to exit with NULL
    socket pointer (bnc#776024).

    ocfs2: Add a missing journal credit in
    ocfs2_link_credits() -v2 (bnc#773320).

    usb: Fix deadlock in hid_reset when Dell iDRAC is reset
    (bnc#814716).

    usb: xhci: Fix command completion after a drop endpoint
    (bnc#807320).

    netiucv: Hold rtnl between name allocation and device
    registration (bnc#824159).

    rwsem: Test for no active locks in __rwsem_do_wake undo
    code (bnc#813276).

    nfs: NFSv3/v2: Fix data corruption with NFS short reads
    (bnc#818337).

  - nfs: Allow sec=none mounts in certain cases
    (bnc#795354).

  - nfs: Make nfsiod a multi-thread queue (bnc#815352).

  - nfs: increase number of permitted callback connections
    (bnc#771706).

  - nfs: Fix Oops in nfs_lookup_revalidate (bnc#780008).

  - nfs: do not allow TASK_KILLABLE sleeps to block the
    freezer (bnc#775182). nfs: Avoid race in d_splice_alias
    and vfs_rmdir (bnc#845028).

    svcrpc: take lock on turning entry NEGATIVE in
    cache_check (bnc#803320).

  - svcrpc: ensure cache_check caller sees updated entry
    (bnc#803320).

  - sunrpc/cache: remove races with queuing an upcall
    (bnc#803320).

  - sunrpc/cache: use cache_fresh_unlocked consistently and
    correctly (bnc#803320).

  - sunrpc/cache: ensure items removed from cache do not
    have pending upcalls (bnc#803320).

  - sunrpc/cache: do not schedule update on cache item that
    has been replaced (bnc#803320). sunrpc/cache: fix test
    in try_to_negate (bnc#803320).

    xenbus: fix overflow check in xenbus_dev_write().

  - x86: do not corrupt %eip when returning from a signal
    handler.

  - scsiback/usbback: move cond_resched() invocations to
    proper place. netback: fix netbk_count_requests().

    dm: add dm_deleting_md function (bnc#785016).

  - dm: bind new table before destroying old (bnc#785016).

  - dm: keep old table until after resume succeeded
    (bnc#785016). dm: rename dm_get_table to
    dm_get_live_table (bnc#785016).

    drm/edid: Fix up partially corrupted headers
    (bnc#780004).

    drm/edid: Retry EDID fetch up to four times
    (bnc#780004).

    i2c-algo-bit: Fix spurious SCL timeouts under heavy load
    (bnc#780004).

    hpilo: remove pci_disable_device (bnc#752544).

    mptsas: handle 'Initializing Command Required' ASCQ
    (bnc#782178).

    mpt2sas: Fix race on shutdown (bnc#856917).

    ipmi: decrease the IPMI message transaction time in
    interrupt mode (bnc#763654).

  - ipmi: simplify locking (bnc#763654). ipmi: use a tasklet
    for handling received messages (bnc#763654).

    bnx2x: bug fix when loading after SAN boot (bnc#714906).

    bnx2x: previous driver unload revised (bnc#714906).

    ixgbe: Address fact that RSC was not setting GSO size
    for incoming frames (bnc#776144).

    ixgbe: pull PSRTYPE configuration into a separate
    function (bnc#780572 bnc#773640 bnc#776144).

    e1000e: clear REQ and GNT in EECD (82571 && 82572)
    (bnc#762099).

    hpsa: do not attempt to read from a write-only register
    (bnc#777473).

    aio: Fixup kABI for the aio-implement-request-batching
    patch (bnc#772849).

  - aio: bump i_count instead of using igrab (bnc#772849).
    aio: implement request batching (bnc#772849).

    Driver core: Do not remove kobjects in device_shutdown
    (bnc#771992).

    resources: fix call to alignf() in allocate_resource()
    (bnc#744955).

