Vulnerabilities > CVE-2013-1059 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation.

Vulnerable Configurations

Part Description Count
OS
Linux
1618
OS
Canonical
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-12990.NASL
    descriptionUpdate to latest stable upstream release, Linux v3.9.10 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-07-19
    plugin id68974
    published2013-07-19
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/68974
    titleFedora 17 : kernel-3.9.10-100.fc17 (2013-12990)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2013-12990.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(68974);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-1059", "CVE-2013-2232", "CVE-2013-2234");
      script_bugtraq_id(60874, 60893, 60922);
      script_xref(name:"FEDORA", value:"2013-12990");
    
      script_name(english:"Fedora 17 : kernel-3.9.10-100.fc17 (2013-12990)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to latest stable upstream release, Linux v3.9.10
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=977356"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=980995"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=981552"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/111909.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c2316bbf"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/07/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC17", reference:"kernel-3.9.10-100.fc17")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2745.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-1059 Chanam Park reported an issue in the Ceph distributed storage system. Remote users can cause a denial of service by sending a specially crafted auth_reply message. - CVE-2013-2148 Dan Carpenter reported an information leak in the filesystem wide access notification subsystem (fanotify). Local users could gain access to sensitive kernel memory. - CVE-2013-2164 Jonathan Salwan reported an information leak in the CD-ROM driver. A local user on a system with a malfunctioning CD-ROM drive could gain access to sensitive memory. - CVE-2013-2232 Dave Jones and Hannes Frederic Sowa resolved an issue in the IPv6 subsystem. Local users could cause a denial of service by using an AF_INET6 socket to connect to an IPv4 destination. - CVE-2013-2234 Mathias Krause reported a memory leak in the implementation of PF_KEYv2 sockets. Local users could gain access to sensitive kernel memory. - CVE-2013-2237 Nicolas Dichtel reported a memory leak in the implementation of PF_KEYv2 sockets. Local users could gain access to sensitive kernel memory. - CVE-2013-2851 Kees Cook reported an issue in the block subsystem. Local users with uid 0 could gain elevated ring 0 privileges. This is only a security issue for certain specially configured systems. - CVE-2013-2852 Kees Cook reported an issue in the b43 network driver for certain Broadcom wireless devices. Local users with uid 0 could gain elevated ring 0 privileges. This is only a security issue for certain specially configured systems. - CVE-2013-4162 Hannes Frederic Sowa reported an issue in the IPv6 networking subsystem. Local users can cause a denial of service (system crash). - CVE-2013-4163 Dave Jones reported an issue in the IPv6 networking subsystem. Local users can cause a denial of service (system crash). This update also includes a fix for a regression in the Xen subsystem.
    last seen2020-03-17
    modified2013-08-30
    plugin id69505
    published2013-08-30
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69505
    titleDebian DSA-2745-1 : linux - privilege escalation/denial of service/information leak
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2745. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69505);
      script_version("1.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-1059", "CVE-2013-2148", "CVE-2013-2164", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2237", "CVE-2013-2851", "CVE-2013-2852", "CVE-2013-4162", "CVE-2013-4163");
      script_bugtraq_id(60341, 60375, 60409, 60410, 60874, 60893, 60922, 60953, 61411, 61412);
      script_xref(name:"DSA", value:"2745");
    
      script_name(english:"Debian DSA-2745-1 : linux - privilege escalation/denial of service/information leak");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a denial of service, information leak or privilege
    escalation. The Common Vulnerabilities and Exposures project
    identifies the following problems :
    
      - CVE-2013-1059
        Chanam Park reported an issue in the Ceph distributed
        storage system. Remote users can cause a denial of
        service by sending a specially crafted auth_reply
        message.
    
      - CVE-2013-2148
        Dan Carpenter reported an information leak in the
        filesystem wide access notification subsystem
        (fanotify). Local users could gain access to sensitive
        kernel memory.
    
      - CVE-2013-2164
        Jonathan Salwan reported an information leak in the
        CD-ROM driver. A local user on a system with a
        malfunctioning CD-ROM drive could gain access to
        sensitive memory.
    
      - CVE-2013-2232
        Dave Jones and Hannes Frederic Sowa resolved an issue in
        the IPv6 subsystem. Local users could cause a denial of
        service by using an AF_INET6 socket to connect to an
        IPv4 destination.
    
      - CVE-2013-2234
        Mathias Krause reported a memory leak in the
        implementation of PF_KEYv2 sockets. Local users could
        gain access to sensitive kernel memory.
    
      - CVE-2013-2237
        Nicolas Dichtel reported a memory leak in the
        implementation of PF_KEYv2 sockets. Local users could
        gain access to sensitive kernel memory.
    
      - CVE-2013-2851
        Kees Cook reported an issue in the block subsystem.
        Local users with uid 0 could gain elevated ring 0
        privileges. This is only a security issue for certain
        specially configured systems.
    
      - CVE-2013-2852
        Kees Cook reported an issue in the b43 network driver
        for certain Broadcom wireless devices. Local users with
        uid 0 could gain elevated ring 0 privileges. This is
        only a security issue for certain specially configured
        systems.
    
      - CVE-2013-4162
        Hannes Frederic Sowa reported an issue in the IPv6
        networking subsystem. Local users can cause a denial of
        service (system crash).
    
      - CVE-2013-4163
        Dave Jones reported an issue in the IPv6 networking
        subsystem. Local users can cause a denial of service
        (system crash).
    
    This update also includes a fix for a regression in the Xen subsystem."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701744"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-1059"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2148"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2164"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2232"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2234"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2237"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2851"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-2852"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-4162"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2013-4163"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2013/dsa-2745"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the linux and user-mode-linux packages.
    
    For the stable distribution (wheezy), these problems has been fixed in
    version 3.2.46-1+deb7u1.
    
    The following matrix lists additional source packages that were
    rebuilt for compatibility with or to take advantage of this update :
    
                          Debian 7.0 (wheezy)  
      user-mode-linux      3.2-2um-1+deb7u2     
    Note: Debian carefully tracks all known security issues across every
    linux kernel package in all releases under active security support.
    However, given the high frequency at which low-severity security
    issues are discovered in the kernel and the resource requirements of
    doing an update, updates for lower priority issues will normally not
    be released for all kernels at the same time. Rather, they will be
    released in a staggered or 'leap-frog' fashion."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"linux", reference:"3.2.46-1+deb7u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1941-1.NASL
    descriptionChanam Park reported a NULL pointer flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id69809
    published2013-09-07
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69809
    titleUbuntu 12.04 LTS : linux vulnerabilities (USN-1941-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1941-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69809);
      script_version("1.10");
      script_cvs_date("Date: 2019/09/19 12:54:29");
    
      script_cve_id("CVE-2013-1059", "CVE-2013-1060", "CVE-2013-2164", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2851", "CVE-2013-4162", "CVE-2013-4163");
      script_bugtraq_id(60375, 60409, 60922);
      script_xref(name:"USN", value:"1941-1");
    
      script_name(english:"Ubuntu 12.04 LTS : linux vulnerabilities (USN-1941-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Chanam Park reported a NULL pointer flaw in the Linux kernel's Ceph
    client. A remote attacker could exploit this flaw to cause a denial of
    service (system crash). (CVE-2013-1059)
    
    Vasily Kulikov discovered a flaw in the Linux Kernel's perf tool that
    allows for privilege escalation. A local user could exploit this flaw
    to run commands as root when using the perf tool. (CVE-2013-1060)
    
    Jonathan Salwan discovered an information leak in the Linux kernel's
    cdrom driver. A local user can exploit this leak to obtain sensitive
    information from kernel memory if the CD-ROM drive is malfunctioning.
    (CVE-2013-2164)
    
    A flaw was discovered in the Linux kernel when an IPv6 socket is used
    to connect to an IPv4 destination. An unprivileged local user could
    exploit this flaw to cause a denial of service (system crash).
    (CVE-2013-2232)
    
    An information leak was discovered in the IPSec key_socket
    implementation in the Linux kernel. An local user could exploit this
    flaw to examine potentially sensitive information in kernel memory.
    (CVE-2013-2234)
    
    Kees Cook discovered a format string vulnerability in the Linux
    kernel's disk block layer. A local user with administrator privileges
    could exploit this flaw to gain kernel privileges. (CVE-2013-2851)
    
    Hannes Frederic Sowa discovered a flaw in setsockopt UDP_CORK option
    in the Linux kernel's IPv6 stack. A local user could exploit this flaw
    to cause a denial of service (system crash). (CVE-2013-4162)
    
    Hannes Frederic Sowa discovered a flaw in the IPv6 subsystem of the
    Linux kernel when the IPV6_MTU setsockopt option has been specified in
    combination with the UDP_CORK option. A local user could exploit this
    flaw to cause a denial of service (system crash). (CVE-2013-4163).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1941-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/09/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/07");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-1059", "CVE-2013-1060", "CVE-2013-2164", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2851", "CVE-2013-4162", "CVE-2013-4163");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1941-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-53-generic", pkgver:"3.2.0-53.81")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-53-generic-pae", pkgver:"3.2.0-53.81")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-53-highbank", pkgver:"3.2.0-53.81")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-53-virtual", pkgver:"3.2.0-53.81")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.2-generic / linux-image-3.2-generic-pae / etc");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-194.NASL
    descriptionMultiple vulnerabilities has been found and corrected in the Linux kernel : net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. (CVE-2013-1059) The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. (CVE-2013-2147) The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor. (CVE-2013-2148) Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. (CVE-2013-2851) The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. (CVE-2013-2164) The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. (CVE-2013-2237) The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. (CVE-2013-2234) The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. (CVE-2013-2232) The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator. (CVE-2012-5517) Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. (CVE-2013-2852) The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call. (CVE-2013-3301) The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third-party information. (CVE-2013-0231) The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. (CVE-2013-1774) Heap-based buffer overflow in the iscsi_add_notunderstood_response function in drivers/target/iscsi/iscsi_target_parameters.c in the iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote attackers to cause a denial of service (memory corruption and OOPS) or possibly execute arbitrary code via a long key that is not properly handled during construction of an error-response packet. (CVE-2013-2850) The updated packages provides a solution for these security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67254
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67254
    titleMandriva Linux Security Advisory : kernel (MDVSA-2013:194)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2013:194. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67254);
      script_version("1.8");
      script_cvs_date("Date: 2019/08/02 13:32:55");
    
      script_cve_id("CVE-2012-5517", "CVE-2013-0231", "CVE-2013-1059", "CVE-2013-1774", "CVE-2013-2147", "CVE-2013-2148", "CVE-2013-2164", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2237", "CVE-2013-2850", "CVE-2013-2851", "CVE-2013-2852", "CVE-2013-3301");
      script_bugtraq_id(56527, 57740, 58202, 59055, 60243, 60280, 60341, 60375, 60409, 60410, 60874, 60893, 60922, 60953);
      script_xref(name:"MDVSA", value:"2013:194");
    
      script_name(english:"Mandriva Linux Security Advisory : kernel (MDVSA-2013:194)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities has been found and corrected in the Linux
    kernel :
    
    net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote
    attackers to cause a denial of service (NULL pointer dereference and
    system crash) or possibly have unspecified other impact via an
    auth_reply message that triggers an attempted build_request operation.
    (CVE-2013-1059)
    