  - resources: when allocate_resource() fails, leave
    resource untouched (bnc#744955).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://download.novell.com/patch/finder/?keywords=36a4c03a7a6e23326bdc75867718c3f5
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?499ef588"
  );
  # http://download.novell.com/patch/finder/?keywords=78a90ce26186ad3c08d3168f7c56498f
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6524481b"
  );
  # http://download.novell.com/patch/finder/?keywords=92db776383896ad395b93d570e1b0440
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?c3b1d361"
  );
  # http://download.novell.com/patch/finder/?keywords=c00b87e84b1ec845f992a53432644809
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3327c148"
  );
  # http://download.novell.com/patch/finder/?keywords=cebd648c35a6ff05d60a592debc063f7
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?85cb8767"
  );
  # http://download.novell.com/patch/finder/?keywords=f67e971841459d6799882fcccab88393
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?7458efe4"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-1083.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2011-3593.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-1601.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-2137.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-2372.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-2745.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-3375.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-3412.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-3430.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-3511.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4444.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4530.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-4565.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6537.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6538.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6539.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6540.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6541.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6542.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6544.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6545.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6546.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6547.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6548.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2012-6549.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0160.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0216.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0231.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0268.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0310.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0343.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0349.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0871.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-0914.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1767.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1773.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1774.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1792.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1796.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1797.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1798.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1827.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1928.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-1943.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2015.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2141.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2147.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2164.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2232.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2234.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2237.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2634.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2851.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2852.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2888.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2889.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2892.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2893.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2897.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-2929.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3222.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3223.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3224.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3225.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3228.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3229.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3231.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3232.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3234.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-3235.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4345.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4470.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4483.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4511.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4587.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4588.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-4591.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6367.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6368.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6378.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2013-6383.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1444.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1445.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2014-1446.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/714906"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/715250"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/735347"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/744955"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/745640"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/748896"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/752544"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/754898"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/760596"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/761774"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/762099"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/762366"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/763463"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/763654"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/767610"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/767612"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/768668"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/769644"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/769896"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/770695"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/771706"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/771992"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/772849"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/773320"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/773383"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/773577"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/773640"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/773831"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/774523"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/775182"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/776024"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/776144"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/776885"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/777473"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/780004"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/780008"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/780572"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/782178"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/785016"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/786013"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/787573"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/787576"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/789648"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/789831"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/795354"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/797175"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/798050"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/800280"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/801178"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/802642"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/803320"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/804154"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/804653"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/805226"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/805227"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/805945"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/806138"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/806976"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/806977"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/806980"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/807320"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/808358"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/808827"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809889"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809891"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809892"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809893"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809894"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809898"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809899"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809900"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809901"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809902"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/809903"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/810045"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/810473"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/811354"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/812364"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/813276"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/813735"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/814363"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/814716"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/815352"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/815745"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/816668"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/817377"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/818337"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/818371"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/820338"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/822575"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/822579"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/823260"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/823267"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/823618"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/824159"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/824295"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/825227"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/826707"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/827416"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/827749"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/827750"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/828012"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/828119"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/833820"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/835094"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/835481"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/835839"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/840226"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/840858"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/845028"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/847652"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/847672"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/848321"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/849021"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/851095"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/851103"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/852558"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/852559"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/853050"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/853051"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/853052"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/856917"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/858869"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/858870"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/858872"
  );
  # https://www.suse.com/support/update/announcement/2014/suse-su-20140287-1.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3c7c0d67"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11 SP1 LTSS :