    The HP Smart Array controller disk-array driver and Compaq SMART2
    controller disk-array driver in the Linux kernel through 3.9.4 do not
    initialize certain data structures, which allows local users to obtain
    sensitive information from kernel memory via (1) a crafted
    IDAGETPCIINFO command for a /dev/ida device, related to the
    ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted
    CCISS_PASSTHRU32 command for a /dev/cciss device, related to the
    cciss_ioctl32_passthru function in drivers/block/cciss.c.
    (CVE-2013-2147)
    
    The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c
    in the Linux kernel through 3.9.4 does not initialize a certain
    structure member, which allows local users to obtain sensitive
    information from kernel memory via a read operation on the fanotify
    descriptor. (CVE-2013-2148)
    
    Format string vulnerability in the register_disk function in
    block/genhd.c in the Linux kernel through 3.9.4 allows local users to
    gain privileges by leveraging root access and writing format string
    specifiers to /sys/module/md_mod/parameters/new_array in order to
    create a crafted /dev/md device name. (CVE-2013-2851)
    
    The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the
    Linux kernel through 3.10 allows local users to obtain sensitive
    information from kernel memory via a read operation on a
    malfunctioning CD-ROM drive. (CVE-2013-2164)
    
    The key_notify_policy_flush function in net/key/af_key.c in the Linux
    kernel before 3.9 does not initialize a certain structure member,
    which allows local users to obtain sensitive information from kernel
    heap memory by reading a broadcast message from the notify_policy
    interface of an IPSec key_socket. (CVE-2013-2237)
    
    The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions
    in net/key/af_key.c in the Linux kernel before 3.10 do not initialize
    certain structure members, which allows local users to obtain
    sensitive information from kernel heap memory by reading a broadcast
    message from the notify interface of an IPSec key_socket.
    (CVE-2013-2234)
    
    The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux
    kernel before 3.10 allows local users to cause a denial of service
    (system crash) by using an AF_INET6 socket for a connection to an IPv4
    interface. (CVE-2013-2232)
    
    The online_pages function in mm/memory_hotplug.c in the Linux kernel
    before 3.6 allows local users to cause a denial of service (NULL
    pointer dereference and system crash) or possibly have unspecified
    other impact in opportunistic circumstances by using memory that was
    hot-added by an administrator. (CVE-2012-5517)
    
    Format string vulnerability in the b43_request_firmware function in
    drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in
    the Linux kernel through 3.9.4 allows local users to gain privileges
    by leveraging root access and including format string specifiers in an
    fwpostfix modprobe parameter, leading to improper construction of an
    error message. (CVE-2013-2852)
    
    The ftrace implementation in the Linux kernel before 3.8.8 allows
    local users to cause a denial of service (NULL pointer dereference and
    system crash) or possibly have unspecified other impact by leveraging
    the CAP_SYS_ADMIN capability for write access to the (1)
    set_ftrace_pid or (2) set_graph_function file, and then making an
    lseek system call. (CVE-2013-3301)
    
    The pciback_enable_msi function in the PCI backend driver
    (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux
    kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to
    cause a denial of service via a large number of kernel log messages.
    NOTE: some of these details are obtained from third-party information.
    (CVE-2013-0231)
    
    The chase_port function in drivers/usb/serial/io_ti.c in the Linux
    kernel before 3.7.4 allows local users to cause a denial of service
    (NULL pointer dereference and system crash) via an attempted
    /dev/ttyUSB read or write operation on a disconnected Edgeport USB
    serial converter. (CVE-2013-1774)
    
    Heap-based buffer overflow in the iscsi_add_notunderstood_response
    function in drivers/target/iscsi/iscsi_target_parameters.c in the
    iSCSI target subsystem in the Linux kernel through 3.9.4 allows remote
    attackers to cause a denial of service (memory corruption and OOPS) or
    possibly execute arbitrary code via a long key that is not properly
    handled during construction of an error-response packet.
    (CVE-2013-2850)
    
    The updated packages provides a solution for these security issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cpupower");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cpupower-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cpupower0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/07/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"cpupower-3.4.52-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", reference:"kernel-firmware-3.4.52-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-headers-3.4.52-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-server-3.4.52-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-server-devel-3.4.52-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", reference:"kernel-source-3.4.52-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64cpupower-devel-3.4.52-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64cpupower0-3.4.52-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"perf-3.4.52-1.1.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-12530.NASL
    descriptionUpdate to latest upstream stable release, Linux v3.9.9. This also includes fixes for issues running VM guests some people were seeing. Update to latest stable upstream release, Linux v3.9.8 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-07-12
    plugin id67343
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67343
    titleFedora 18 : kernel-3.9.9-201.fc18 (2013-12530)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2013-12530.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67343);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-1059", "CVE-2013-2232", "CVE-2013-2234");
      script_bugtraq_id(60874, 60893, 60922);
      script_xref(name:"FEDORA", value:"2013-12530");
    
      script_name(english:"Fedora 18 : kernel-3.9.9-201.fc18 (2013-12530)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Update to latest upstream stable release, Linux v3.9.9. This also
    includes fixes for issues running VM guests some people were seeing.
    Update to latest stable upstream release, Linux v3.9.8
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=977356"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=980995"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=981552"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/111241.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?43b25d04"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/07/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC18", reference:"kernel-3.9.9-201.fc18")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1931-1.NASL
    descriptionChanam Park reported a NULL pointer flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id69416
    published2013-08-21
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69416
    titleUbuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-1931-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1931-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69416);
      script_version("1.9");
      script_cvs_date("Date: 2019/09/19 12:54:29");
    
      script_cve_id("CVE-2013-1059", "CVE-2013-2148", "CVE-2013-2164", "CVE-2013-2851");
      script_xref(name:"USN", value:"1931-1");
    
      script_name(english:"Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-1931-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Chanam Park reported a NULL pointer flaw in the Linux kernel's Ceph
    client. A remote attacker could exploit this flaw to cause a denial of
    service (system crash). (CVE-2013-1059)
    
    An information leak was discovered in the Linux kernel's fanotify
    interface. A local user could exploit this flaw to obtain sensitive
    information from kernel memory. (CVE-2013-2148)
    
    Jonathan Salwan discovered an information leak in the Linux kernel's
    cdrom driver. A local user can exploit this leak to obtain sensitive
    information from kernel memory if the CD-ROM drive is malfunctioning.
    (CVE-2013-2164)
    
    Kees Cook discovered a format string vulnerability in the Linux
    kernel's disk block layer. A local user with administrator privileges
    could exploit this flaw to gain kernel privileges. (CVE-2013-2851).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1931-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected linux-image-3.5-generic package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-1059", "CVE-2013-2148", "CVE-2013-2164", "CVE-2013-2851");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1931-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.5.0-39-generic", pkgver:"3.5.0-39.60~precise1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.5-generic");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1473.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation.(CVE-2013-1059) - The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature.(CVE-2013-2140) - The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.(CVE-2013-2164) - Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.(CVE-2013-2888) - drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.(CVE-2013-2889) - drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.(CVE-2013-2892) - A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When
    last seen2020-06-01
    modified2020-06-02
    plugin id124797
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124797
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1473)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124797);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/17");
    
      script_cve_id(
        "CVE-2013-1059",
        "CVE-2013-2140",
        "CVE-2013-2164",
        "CVE-2013-2888",
        "CVE-2013-2889",
        "CVE-2013-2892",
        "CVE-2013-2929",
        "CVE-2013-2930",
        "CVE-2013-4125",
        "CVE-2013-4127",
        "CVE-2013-4162",
        "CVE-2013-4163",
        "CVE-2013-4205",
        "CVE-2013-4247",
        "CVE-2013-4270",
        "CVE-2013-4299",
        "CVE-2013-4300",
        "CVE-2013-4312",
        "CVE-2013-4343",
        "CVE-2013-4345"
      );
      script_bugtraq_id(
        60375,
        60414,
        60922,
        61166,
        61198,
        61411,
        61412,
        61636,
        61800,
        62042,
        62043,
        62049,
        62072,
        62360,
        62740,
        63183,
        64111,
        64318,
        64471
      );
    
      script_name(english:"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1473)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization installation on the remote host is affected by
    the following vulnerabilities :
    
      - net/ceph/auth_none.c in the Linux kernel through 3.10
        allows remote attackers to cause a denial of service
        (NULL pointer dereference and system crash) or possibly
        have unspecified other impact via an auth_reply message
        that triggers an attempted build_request
        operation.(CVE-2013-1059)
    
      - The dispatch_discard_io function in
        drivers/block/xen-blkback/blkback.c in the Xen blkback
        implementation in the Linux kernel before 3.10.5 allows
        guest OS users to cause a denial of service (data loss)
        via filesystem write operations on a read-only disk
        that supports the (1) BLKIF_OP_DISCARD (aka discard or
        TRIM) or (2) SCSI UNMAP feature.(CVE-2013-2140)
    
      - The mmc_ioctl_cdrom_read_data function in
        drivers/cdrom/cdrom.c in the Linux kernel through 3.10
        allows local users to obtain sensitive information from
        kernel memory via a read operation on a malfunctioning
        CD-ROM drive.(CVE-2013-2164)
    
      - Multiple array index errors in drivers/hid/hid-core.c
        in the Human Interface Device (HID) subsystem in the
        Linux kernel through 3.11 allow physically proximate
        attackers to execute arbitrary code or cause a denial
        of service (heap memory corruption) via a crafted
        device that provides an invalid Report
        ID.(CVE-2013-2888)
    
      - drivers/hid/hid-zpff.c in the Human Interface Device
        (HID) subsystem in the Linux kernel through 3.11, when
        CONFIG_HID_ZEROPLUS is enabled, allows physically
        proximate attackers to cause a denial of service
        (heap-based out-of-bounds write) via a crafted
        device.(CVE-2013-2889)
    
      - drivers/hid/hid-pl.c in the Human Interface Device
        (HID) subsystem in the Linux kernel through 3.11, when
        CONFIG_HID_PANTHERLORD is enabled, allows physically
        proximate attackers to cause a denial of service
        (heap-based out-of-bounds write) via a crafted
        device.(CVE-2013-2892)
    
      - A flaw was found in the way the get_dumpable() function
        return value was interpreted in the ptrace subsystem of
        the Linux kernel. When 'fs.suid_dumpable' was set to 2,
        a local, unprivileged local user could use this flaw to
        bypass intended ptrace restrictions and obtain
        potentially sensitive information.(CVE-2013-2929)
    
      - The perf_trace_event_perm function in
        kernel/trace/trace_event_perf.c in the Linux kernel
        before 3.12.2 does not properly restrict access to the
        perf subsystem, which allows local users to enable
        function tracing via a crafted
        application.(CVE-2013-2930)
    
      - The fib6_add_rt2node function in net/ipv6/ip6_fib.c in
        the IPv6 stack in the Linux kernel through 3.10.1 does
        not properly handle Router Advertisement (RA) messages
        in certain circumstances involving three routes that
        initially qualified for membership in an ECMP route set
        until a change occurred for one of the first two
        routes, which allows remote attackers to cause a denial
        of service (system crash) via a crafted sequence of
        messages.(CVE-2013-4125)
    
      - Use-after-free vulnerability in the
        vhost_net_set_backend function in drivers/vhost/net.c
        in the Linux kernel through 3.10.3 allows local users
        to cause a denial of service (OOPS and system crash)
        via vectors involving powering on a virtual
        machine.(CVE-2013-4127)
    
      - The udp_v6_push_pending_frames function in
        net/ipv6/udp.c in the IPv6 implementation in the Linux
        kernel through 3.10.3 makes an incorrect function call
        for pending data, which allows local users to cause a
        denial of service (BUG and system crash) via a crafted
        application that uses the UDP_CORK option in a
        setsockopt system call.(CVE-2013-4162)
    
      - The ip6_append_data_mtu function in
        net/ipv6/ip6_output.c in the IPv6 implementation in the
        Linux kernel through 3.10.3 does not properly maintain
        information about whether the IPV6_MTU setsockopt
        option had been specified, which allows local users to
        cause a denial of service (BUG and system crash) via a
        crafted application that uses the UDP_CORK option in a
        setsockopt system call.(CVE-2013-4163)
    
      - Memory leak in the unshare_userns function in
        kernel/user_namespace.c in the Linux kernel before
        3.10.6 allows local users to cause a denial of service
        (memory consumption) via an invalid CLONE_NEWUSER
        unshare call.(CVE-2013-4205)
    
      - Off-by-one error in the build_unc_path_to_root function
        in fs/cifs/connect.c in the Linux kernel before 3.9.6
        allows remote attackers to cause a denial of service
        (memory corruption and system crash) via a DFS share
        mount operation that triggers use of an unexpected DFS
        referral name length.(CVE-2013-4247)
    
      - The net_ctl_permissions function in net/sysctl_net.c in
        the Linux kernel before 3.11.5 does not properly
        determine uid and gid values, which allows local users
        to bypass intended /proc/sys/net restrictions via a
        crafted application.(CVE-2013-4270)
    
      - Interpretation conflict in
        drivers/md/dm-snap-persistent.c in the Linux kernel
        through 3.11.6 allows remote authenticated users to
        obtain sensitive information or modify data via a
        crafted mapping to a snapshot block
        device.(CVE-2013-4299)
    
      - The scm_check_creds function in net/core/scm.c in the
        Linux kernel before 3.11 performs a capability check in
        an incorrect namespace, which allows local users to
        gain privileges via PID spoofing.(CVE-2013-4300)
    
      - It was found that the Linux kernel did not properly
        account file descriptors passed over the unix socket
        against the process limit. A local user could use this
        flaw to exhaust all available memory on the
        system.(CVE-2013-4312)
    
      - Use-after-free vulnerability in drivers/net/tun.c in
        the Linux kernel through 3.11.1 allows local users to
        gain privileges by leveraging the CAP_NET_ADMIN
        capability and providing an invalid tuntap interface
        name in a TUNSETIFF ioctl call.(CVE-2013-4343)
    
      - Off-by-one error in the get_prng_bytes function in
        crypto/ansi_cprng.c in the Linux kernel through 3.11.4
        makes it easier for context-dependent attackers to
        defeat cryptographic protection mechanisms via multiple
        requests for small amounts of data, leading to improper
        management of the state of the consumed
        data.(CVE-2013-4345)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1473
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?461705d1");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-4300");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/13");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-3.10.0-862.14.1.6_42",
            "kernel-devel-3.10.0-862.14.1.6_42",
            "kernel-headers-3.10.0-862.14.1.6_42",
            "kernel-tools-3.10.0-862.14.1.6_42",
            "kernel-tools-libs-3.10.0-862.14.1.6_42",
            "kernel-tools-libs-devel-3.10.0-862.14.1.6_42",
            "perf-3.10.0-862.14.1.6_42",
            "python-perf-3.10.0-862.14.1.6_42"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-12339.NASL
    descriptionUpstream stable release 3.9.9 contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-07-12
    plugin id67342
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/67342
    titleFedora 19 : kernel-3.9.9-301.fc19 (2013-12339)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2013-12339.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67342);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-1059", "CVE-2013-2234");
      script_bugtraq_id(60874, 60922);
      script_xref(name:"FEDORA", value:"2013-12339");
    
      script_name(english:"Fedora 19 : kernel-3.9.9-301.fc19 (2013-12339)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Upstream stable release 3.9.9 contains a number of important fixes
    across the tree.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=977356"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=980995"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2013-July/110843.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?22fedbc5"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/07/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC19", reference:"kernel-3.9.9-301.fc19")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0057.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id99163
    published2017-04-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99163
    titleOracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2017-0057.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99163);
      script_version("3.12");
      script_cvs_date("Date: 2019/09/27 13:00:35");
    
      script_cve_id("CVE-2013-0343", "CVE-2013-1059", "CVE-2013-2140", "CVE-2013-2147", "CVE-2013-2148", "CVE-2013-2164", "CVE-2013-2234", "CVE-2013-2237", "CVE-2013-2850", "CVE-2013-2851", "CVE-2013-2852", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2892", "CVE-2013-2893", "CVE-2013-2895", "CVE-2013-2896", "CVE-2013-2897", "CVE-2013-2898", "CVE-2013-2899", "CVE-2013-2929", "CVE-2013-2930", "CVE-2013-4162", "CVE-2013-4163", "CVE-2013-4299", "CVE-2013-4312", "CVE-2013-4345", "CVE-2013-4348", "CVE-2013-4350", "CVE-2013-4470", "CVE-2013-4579", "CVE-2013-4587", "CVE-2013-4592", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6383", "CVE-2013-6885", "CVE-2013-7263", "CVE-2013-7265", "CVE-2013-7266", "CVE-2013-7421", "CVE-2013-7446", "CVE-2014-0038", "CVE-2014-0049", "CVE-2014-0055", "CVE-2014-0069", "CVE-2014-0077", "CVE-2014-0101", "CVE-2014-0181", "CVE-2014-0196", "CVE-2014-1690", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-1739", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2851", "CVE-2014-3144", "CVE-2014-3145", "CVE-2014-3153", "CVE-2014-3181", "CVE-2014-3182", "CVE-2014-3184", "CVE-2014-3185", "CVE-2014-3186", "CVE-2014-3215", "CVE-2014-3535", "CVE-2014-3601", "CVE-2014-3610", "CVE-2014-3611", "CVE-2014-3645", "CVE-2014-3646", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-4014", "CVE-2014-4027", "CVE-2014-4171", "CVE-2014-4652", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-4656", "CVE-2014-4667", "CVE-2014-4699", "CVE-2014-4943", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-6410", "CVE-2014-7822", "CVE-2014-7826", "CVE-2014-7970", "CVE-2014-7975", "CVE-2014-8133", "CVE-2014-8134", "CVE-2014-8159", "CVE-2014-8160", "CVE-2014-8171", "CVE-2014-8173", "CVE-2014-8884", "CVE-2014-8989", "CVE-2014-9090", "CVE-2014-9322", "CVE-2014-9529", "CVE-2014-9585", "CVE-2014-9644", "CVE-2015-0239", "CVE-2015-1333", "CVE-2015-1421", "CVE-2015-1593", "CVE-2015-1805", "CVE-2015-2150", "CVE-2015-2830", "CVE-2015-2922", "CVE-2015-3212", "CVE-2015-3339", "CVE-2015-3636", "CVE-2015-4700", "CVE-2015-5156", "CVE-2015-5157", "CVE-2015-5283", "CVE-2015-5307", "CVE-2015-5364", "CVE-2015-5366", "CVE-2015-5697", "CVE-2015-5707", "CVE-2015-6937", "CVE-2015-7613", "CVE-2015-7872", "CVE-2015-8104", "CVE-2015-8215", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8569", "CVE-2015-8767", "CVE-2015-8956", "CVE-2016-0728", "CVE-2016-0758", "CVE-2016-0774", "CVE-2016-10088", "CVE-2016-10142", "CVE-2016-1583", "CVE-2016-2053", "CVE-2016-2117", "CVE-2016-3070", "CVE-2016-3134", "CVE-2016-3140", "CVE-2016-3157", "CVE-2016-3672", "CVE-2016-3699", "CVE-2016-4470", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4565", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4997", "CVE-2016-4998", "CVE-2016-5195", "CVE-2016-5696", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7042", "CVE-2016-7117", "CVE-2016-7425", "CVE-2016-8399", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-8646", "CVE-2016-8650", "CVE-2016-8655", "CVE-2016-9178", "CVE-2016-9555", "CVE-2016-9588", "CVE-2016-9644", "CVE-2016-9793", "CVE-2016-9794", "CVE-2017-2636", "CVE-2017-5970", "CVE-2017-6074", "CVE-2017-6345", "CVE-2017-7187");
      script_bugtraq_id(58795, 60243, 60280, 60341, 60375, 60409, 60410, 60414, 60874, 60922, 60953, 61411, 61412, 62042, 62043, 62044, 62045, 62046, 62048, 62049, 62050, 62056, 62405, 62740, 63183, 63359, 63536, 63743, 63790, 63888, 63983, 64111, 64270, 64291, 64318, 64319, 64328, 64677, 64686, 64743, 65180, 65255, 65588, 65909, 65943, 66095, 66279, 66441, 66678, 66779, 67034, 67199, 67282, 67300, 67302, 67309, 67321, 67341, 67906, 67985, 67988, 68048, 68157, 68159, 68162, 68163, 68164, 68170, 68224, 68411, 68683, 68768, 69396, 69428, 69489, 69721, 69763, 69768, 69770, 69779, 69781, 69799, 70314, 70319, 70742, 70743, 70745, 70746, 70766, 70768, 70883, 70971, 71097, 71154, 71250, 71367, 71650, 71684, 71685, 71880, 71990, 72061, 72320, 72322, 72347, 72356, 72607, 72842, 73014, 73060, 73133, 73699, 74243, 74293, 74315, 74450, 74951, 75356, 75510, 76005);
      script_xref(name:"IAVA", value:"2016-A-0306");
    
      script_name(english:"OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates : please see Oracle VM Security Advisory
    OVMSA-2017-0057 for details."
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2017-April/000675.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bc2355e2"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel-uek / kernel-uek-firmware packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'AF_PACKET chocobo_root Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/04/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/03");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.3" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.3", reference:"kernel-uek-3.8.13-118.17.4.el6uek")) flag++;
    if (rpm_check(release:"OVS3.3", reference:"kernel-uek-firmware-3.8.13-118.17.4.el6uek")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-uek / kernel-uek-firmware");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-130828.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to version 3.0.93 and to fix various bugs and security issues. The following features have been added : - NFS: Now supports a
    last seen2020-06-05
    modified2013-09-21
    plugin id70040
    published2013-09-21
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70040
    titleSuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 8269 / 8270 / 8283)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70040);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-1059", "CVE-2013-1819", "CVE-2013-1929", "CVE-2013-2148", "CVE-2013-2164", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2237", "CVE-2013-2851", "CVE-2013-2852", "CVE-2013-3301", "CVE-2013-4162", "CVE-2013-4163");
    
      script_name(english:"SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 8269 / 8270 / 8283)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to
    version 3.0.93 and to fix various bugs and security issues.
    