zypper in -t patch slessp1-kernel-8847 slessp1-kernel-8848
slessp1-kernel-8849

To bring your system up-to-date, use 'zypper patch'."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:btrfs-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:btrfs-kmp-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:btrfs-kmp-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ext4dev-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ext4dev-kmp-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ext4dev-kmp-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ext4dev-kmp-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:hyper-v-kmp-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:hyper-v-kmp-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:hyper-v-kmp-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/02/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! ereg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES11" && (! ereg(pattern:"^1$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP1", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"btrfs-kmp-xen-0_2.6.32.59_0.9-0.3.151")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"ext4dev-kmp-xen-0_2.6.32.59_0.9-7.9.118")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"hyper-v-kmp-default-0_2.6.32.59_0.9-0.18.37")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"hyper-v-kmp-trace-0_2.6.32.59_0.9-0.18.37")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"kernel-ec2-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"kernel-ec2-base-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"kernel-ec2-devel-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"kernel-xen-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"kernel-xen-devel-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"btrfs-kmp-pae-0_2.6.32.59_0.9-0.3.151")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"ext4dev-kmp-pae-0_2.6.32.59_0.9-7.9.118")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"hyper-v-kmp-pae-0_2.6.32.59_0.9-0.18.37")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"kernel-pae-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"kernel-pae-base-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"x86_64", reference:"kernel-pae-devel-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"s390x", reference:"kernel-default-man-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", reference:"btrfs-kmp-default-0_2.6.32.59_0.9-0.3.151")) flag++;
if (rpm_check(release:"SLES11", sp:"1", reference:"ext4dev-kmp-default-0_2.6.32.59_0.9-7.9.118")) flag++;
if (rpm_check(release:"SLES11", sp:"1", reference:"ext4dev-kmp-trace-0_2.6.32.59_0.9-7.9.118")) flag++;
if (rpm_check(release:"SLES11", sp:"1", reference:"kernel-default-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", reference:"kernel-default-base-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", reference:"kernel-default-devel-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", reference:"kernel-source-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", reference:"kernel-syms-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", reference:"kernel-trace-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", reference:"kernel-trace-base-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", reference:"kernel-trace-devel-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"btrfs-kmp-xen-0_2.6.32.59_0.9-0.3.151")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"ext4dev-kmp-xen-0_2.6.32.59_0.9-7.9.118")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"hyper-v-kmp-default-0_2.6.32.59_0.9-0.18.37")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"hyper-v-kmp-trace-0_2.6.32.59_0.9-0.18.37")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"kernel-ec2-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"kernel-ec2-base-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"kernel-ec2-devel-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"kernel-xen-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"kernel-xen-base-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"kernel-xen-devel-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"btrfs-kmp-pae-0_2.6.32.59_0.9-0.3.151")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"ext4dev-kmp-pae-0_2.6.32.59_0.9-7.9.118")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"hyper-v-kmp-pae-0_2.6.32.59_0.9-0.18.37")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"kernel-pae-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"kernel-pae-base-2.6.32.59-0.9.1")) flag++;
if (rpm_check(release:"SLES11", sp:"1", cpu:"i586", reference:"kernel-pae-devel-2.6.32.59-0.9.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1792-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(65868);
  script_version("1.12");
  script_cvs_date("Date: 2019/09/19 12:54:29");

  script_cve_id("CVE-2012-6537", "CVE-2012-6539", "CVE-2012-6540", "CVE-2013-0914", "CVE-2013-1767", "CVE-2013-1792");
  script_bugtraq_id(58426, 58977, 58985, 58986);
  script_xref(name:"USN", value:"1792-1");

  script_name(english:"Ubuntu 10.04 LTS : linux vulnerabilities (USN-1792-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Mathias Krause discovered several errors in the Linux kernel's
xfrm_user implementation. A local attacker could exploit these flaws
to examine parts of kernel memory. (CVE-2012-6537)

Mathias Krause discovered information leak in the Linux kernel's
compat ioctl interface. A local user could exploit the flaw to examine
parts of kernel stack memory (CVE-2012-6539)

Mathias Krause discovered an information leak in the Linux kernel's
getsockopt for IP_VS_SO_GET_TIMEOUT. A local user could exploit this
flaw to examine parts of kernel stack memory. (CVE-2012-6540)

Emese Revfy discovered that in the Linux kernel signal handlers could
leak address information across an exec, making it possible to by pass
ASLR (Address Space Layout Randomization). A local user could use this
flaw to by pass ASLR to reliably deliver an exploit payload that would
otherwise be stopped (by ASLR). (CVE-2013-0914)

A memory use after free error was discover in the Linux kernel's tmpfs
filesystem. A local user could exploit this flaw to gain privileges or
cause a denial of service (system crash). (CVE-2013-1767)

Mateusz Guzik discovered a race in the Linux kernel's keyring. A local
user could exploit this flaw to cause a denial of service (system
crash). (CVE-2013-1792).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1792-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-386");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-generic-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-lpia");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-preempt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-versatile");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-virtual");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/09");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2012-6537", "CVE-2012-6539", "CVE-2012-6540", "CVE-2013-0914", "CVE-2013-1767", "CVE-2013-1792");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1792-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-46-386", pkgver:"2.6.32-46.107")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-46-generic", pkgver:"2.6.32-46.107")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-46-generic-pae", pkgver:"2.6.32-46.107")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-46-lpia", pkgver:"2.6.32-46.107")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-46-preempt", pkgver:"2.6.32-46.107")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-46-server", pkgver:"2.6.32-46.107")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-46-versatile", pkgver:"2.6.32-46.107")) flag++;
if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-46-virtual", pkgver:"2.6.32-46.107")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-386 / linux-image-2.6-generic / etc");
}