    The following features have been added :
    
      - NFS: Now supports a 'nosharetransport' option
        (bnc#807502, bnc#828192, FATE#315593).
    
      - ALSA: virtuoso: Xonar DSX support was added
        (FATE#316016). The following security issues have been
        fixed :
    
      - The fill_event_metadata function in
        fs/notify/fanotify/fanotify_user.c in the Linux kernel
        did not initialize a certain structure member, which
        allowed local users to obtain sensitive information from
        kernel memory via a read operation on the fanotify
        descriptor. (CVE-2013-2148)
    
      - The key_notify_policy_flush function in net/key/af_key.c
        in the Linux kernel did not initialize a certain
        structure member, which allowed local users to obtain
        sensitive information from kernel heap memory by reading
        a broadcast message from the notify_policy interface of
        an IPSec key_socket. (CVE-2013-2237)
    
      - The ip6_sk_dst_check function in net/ipv6/ip6_output.c
        in the Linux kernel allowed local users to cause a
        denial of service (system crash) by using an AF_INET6
        socket for a connection to an IPv4 interface.
        (CVE-2013-2232)
    
      - The (1) key_notify_sa_flush and (2)
        key_notify_policy_flush functions in net/key/af_key.c in
        the Linux kernel did not initialize certain structure
        members, which allowed local users to obtain sensitive
        information from kernel heap memory by reading a
        broadcast message from the notify interface of an IPSec
        key_socket. CVE-2013-4162: The
        udp_v6_push_pending_frames function in net/ipv6/udp.c in
        the IPv6 implementation in the Linux kernel made an
        incorrect function call for pending data, which allowed
        local users to cause a denial of service (BUG and system
        crash) via a crafted application that uses the UDP_CORK
        option in a setsockopt system call. (CVE-2013-2234)
    
      - net/ceph/auth_none.c in the Linux kernel allowed remote
        attackers to cause a denial of service (NULL pointer
        dereference and system crash) or possibly have
        unspecified other impact via an auth_reply message that
        triggers an attempted build_request operation.
        (CVE-2013-1059)
    
      - The mmc_ioctl_cdrom_read_data function in
        drivers/cdrom/cdrom.c in the Linux kernel allowed local
        users to obtain sensitive information from kernel memory
        via a read operation on a malfunctioning CD-ROM drive.
        (CVE-2013-2164)
    
      - Format string vulnerability in the register_disk
        function in block/genhd.c in the Linux kernel allowed
        local users to gain privileges by leveraging root access
        and writing format string specifiers to
        /sys/module/md_mod/parameters/new_array in order to
        create a crafted /dev/md device name. (CVE-2013-2851)
    
      - The ip6_append_data_mtu function in
        net/ipv6/ip6_output.c in the IPv6 implementation in the
        Linux kernel did not properly maintain information about
        whether the IPV6_MTU setsockopt option had been
        specified, which allowed local users to cause a denial
        of service (BUG and system crash) via a crafted
        application that uses the UDP_CORK option in a
        setsockopt system call. (CVE-2013-4163)
    
      - Heap-based buffer overflow in the tg3_read_vpd function
        in drivers/net/ethernet/broadcom/tg3.c in the Linux
        kernel allowed physically proximate attackers to cause a
        denial of service (system crash) or possibly execute
        arbitrary code via crafted firmware that specifies a
        long string in the Vital Product Data (VPD) data
        structure. (CVE-2013-1929)
    
      - The _xfs_buf_find function in fs/xfs/xfs_buf.c in the
        Linux kernel did not validate block numbers, which
        allowed local users to cause a denial of service (NULL
        pointer dereference and system crash) or possibly have
        unspecified other impact by leveraging the ability to
        mount an XFS filesystem containing a metadata inode with
        an invalid extent map. (CVE-2013-1819)
    
    Also the following non-security bugs have been fixed :
    
      - ACPI / APEI: Force fatal AER severity when component has
        been reset. (bnc#828886 / bnc#824568)
    
      - PCI/AER: Move AER severity defines to aer.h. (bnc#828886
        / bnc#824568)
    
      - PCI/AER: Set dev->__aer_firmware_first only for matching
        devices. (bnc#828886 / bnc#824568)
    
      - PCI/AER: Factor out HEST device type matching.
        (bnc#828886 / bnc#824568)
    
      - PCI/AER: Do not parse HEST table for non-PCIe devices.
        (bnc#828886 / bnc#824568)
    
      - PCI/AER: Reset link for devices below Root Port or
        Downstream Port. (bnc#828886 / bnc#824568)
    
      - zfcp: fix lock imbalance by reworking request queue
        locking (bnc#835175, LTC#96825).
    
      - qeth: Fix crash on initial MTU size change (bnc#835175,
        LTC#96809).
    
      - qeth: change default standard blkt settings for OSA
        Express (bnc#835175, LTC#96808).
    
      - x86: Add workaround to NMI iret woes. (bnc#831949)
    
      - x86: Do not schedule while still in NMI context.
        (bnc#831949)
    
      - drm/i915: no longer call drm_helper_resume_force_mode.
        (bnc#831424,bnc#800875)
    
      - bnx2x: protect different statistics flows. (bnc#814336)
    
      - bnx2x: Avoid sending multiple statistics queries.
        (bnc#814336)
    
      - bnx2x: protect different statistics flows. (bnc#814336)
    
      - ALSA: hda - Fix unbalanced runtime pm refount.
        (bnc#834742)
    
      - xhci: directly calling _PS3 on suspend. (bnc#833148)
    
      - futex: Take hugepages into account when generating
        futex_key.
    
      - e1000e: workaround DMA unit hang on I218. (bnc#834647)
    
      - e1000e: unexpected 'Reset adapter' message when cable
        pulled. (bnc#834647)
    
      - e1000e: 82577: workaround for link drop issue.
        (bnc#834647)
    
      - e1000e: helper functions for accessing EMI registers.
        (bnc#834647)
    
      - e1000e: workaround DMA unit hang on I218. (bnc#834647)
    
      - e1000e: unexpected 'Reset adapter' message when cable
        pulled. (bnc#834647)
    
      - e1000e: 82577: workaround for link drop issue.
        (bnc#834647)
    
      - e1000e: helper functions for accessing EMI registers.
        (bnc#834647)
    
      - Drivers: hv: util: Fix a bug in version negotiation code
        for util services. (bnc#828714)
    
      - printk: Add NMI ringbuffer. (bnc#831949)
    
      - printk: extract ringbuffer handling from vprintk.
        (bnc#831949)
    
      - printk: NMI safe printk. (bnc#831949)
    
      - printk: Make NMI ringbuffer size independent on
        log_buf_len. (bnc#831949)
    
      - printk: Do not call console_unlock from nmi context.
        (bnc#831949)
    
      - printk: Do not use printk_cpu from finish_printk.
        (bnc#831949)
    
      - zfcp: fix schedule-inside-lock in scsi_device list loops
        (bnc#833073, LTC#94937).
    
      - uvc: increase number of buffers. (bnc#822164,
        bnc#805804)
    
      - drm/i915: Adding more reserved PCI IDs for Haswell.
        (bnc#834116)
    
      - Refresh patches.xen/xen-netback-generalize. (bnc#827378)
    
      - Update Xen patches to 3.0.87.
    
      - mlx4_en: Adding 40gb speed report for ethtool.
        (bnc#831410)
    
      - drm/i915: Retry DP aux_ch communications with a
        different clock after failure. (bnc#831422)
    
      - drm/i915: split aux_clock_divider logic in a separated
        function for reuse. (bnc#831422)
    
      - drm/i915: dp: increase probe retries. (bnc#831422)
    
      - drm/i915: Only clear write-domains after a successful
        wait-seqno. (bnc#831422)
    
      - drm/i915: Fix write-read race with multiple rings.
        (bnc#831422)
    
      - drm/i915: Retry DP aux_ch communications with a
        different clock after failure. (bnc#831422)
    
      - drm/i915: split aux_clock_divider logic in a separated
        function for reuse. (bnc#831422)
    
      - drm/i915: dp: increase probe retries. (bnc#831422)
    
      - drm/i915: Only clear write-domains after a successful
        wait-seqno. (bnc#831422)
    
      - drm/i915: Fix write-read race with multiple rings.
        (bnc#831422)
    
      - xhci: Add xhci_disable_ports boot option. (bnc#822164)
    
      - xhci: set device to D3Cold on shutdown. (bnc#833097)
    
      - reiserfs: Fixed double unlock in reiserfs_setattr
        failure path.
    
      - reiserfs: locking, release lock around quota operations.
        (bnc#815320)
    
      - reiserfs: locking, push write lock out of xattr code.
        (bnc#815320)
    
      - reiserfs: locking, handle nested locks properly.
        (bnc#815320)
    
      - reiserfs: do not lock journal_init(). (bnc#815320)
    
      - reiserfs: delay reiserfs lock until journal
        initialization. (bnc#815320)
    
      - NFS: support 'nosharetransport' option (bnc#807502,
        bnc#828192, FATE#315593).
    
      - HID: hyperv: convert alloc+memcpy to memdup.
    
      - Drivers: hv: vmbus: Implement multi-channel support
        (fate#316098).
    
      - Drivers: hv: Add the GUID fot synthetic fibre channel
        device (fate#316098).
    
      - tools: hv: Check return value of setsockopt call.
    
      - tools: hv: Check return value of poll call.
    
      - tools: hv: Check return value of strchr call.
    
      - tools: hv: Fix file descriptor leaks.
    
      - tools: hv: Improve error logging in KVP daemon.
    
      - drivers: hv: switch to use mb() instead of smp_mb().
    
      - drivers: hv: check interrupt mask before read_index.
    
      - drivers: hv: allocate synic structures before
        hv_synic_init().
    
      - storvsc: Increase the value of scsi timeout for storvsc
        devices (fate#316098).
    
      - storvsc: Update the storage protocol to win8 level
        (fate#316098).
    
      - storvsc: Implement multi-channel support (fate#316098).
    
      - storvsc: Support FC devices (fate#316098).
    
      - storvsc: Increase the value of STORVSC_MAX_IO_REQUESTS
        (fate#316098).
    
      - hyperv: Fix the NETIF_F_SG flag setting in netvsc.
    
      - Drivers: hv: vmbus: incorrect device name is printed
        when child device is unregistered.
    
      - Tools: hv: KVP: Fix a bug in IPV6 subnet enumeration.
        (bnc#828714)
    
      - ipv6: ip6_append_data_mtu did not care about pmtudisc
        and frag_size. (bnc#831055, CVE-2013-4163)
    
      - ipv6: ip6_append_data_mtu did not care about pmtudisc
        and frag_size. (bnc#831055, CVE-2013-4163)
    
      - dm mpath: add retain_attached_hw_handler feature.
        (bnc#760407)
    
      - scsi_dh: add scsi_dh_attached_handler_name. (bnc#760407)
    
      - af_key: fix info leaks in notify messages. (bnc#827749 /
        CVE-2013-2234)
    
      - af_key: initialize satype in key_notify_policy_flush().
        (bnc#828119 / CVE-2013-2237)
    
      - ipv6: call udp_push_pending_frames when uncorking a
        socket with. (bnc#831058, CVE-2013-4162)
    
      - tg3: fix length overflow in VPD firmware parsing.
        (bnc#813733 / CVE-2013-1929)
    
      - xfs: fix _xfs_buf_find oops on blocks beyond the
        filesystem end. (CVE-2013-1819 / bnc#807471)
    
      - ipv6: ip6_sk_dst_check() must not assume ipv6 dst.
        (bnc#827750, CVE-2013-2232)
    
      - dasd: fix hanging devices after path events (bnc#831623,
        LTC#96336).
    
      - kernel: z90crypt module load crash (bnc#831623,
        LTC#96214).
    
      - ata: Fix DVD not detected at some platform with
        Wellsburg PCH. (bnc#822225)
    
      - drm/i915: edp: add standard modes. (bnc#832318)
    
      - Do not switch camera on yet more HP machines.
        (bnc#822164)
    
      - Do not switch camera on HP EB 820 G1. (bnc#822164)
    
      - xhci: Avoid NULL pointer deref when host dies.
        (bnc#827271)
    
      - bonding: disallow change of MAC if fail_over_mac
        enabled. (bnc#827376)
    
      - bonding: propagate unicast lists down to slaves.
        (bnc#773255 / bnc#827372)
    
      - net/bonding: emit address change event also in
        bond_release. (bnc#773255 / bnc#827372)
    
      - bonding: emit event when bonding changes MAC.
        (bnc#773255 / bnc#827372)
    
      - usb: host: xhci: Enable XHCI_SPURIOUS_SUCCESS for all
        controllers with xhci 1.0. (bnc#797909)
    
      - xhci: fix NULL pointer dereference on
        ring_doorbell_for_active_rings. (bnc#827271)
    
      - updated reference for security issue fixed inside.
        (CVE-2013-3301 / bnc#815256)
    
      - qla2xxx: Clear the MBX_INTR_WAIT flag when the mailbox
        time-out happens. (bnc#830478)
    
      - drm/i915: initialize gt_lock early with other spin
        locks. (bnc#801341)
    
      - drm/i915: fix up gt init sequence fallout. (bnc#801341)
    
      - drm/i915: initialize gt_lock early with other spin
        locks. (bnc#801341)
    
      - drm/i915: fix up gt init sequence fallout. (bnc#801341)
    
      - timer_list: Correct the iterator for timer_list.
        (bnc#818047)
    
      - firmware: do not spew errors in normal boot (bnc#831438,
        fate#314574).
    
      - ALSA: virtuoso: Xonar DSX support (FATE#316016).
    
      - SUNRPC: Ensure we release the socket write lock if the
        rpc_task exits early. (bnc#830901)
    
      - ext4: Re-add config option Building ext4 as the
        ext4-writeable KMP uses CONFIG_EXT4_FS_RW=y to denote
        that read-write module should be enabled. This update
        just defaults allow_rw to true if it is set.
    
      - e1000: fix vlan processing regression. (bnc#830766)
    
      - ext4: force read-only unless rw=1 module option is used
        (fate#314864).
    
      - dm mpath: fix ioctl deadlock when no paths. (bnc#808940)
    
      - HID: fix unused rsize usage. (bnc#783475)
    
      - add reference for b43 format string flaw. (bnc#822579 /
        CVE-2013-2852)
    
      - HID: fix data access in implement(). (bnc#783475)
    
      - xfs: fix deadlock in xfs_rtfree_extent with kernel v3.x.
        (bnc#829622)
    
      - kernel: sclp console hangs (bnc#830346, LTC#95711).
    
      - Refresh
        patches.fixes/rtc-add-an-alarm-disable-quirk.patch.
    
      - Delete
        patches.drm/1209-nvc0-fb-shut-up-pmfb-interrupt-after-th
        e-first-occurrence. It was removed from series.conf in
        063ed686e5a3cda01a7ddbc49db1499da917fef5 but the file
        was not deleted.
    
      - Drivers: hv: balloon: Do not post pressure status if
        interrupted. (bnc#829539)
    
      - Drivers: hv: balloon: Fix a bug in the hot-add code.
        (bnc#829539)
    
      - drm/i915: Fix incoherence with fence updates on
        Sandybridge+. (bnc#809463)
    
      - drm/i915: merge {i965, sandybridge}_write_fence_reg().
        (bnc#809463)
    
      - drm/i915: Fix incoherence with fence updates on
        Sandybridge+. (bnc#809463)
    
      - drm/i915: merge {i965, sandybridge}_write_fence_reg().
        (bnc#809463)
    
      - Refresh
        patches.fixes/rtc-add-an-alarm-disable-quirk.patch.
    
      - r8169: allow multicast packets on sub-8168f chipset.
        (bnc#805371)
    
      - r8169: support new chips of RTL8111F. (bnc#805371)
    
      - r8169: define the early size for 8111evl. (bnc#805371)
    
      - r8169: fix the reset setting for 8111evl. (bnc#805371)
    
      - r8169: add MODULE_FIRMWARE for the firmware of 8111evl.
        (bnc#805371)
    
      - r8169: fix sticky accepts packet bits in RxConfig.
        (bnc#805371)
    
      - r8169: adjust the RxConfig settings. (bnc#805371)
    
      - r8169: support RTL8111E-VL. (bnc#805371)
    
      - r8169: add ERI functions. (bnc#805371)
    
      - r8169: modify the flow of the hw reset. (bnc#805371)
    
      - r8169: adjust some registers. (bnc#805371)
    
      - r8169: check firmware content sooner. (bnc#805371)
    
      - r8169: support new firmware format. (bnc#805371)
    
      - r8169: explicit firmware format check. (bnc#805371)
    
      - r8169: move the firmware down into the device private
        data. (bnc#805371)
    
      - r8169: allow multicast packets on sub-8168f chipset.
        (bnc#805371)
    
      - r8169: support new chips of RTL8111F. (bnc#805371)
    
      - r8169: define the early size for 8111evl. (bnc#805371)
    
      - r8169: fix the reset setting for 8111evl. (bnc#805371)
    
      - r8169: add MODULE_FIRMWARE for the firmware of 8111evl.
        (bnc#805371)
    
      - r8169: fix sticky accepts packet bits in RxConfig.
        (bnc#805371)
    
      - r8169: adjust the RxConfig settings. (bnc#805371)
    
      - r8169: support RTL8111E-VL. (bnc#805371)
    
      - r8169: add ERI functions. (bnc#805371)
    
      - r8169: modify the flow of the hw reset. (bnc#805371)
    
      - r8169: adjust some registers. (bnc#805371)
    
      - r8169: check firmware content sooner. (bnc#805371)
    
      - r8169: support new firmware format. (bnc#805371)
    
      - r8169: explicit firmware format check. (bnc#805371)
    
      - r8169: move the firmware down into the device private
        data. (bnc#805371)
    
      -
        patches.fixes/mm-link_mem_sections-touch-nmi-watchdog.pa
        tch: mm: link_mem_sections make sure nmi watchdog does
        not trigger while linking memory sections. (bnc#820434)
    
      - drm/i915: fix long-standing SNB regression in power
        consumption after resume v2. (bnc#801341)
    
      - RTC: Add an alarm disable quirk. (bnc#805740)
    
      - drm/i915: Fix bogus hotplug warnings at resume.
        (bnc#828087)
    
      - drm/i915: Serialize all register access.
        (bnc#809463,bnc#812274,bnc#822878,bnc#828914)
    
      - drm/i915: Resurrect ring kicking for semaphores,
        selectively. (bnc#828087)
    
      - drm/i915: Fix bogus hotplug warnings at resume.
        (bnc#828087)
    
      - drm/i915: Serialize all register access.
        (bnc#809463,bnc#812274,bnc#822878,bnc#828914)
    
      - drm/i915: Resurrect ring kicking for semaphores,
        selectively. (bnc#828087)
    
      - drm/i915: use lower aux clock divider on non-ULT HSW.
        (bnc#800875)
    
      - drm/i915: preserve the PBC bits of TRANS_CHICKEN2.
        (bnc#828087)
    
      - drm/i915: set CPT FDI RX polarity bits based on VBT.
        (bnc#828087)
    
      - drm/i915: hsw: fix link training for eDP on port-A.
        (bnc#800875)
    
      - drm/i915: use lower aux clock divider on non-ULT HSW.
        (bnc#800875)
    
      - drm/i915: preserve the PBC bits of TRANS_CHICKEN2.
        (bnc#828087)
    
      - drm/i915: set CPT FDI RX polarity bits based on VBT.
        (bnc#828087)
    
      - drm/i915: hsw: fix link training for eDP on port-A.
        (bnc#800875)
    
      - patches.arch/s390-66-02-smp-ipi.patch: kernel: lost IPIs
        on CPU hotplug (bnc#825048, LTC#94784).
    
      -
        patches.fixes/iwlwifi-use-correct-supported-firmware-for
        -6035-and-.patch: iwlwifi: use correct supported
        firmware for 6035 and 6000g2. (bnc#825887)
    
      -
        patches.fixes/watchdog-update-watchdog_thresh-atomically
        .patch: watchdog: Update watchdog_thresh atomically.
        (bnc#829357)
    
      -
        patches.fixes/watchdog-update-watchdog_tresh-properly.pa
        tch: watchdog: update watchdog_tresh properly.
        (bnc#829357)
    
      -
        patches.fixes/watchdog-make-disable-enable-hotplug-and-p
        reempt-save.patch:
        watchdog-make-disable-enable-hotplug-and-preempt-save.pa
        tch. (bnc#829357)
    
      - kabi/severities: Ignore changes in drivers/hv
    
      -
        patches.drivers/lpfc-return-correct-error-code-on-bsg_ti
        meout.patch: lpfc: Return correct error code on
        bsg_timeout. (bnc#816043)
    
      -
        patches.fixes/dm-drop-table-reference-on-ioctl-retry.pat
        ch: dm-multipath: Drop table when retrying ioctl.
        (bnc#808940)
    
      - scsi: Do not retry invalid function error. (bnc#809122)
    
      -
        patches.suse/scsi-do-not-retry-invalid-function-error.pa
        tch: scsi: Do not retry invalid function error.
        (bnc#809122)
    
      - scsi: Always retry internal target error. (bnc#745640,
        bnc#825227)
    
      -
        patches.suse/scsi-always-retry-internal-target-error.pat
        ch: scsi: Always retry internal target error.
        (bnc#745640, bnc#825227)
    
      -
        patches.drivers/drm-edid-Don-t-print-messages-regarding-
        stereo-or-csync-by-default.patch: Refresh: add upstream
        commit ID.
    
      - patches.suse/acpiphp-match-to-Bochs-dmi-data.patch:
        Refresh. . (bnc#824915)
    
      - Refresh
        patches.suse/acpiphp-match-to-Bochs-dmi-data.patch.
        (bnc#824915)
    
      - Update kabi files.
    
      - ACPI:remove panic in case hardware has changed after S4.
        (bnc#829001)
    
      - ibmvfc: Driver version 1.0.1. (bnc#825142)
    
      - ibmvfc: Fix for offlining devices during error recovery.
        (bnc#825142)
    
      - ibmvfc: Properly set cancel flags when cancelling abort.
        (bnc#825142)
    
      - ibmvfc: Send cancel when link is down. (bnc#825142)
    
      - ibmvfc: Support FAST_IO_FAIL in EH handlers.
        (bnc#825142)
    
      - ibmvfc: Suppress ABTS if target gone. (bnc#825142)
    
      - fs/dcache.c: add cond_resched() to
        shrink_dcache_parent(). (bnc#829082)
    
      - drivers/cdrom/cdrom.c: use kzalloc() for failing
        hardware. (bnc#824295, CVE-2013-2164)
    
      - kmsg_dump: do not run on non-error paths by default.
        (bnc#820172)
    
      - supported.conf: mark tcm_qla2xxx as supported
    
      - mm: honor min_free_kbytes set by user. (bnc#826960)
    
      - Drivers: hv: util: Fix a bug in version negotiation code
        for util services. (bnc#828714)
    
      - hyperv: Fix a kernel warning from
        netvsc_linkstatus_callback(). (bnc#828574)
    
      - RT: Fix up hardening patch to not gripe when avg >
        available, which lockless access makes possible and
        happens in -rt kernels running a cpubound ltp realtime
        testcase. Just keep the output sane in that case.
    
      - kabi/severities: Add exception for aer_recover_queue()
        There should not be any user besides ghes.ko.
    
      - Fix rpm changelog
    
      - PCI / PM: restore the original behavior of
        pci_set_power_state(). (bnc#827930)
    
      - fanotify: info leak in copy_event_to_user().
        (CVE-2013-2148 / bnc#823517)
    
      - usb: xhci: check usb2 port capabilities before adding hw
        link PM support. (bnc#828265)
    
      - aerdrv: Move cper_print_aer() call out of interrupt
        context. (bnc#822052, bnc#824568)
    
      - PCI/AER: pci_get_domain_bus_and_slot() call missing
        required pci_dev_put(). (bnc#822052, bnc#824568)
    
      -
        patches.fixes/block-do-not-pass-disk-names-as-format-str
        ings.patch: block: do not pass disk names as format
        strings. (bnc#822575 / CVE-2013-2851)
    
      - powerpc: POWER8 cputable entries. (bnc#824256)
    
      - libceph: Fix NULL pointer dereference in auth client
        code. (CVE-2013-1059, bnc#826350)
    
      - md/raid10: Fix two bug affecting RAID10 reshape.
    
      - Allow NFSv4 to run execute-only files. (bnc#765523)
    
      - fs/ocfs2/namei.c: remove unnecessary ERROR when removing
        non-empty directory. (bnc#819363)
    
      - block: Reserve only one queue tag for sync IO if only 3
        tags are available. (bnc#806396)
    
      - btrfs: merge contiguous regions when loading free space
        cache
    
      - btrfs: fix how we deal with the orphan block rsv.
    
      - btrfs: fix wrong check during log recovery.
    
      - btrfs: change how we indicate we are adding csums."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=745640"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=760407"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=765523"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=773006"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=773255"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=783475"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=789010"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=797909"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=800875"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=801341"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=805371"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=805740"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=805804"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=806396"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=807471"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=807502"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=808940"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=809122"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=809463"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=812274"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=813733"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=814336"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=815256"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=815320"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=816043"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=818047"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=819363"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=820172"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=820434"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=822052"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=822164"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=822225"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=822575"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=822579"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=822878"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=823517"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=824256"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=824295"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=824568"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=824915"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=825048"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=825142"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=825227"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=825887"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=826350"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=826960"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=827271"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=827372"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=827376"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=827378"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=827749"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=827750"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=827930"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=828087"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=828119"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=828192"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=828265"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=828574"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=828714"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=828886"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=828914"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=829001"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=829082"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=829357"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=829539"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=829622"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=830346"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=830478"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=830766"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=830822"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=830901"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=831055"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=831058"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=831410"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=831422"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=831424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=831438"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=831623"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=831949"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=832318"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=833073"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=833097"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=833148"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=834116"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=834647"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=834742"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=835175"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1059.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1819.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1929.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2148.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2164.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2232.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2234.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2237.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2851.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2852.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-3301.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4162.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4163.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Apply SAT patch number 8269 / 8270 / 8283 as appropriate."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-base-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-devel-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-default-extra-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-base-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-devel-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-pae-extra-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-source-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-syms-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-trace-devel-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-base-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-devel-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"kernel-xen-extra-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-kmp-default-4.2.2_06_3.0.93_0.8-0.7.17")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"xen-kmp-pae-4.2.2_06_3.0.93_0.8-0.7.17")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-default-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-default-base-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-default-devel-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-default-extra-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-source-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-syms-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-trace-devel-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-xen-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-xen-base-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-xen-devel-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-xen-extra-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"xen-kmp-default-4.2.2_06_3.0.93_0.8-0.7.17")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"kernel-default-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"kernel-default-base-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"kernel-default-devel-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"kernel-source-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"kernel-syms-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"kernel-trace-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"kernel-trace-base-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, reference:"kernel-trace-devel-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-base-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-ec2-devel-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-base-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-pae-devel-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-base-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"kernel-xen-devel-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-kmp-default-4.2.2_06_3.0.93_0.8-0.7.17")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"i586", reference:"xen-kmp-pae-4.2.2_06_3.0.93_0.8-0.7.17")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"s390x", reference:"kernel-default-man-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-ec2-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-ec2-base-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-ec2-devel-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-xen-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-xen-base-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-xen-devel-3.0.93-0.8.2")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"xen-kmp-default-4.2.2_06_3.0.93_0.8-0.7.17")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1932-1.NASL
    descriptionChanam Park reported a NULL pointer flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id69417
    published2013-08-21
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69417
    titleUbuntu 12.10 : linux vulnerabilities (USN-1932-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1932-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69417);
      script_version("1.7");
      script_cvs_date("Date: 2019/09/19 12:54:29");
    
      script_cve_id("CVE-2013-1059", "CVE-2013-2148", "CVE-2013-2164", "CVE-2013-2851");
      script_xref(name:"USN", value:"1932-1");
    
      script_name(english:"Ubuntu 12.10 : linux vulnerabilities (USN-1932-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Chanam Park reported a NULL pointer flaw in the Linux kernel's Ceph
    client. A remote attacker could exploit this flaw to cause a denial of
    service (system crash). (CVE-2013-1059)
    
    An information leak was discovered in the Linux kernel's fanotify
    interface. A local user could exploit this flaw to obtain sensitive
    information from kernel memory. (CVE-2013-2148)
    
    Jonathan Salwan discovered an information leak in the Linux kernel's
    cdrom driver. A local user can exploit this leak to obtain sensitive
    information from kernel memory if the CD-ROM drive is malfunctioning.
    (CVE-2013-2164)
    
    Kees Cook discovered a format string vulnerability in the Linux
    kernel's disk block layer. A local user with administrator privileges
    could exploit this flaw to gain kernel privileges. (CVE-2013-2851).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1932-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected linux-image-3.5-generic and / or
    linux-image-3.5-highbank packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-highbank");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-1059", "CVE-2013-2148", "CVE-2013-2164", "CVE-2013-2851");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-1932-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.10", pkgname:"linux-image-3.5.0-39-generic", pkgver:"3.5.0-39.60")) flag++;
    if (ubuntu_check(osver:"12.10", pkgname:"linux-image-3.5.0-39-highbank", pkgver:"3.5.0-39.60")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.5-generic / linux-image-3.5-highbank");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-130827.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 2 kernel has been updated to version 3.0.93 and includes various bug and security fixes. The following security bugs have been fixed : - The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor. (CVE-2013-2148) - The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. (CVE-2013-2237) - The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel allowed local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. (CVE-2013-2232) - The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel did not initialize certain structure members, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. (CVE-2013-2234) - The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel made an incorrect function call for pending data, which allowed local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. (CVE-2013-4162) - net/ceph/auth_none.c in the Linux kernel allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation. (CVE-2013-1059) - The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. (CVE-2013-2164) - Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. (CVE-2013-2851) - The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel did not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allowed local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. (CVE-2013-4163) - Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure. (CVE-2013-1929) - The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel did not validate block numbers, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map. (CVE-2013-1819) - The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. (CVE-2013-1774) Also the following bugs have been fixed : BTRFS : - btrfs: merge contiguous regions when loading free space cache - btrfs: fix how we deal with the orphan block rsv - btrfs: fix wrong check during log recovery - btrfs: change how we indicate we are adding csums - btrfs: flush delayed inodes if we are short on space. (bnc#801427) - btrfs: rework shrink_delalloc. (bnc#801427) - btrfs: fix our overcommit math. (bnc#801427) - btrfs: delay block group item insertion. (bnc#801427) - btrfs: remove bytes argument from do_chunk_alloc. (bnc#801427) - btrfs: run delayed refs first when out of space. (bnc#801427) - btrfs: do not commit instead of overcommitting. (bnc#801427) - btrfs: do not take inode delalloc mutex if we are a free space inode. (bnc#801427) - btrfs: fix chunk allocation error handling. (bnc#801427) - btrfs: remove extent mapping if we fail to add chunk. (bnc#801427) - btrfs: do not overcommit if we do not have enough space for global rsv. (bnc#801427) - btrfs: rework the overcommit logic to be based on the total size. (bnc#801427) - btrfs: steal from global reserve if we are cleaning up orphans. (bnc#801427) - btrfs: clear chunk_alloc flag on retryable failure. (bnc#801427) - btrfs: use reserved space for creating a snapshot. (bnc#801427) - btrfs: cleanup to make the function btrfs_delalloc_reserve_metadata more logic. (bnc#801427) - btrfs: fix space leak when we fail to reserve metadata space. (bnc#801427) - btrfs: fix space accounting for unlink and rename. (bnc#801427) - btrfs: allocate new chunks if the space is not enough for global rsv. (bnc#801427) - btrfs: various abort cleanups. (bnc#812526 / bnc#801427) - btrfs: simplify unlink reservations (bnc#801427). OTHER : - x86: Add workaround to NMI iret woes. (bnc#831949) - x86: Do not schedule while still in NMI context. (bnc#831949) - bnx2x: Avoid sending multiple statistics queries. (bnc#814336) - bnx2x: protect different statistics flows. (bnc#814336) - futex: Take hugepages into account when generating futex_key. - drivers/hv: util: Fix a bug in version negotiation code for util services. (bnc#828714) - printk: Add NMI ringbuffer. (bnc#831949) - printk: extract ringbuffer handling from vprintk. (bnc#831949) - printk: NMI safe printk. (bnc#831949) - printk: Make NMI ringbuffer size independent on log_buf_len. (bnc#831949) - printk: Do not call console_unlock from nmi context. (bnc#831949) - printk: Do not use printk_cpu from finish_printk. (bnc#831949) - mlx4_en: Adding 40gb speed report for ethtool. (bnc#831410) - reiserfs: Fixed double unlock in reiserfs_setattr failure path. - reiserfs: delay reiserfs lock until journal initialization. (bnc#815320) - reiserfs: do not lock journal_init(). (bnc#815320) - reiserfs: locking, handle nested locks properly. (bnc#815320) - reiserfs: locking, push write lock out of xattr code. (bnc#815320) - reiserfs: locking, release lock around quota operations. (bnc#815320) - NFS: support
    last seen2020-06-05
    modified2013-09-21
    plugin id70039
    published2013-09-21
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/70039
    titleSuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 8263 / 8265 / 8273)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70039);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-1059", "CVE-2013-1774", "CVE-2013-1819", "CVE-2013-1929", "CVE-2013-2148", "CVE-2013-2164", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2237", "CVE-2013-2851", "CVE-2013-4162", "CVE-2013-4163");
    
      script_name(english:"SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 8263 / 8265 / 8273)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 11 Service Pack 2 kernel has been updated to
    version 3.0.93 and includes various bug and security fixes.
    
    The following security bugs have been fixed :
    
      - The fill_event_metadata function in
        fs/notify/fanotify/fanotify_user.c in the Linux kernel
        did not initialize a certain structure member, which
        allowed local users to obtain sensitive information from
        kernel memory via a read operation on the fanotify
        descriptor. (CVE-2013-2148)
    
      - The key_notify_policy_flush function in net/key/af_key.c
        in the Linux kernel did not initialize a certain
        structure member, which allowed local users to obtain
        sensitive information from kernel heap memory by reading
        a broadcast message from the notify_policy interface of
        an IPSec key_socket. (CVE-2013-2237)
    
      - The ip6_sk_dst_check function in net/ipv6/ip6_output.c
        in the Linux kernel allowed local users to cause a
        denial of service (system crash) by using an AF_INET6
        socket for a connection to an IPv4 interface.
        (CVE-2013-2232)
    
      - The (1) key_notify_sa_flush and (2)
        key_notify_policy_flush functions in net/key/af_key.c in
        the Linux kernel did not initialize certain structure
        members, which allowed local users to obtain sensitive
        information from kernel heap memory by reading a
        broadcast message from the notify interface of an IPSec
        key_socket. (CVE-2013-2234)
    
      - The udp_v6_push_pending_frames function in
        net/ipv6/udp.c in the IPv6 implementation in the Linux
        kernel made an incorrect function call for pending data,
        which allowed local users to cause a denial of service
        (BUG and system crash) via a crafted application that
        uses the UDP_CORK option in a setsockopt system call.
        (CVE-2013-4162)
    
      - net/ceph/auth_none.c in the Linux kernel allowed remote
        attackers to cause a denial of service (NULL pointer
        dereference and system crash) or possibly have
        unspecified other impact via an auth_reply message that
        triggers an attempted build_request operation.
        (CVE-2013-1059)
    
      - The mmc_ioctl_cdrom_read_data function in
        drivers/cdrom/cdrom.c in the Linux kernel allowed local
        users to obtain sensitive information from kernel memory
        via a read operation on a malfunctioning CD-ROM drive.
        (CVE-2013-2164)
    
      - Format string vulnerability in the register_disk
        function in block/genhd.c in the Linux kernel allowed
        local users to gain privileges by leveraging root access
        and writing format string specifiers to
        /sys/module/md_mod/parameters/new_array in order to
        create a crafted /dev/md device name. (CVE-2013-2851)
    
      - The ip6_append_data_mtu function in
        net/ipv6/ip6_output.c in the IPv6 implementation in the
        Linux kernel did not properly maintain information about
        whether the IPV6_MTU setsockopt option had been
        specified, which allowed local users to cause a denial
        of service (BUG and system crash) via a crafted
        application that uses the UDP_CORK option in a
        setsockopt system call. (CVE-2013-4163)
    
      - Heap-based buffer overflow in the tg3_read_vpd function
        in drivers/net/ethernet/broadcom/tg3.c in the Linux
        kernel allowed physically proximate attackers to cause a
        denial of service (system crash) or possibly execute
        arbitrary code via crafted firmware that specifies a
        long string in the Vital Product Data (VPD) data
        structure. (CVE-2013-1929)
    
      - The _xfs_buf_find function in fs/xfs/xfs_buf.c in the
        Linux kernel did not validate block numbers, which
        allowed local users to cause a denial of service (NULL
        pointer dereference and system crash) or possibly have
        unspecified other impact by leveraging the ability to
        mount an XFS filesystem containing a metadata inode with
        an invalid extent map. (CVE-2013-1819)
    
      - The chase_port function in drivers/usb/serial/io_ti.c in
        the Linux kernel allowed local users to cause a denial
        of service (NULL pointer dereference and system crash)
        via an attempted /dev/ttyUSB read or write operation on
        a disconnected Edgeport USB serial converter.
        (CVE-2013-1774)
    
    Also the following bugs have been fixed :
    
    BTRFS :
    
      - btrfs: merge contiguous regions when loading free space
        cache
    
      - btrfs: fix how we deal with the orphan block rsv
    
      - btrfs: fix wrong check during log recovery
    
      - btrfs: change how we indicate we are adding csums
    
      - btrfs: flush delayed inodes if we are short on space.
        (bnc#801427)
    
      - btrfs: rework shrink_delalloc. (bnc#801427)
    
      - btrfs: fix our overcommit math. (bnc#801427)
    
      - btrfs: delay block group item insertion. (bnc#801427)
    
      - btrfs: remove bytes argument from do_chunk_alloc.
        (bnc#801427)
    
      - btrfs: run delayed refs first when out of space.
        (bnc#801427)
    
      - btrfs: do not commit instead of overcommitting.
        (bnc#801427)
    
      - btrfs: do not take inode delalloc mutex if we are a free
        space inode. (bnc#801427)
    
      - btrfs: fix chunk allocation error handling. (bnc#801427)
    
      - btrfs: remove extent mapping if we fail to add chunk.
        (bnc#801427)
    
      - btrfs: do not overcommit if we do not have enough space
        for global rsv. (bnc#801427)
    
      - btrfs: rework the overcommit logic to be based on the
        total size. (bnc#801427)
    
      - btrfs: steal from global reserve if we are cleaning up
        orphans. (bnc#801427)
    
      - btrfs: clear chunk_alloc flag on retryable failure.
        (bnc#801427)
    
      - btrfs: use reserved space for creating a snapshot.
        (bnc#801427)
    
      - btrfs: cleanup to make the function
        btrfs_delalloc_reserve_metadata more logic. (bnc#801427)
    
      - btrfs: fix space leak when we fail to reserve metadata
        space. (bnc#801427)
    
      - btrfs: fix space accounting for unlink and rename.
        (bnc#801427)
    
      - btrfs: allocate new chunks if the space is not enough
        for global rsv. (bnc#801427)
    
      - btrfs: various abort cleanups. (bnc#812526 / bnc#801427)
    
      - btrfs: simplify unlink reservations (bnc#801427). 
    OTHER :
    
      - x86: Add workaround to NMI iret woes. (bnc#831949)
    
      - x86: Do not schedule while still in NMI context.
        (bnc#831949)
    
      - bnx2x: Avoid sending multiple statistics queries.
        (bnc#814336)
    
      - bnx2x: protect different statistics flows. (bnc#814336)
    
      - futex: Take hugepages into account when generating
        futex_key.
    
      - drivers/hv: util: Fix a bug in version negotiation code
        for util services. (bnc#828714)
    
      - printk: Add NMI ringbuffer. (bnc#831949)
    
      - printk: extract ringbuffer handling from vprintk.
        (bnc#831949)
    
      - printk: NMI safe printk. (bnc#831949)
    
      - printk: Make NMI ringbuffer size independent on
        log_buf_len. (bnc#831949)
    
      - printk: Do not call console_unlock from nmi context.
        (bnc#831949)
    
      - printk: Do not use printk_cpu from finish_printk.
        (bnc#831949)
    
      - mlx4_en: Adding 40gb speed report for ethtool.
        (bnc#831410)
    
      - reiserfs: Fixed double unlock in reiserfs_setattr
        failure path.
    
      - reiserfs: delay reiserfs lock until journal
        initialization. (bnc#815320)
    
      - reiserfs: do not lock journal_init(). (bnc#815320)
    
      - reiserfs: locking, handle nested locks properly.
        (bnc#815320)
    
      - reiserfs: locking, push write lock out of xattr code.
        (bnc#815320)
    
      - reiserfs: locking, release lock around quota operations.
        (bnc#815320)
    
      - NFS: support 'nosharetransport' option (bnc#807502,
        bnc#828192, FATE#315593).
    
      - dm mpath: add retain_attached_hw_handler feature.
        (bnc#760407)
    
      - scsi_dh: add scsi_dh_attached_handler_name. (bnc#760407)
    
      - bonding: disallow change of MAC if fail_over_mac
        enabled. (bnc#827376)
    
      - bonding: propagate unicast lists down to slaves.
        (bnc#773255 / bnc#827372)
    
      - bonding: emit address change event also in bond_release.
        (bnc#773255 / bnc#827372)
    
      - bonding: emit event when bonding changes MAC.
        (bnc#773255 / bnc#827372)
    
      - SUNRPC: Ensure we release the socket write lock if the
        rpc_task exits early. (bnc#830901)
    
      - ext4: force read-only unless rw=1 module option is used
        (fate#314864).
    
      - HID: fix unused rsize usage. (bnc#783475)
    
      - HID: fix data access in implement(). (bnc#783475)
    
      - xfs: fix deadlock in xfs_rtfree_extent with kernel v3.x.
        (bnc#829622)
    
      - r8169: allow multicast packets on sub-8168f chipset.
        (bnc#805371)
    
      - r8169: support new chips of RTL8111F. (bnc#805371)
    
      - r8169: define the early size for 8111evl. (bnc#805371)
    
      - r8169: fix the reset setting for 8111evl. (bnc#805371)
    
      - r8169: add MODULE_FIRMWARE for the firmware of 8111evl.
        (bnc#805371)
    
      - r8169: fix sticky accepts packet bits in RxConfig.
        (bnc#805371)
    
      - r8169: adjust the RxConfig settings. (bnc#805371)
    
      - r8169: support RTL8111E-VL. (bnc#805371)
    
      - r8169: add ERI functions. (bnc#805371)
    
      - r8169: modify the flow of the hw reset. (bnc#805371)
    
      - r8169: adjust some registers. (bnc#805371)
    
      - r8169: check firmware content sooner. (bnc#805371)
    
      - r8169: support new firmware format. (bnc#805371)
    
      - r8169: explicit firmware format check. (bnc#805371)
    
      - r8169: move the firmware down into the device private
        data. (bnc#805371)
    
      - mm: link_mem_sections make sure nmi watchdog does not
        trigger while linking memory sections. (bnc#820434)
    
      - kernel: lost IPIs on CPU hotplug (bnc#825048,
        LTC#94784).
    
      - iwlwifi: use correct supported firmware for 6035 and
        6000g2. (bnc#825887)
    
      - watchdog: Update watchdog_thresh atomically.
        (bnc#829357)
    
      - watchdog: update watchdog_tresh properly. (bnc#829357)
    
      - watchdog:
        watchdog-make-disable-enable-hotplug-and-preempt-save.pa
        tch. (bnc#829357)
    
      - include/1/smp.h: define __smp_call_function_single for
        !CONFIG_SMP. (bnc#829357)
    
      - lpfc: Return correct error code on bsg_timeout.
        (bnc#816043)
    
      - dm-multipath: Drop table when retrying ioctl.
        (bnc#808940)
    
      - scsi: Do not retry invalid function error. (bnc#809122)
    
      - scsi: Always retry internal target error. (bnc#745640,
        bnc#825227)
    
      - ibmvfc: Driver version 1.0.1. (bnc#825142)
    
      - ibmvfc: Fix for offlining devices during error recovery.
        (bnc#825142)
    
      - ibmvfc: Properly set cancel flags when cancelling abort.
        (bnc#825142)
    
      - ibmvfc: Send cancel when link is down. (bnc#825142)
    
      - ibmvfc: Support FAST_IO_FAIL in EH handlers.
        (bnc#825142)
    
      - ibmvfc: Suppress ABTS if target gone. (bnc#825142)
    
      - fs/dcache.c: add cond_resched() to
        shrink_dcache_parent(). (bnc#829082)
    
      - kmsg_dump: do not run on non-error paths by default.
        (bnc#820172)
    
      - mm: honor min_free_kbytes set by user. (bnc#826960)
    
      - hyperv: Fix a kernel warning from
        netvsc_linkstatus_callback(). (bnc#828574)
    
      - RT: Fix up hardening patch to not gripe when avg >
        available, which lockless access makes possible and
        happens in -rt kernels running a cpubound ltp realtime
        testcase. Just keep the output sane in that case.
    
      - md/raid10: Fix two bug affecting RAID10 reshape (-).
    
      - Allow NFSv4 to run execute-only files. (bnc#765523)
    
      - fs/ocfs2/namei.c: remove unnecessary ERROR when removing
        non-empty directory. (bnc#819363)
    
      - block: Reserve only one queue tag for sync IO if only 3
        tags are available. (bnc#806396)
    
      - drm/i915: Add wait_for in init_ring_common. (bnc#813604)
    
      - drm/i915: Mark the ringbuffers as being in the GTT
        domain. (bnc#813604)
    
      - ext4: avoid hang when mounting non-journal filesystems
        with orphan list. (bnc#817377)
    
      - autofs4 - fix get_next_positive_subdir(). (bnc#819523)
    
      - ocfs2: Add bits_wanted while calculating credits in
        ocfs2_calc_extend_credits. (bnc#822077)
    
      - re-enable io tracing. (bnc#785901)
    
      - SUNRPC: Prevent an rpc_task wakeup race. (bnc#825591)
    
      - tg3: Prevent system hang during repeated EEH errors.
        (bnc#822066)
    
      - backends: Check for insane amounts of requests on the
        ring.
    
      - Update Xen patches to 3.0.82.
    
      - netiucv: Hold rtnl between name allocation and device
        registration. (bnc#824159)
    
      - drm/edid: Do not print messages regarding stereo or
        csync by default. (bnc#821235)
    
      - net/sunrpc: xpt_auth_cache should be ignored when
        expired. (bnc#803320)
    
      - sunrpc/cache: ensure items removed from cache do not
        have pending upcalls. (bnc#803320)
    
      - sunrpc/cache: remove races with queuing an upcall.
        (bnc#803320)
    
      - sunrpc/cache: use cache_fresh_unlocked consistently and
        correctly. (bnc#803320)
    
      - md/raid10 'enough' fixes. (bnc#773837)
    
      - Update config files: disable IP_PNP. (bnc#822825)
    
      - Disable efi pstore by default. (bnc#804482 / bnc#820172)
    
      - md: Fix problem with GET_BITMAP_FILE returning wrong
        status. (bnc#812974 / bnc#823497)
    
      - USB: xHCI: override bogus bulk wMaxPacketSize values.
        (bnc#823082)
    
      - ALSA: hda - Fix system panic when DMA > 40 bits for
        Nvidia audio controllers. (bnc#818465)
    
      - USB: UHCI: fix for suspend of virtual HP controller.
        (bnc#817035)
    
      - mm: mmu_notifier: re-fix freed page still mapped in
        secondary MMU. (bnc#821052)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=745640"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=760407"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=765523"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=773006"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=773255"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=773837"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=783475"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=785901"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=789010"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=801427"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=803320"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=804482"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=805371"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=806396"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=806976"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=807471"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=807502"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=808940"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=809122"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=812526"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=812974"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=813604"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=813733"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=814336"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=815320"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=816043"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=817035"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=817377"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=818465"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=819363"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=819523"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=820172"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=820434"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=821052"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=821235"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=822066"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=822077"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=822575"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=822825"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=823082"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=823342"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=823497"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=823517"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=824159"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=824295"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=824915"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=825048"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=825142"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=825227"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=825591"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=825657"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=825887"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=826350"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=826960"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=827372"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=827376"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=827378"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=827749"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=827750"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=828119"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=828192"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=828574"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=828714"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=829082"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=829357"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=829622"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=830901"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=831055"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=831058"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=831410"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=831949"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1059.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1774.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1819.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1929.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2148.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2164.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2232.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2234.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2237.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2851.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4162.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4163.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Apply SAT patch number 8263 / 8265 / 8273 as appropriate."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-trace");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-base-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-devel-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-extra-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-base-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-devel-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-extra-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-source-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-syms-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-base-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-devel-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-extra-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-base-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-devel-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-extra-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-default-4.1.5_02_3.0.93_0.5-0.5.39")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-pae-4.1.5_02_3.0.93_0.5-0.5.39")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-trace-4.1.5_02_3.0.93_0.5-0.5.39")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-base-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-devel-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-extra-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-source-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-syms-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-base-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-devel-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-extra-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-base-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-devel-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-extra-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-kmp-default-4.1.5_02_3.0.93_0.5-0.5.39")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-kmp-trace-4.1.5_02_3.0.93_0.5-0.5.39")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-base-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-devel-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-source-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-syms-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-base-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-devel-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-base-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-devel-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-base-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-devel-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-base-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-devel-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-default-4.1.5_02_3.0.93_0.5-0.5.39")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-pae-4.1.5_02_3.0.93_0.5-0.5.39")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-trace-4.1.5_02_3.0.93_0.5-0.5.39")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"kernel-default-man-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-base-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-devel-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-base-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-devel-3.0.93-0.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-kmp-default-4.1.5_02_3.0.93_0.5-0.5.39")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-kmp-trace-4.1.5_02_3.0.93_0.5-0.5.39")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2013-218.NASL
    descriptionThe bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call. The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel before 2.6.34 does not properly manage skb consumption, which allows local users to cause a denial of service (system crash) via a crafted splice system call for a TCP socket. The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application. net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation.
    last seen2020-06-01
    modified2020-06-02
    plugin id70222
    published2013-10-01
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/70222
    titleAmazon Linux AMI : kernel (ALAS-2013-218)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2013-218.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(70222);
      script_version("1.5");
      script_cvs_date("Date: 2019/07/10 16:04:12");
    
      script_cve_id("CVE-2012-6548", "CVE-2013-0914", "CVE-2013-1059", "CVE-2013-1848", "CVE-2013-2128", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2634", "CVE-2013-2635", "CVE-2013-2852", "CVE-2013-3222", "CVE-2013-3224", "CVE-2013-3225", "CVE-2013-3301");
      script_xref(name:"ALAS", value:"2013-218");
    
      script_name(english:"Amazon Linux AMI : kernel (ALAS-2013-218)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the
    Linux kernel before 3.9-rc7 does not properly initialize a certain
    length variable, which allows local users to obtain sensitive
    information from kernel stack memory via a crafted recvmsg or recvfrom
    system call.
    
    The udf_encode_fh function in fs/udf/namei.c in the Linux kernel
    before 3.6 does not initialize a certain structure member, which
    allows local users to obtain sensitive information from kernel heap
    memory via a crafted application.
    
    The ftrace implementation in the Linux kernel before 3.8.8
    allows local users to cause a denial of service (NULL
    pointer dereference and system crash) or possibly have
    unspecified other impact by leveraging the CAP_SYS_ADMIN
    capability for write access to the (1) set_ftrace_pid or (2)
    set_graph_function file, and then making an lseek system
    call.
    
    The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the
    Linux kernel before 3.8.4 does not initialize a certain
    structure member, which allows local users to obtain
    sensitive information from kernel stack memory via a crafted
    application.
    
    The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux
    kernel before 3.10 allows local users to cause a denial of service
    (system crash) by using an AF_INET6 socket for a connection to an IPv4
    interface.
    
    The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel
    before 2.6.34 does not properly manage skb consumption, which allows
    local users to cause a denial of service (system crash) via a crafted
    splice system call for a TCP socket.
    
    The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the
    Linux kernel before 3.9-rc7 does not initialize a certain length
    variable, which allows local users to obtain sensitive information
    from kernel stack memory via a crafted recvmsg or recvfrom system
    call.
    
    Format string vulnerability in the b43_request_firmware function in
    drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in
    the Linux kernel through 3.9.4 allows local users to gain privileges
    by leveraging root access and including format string specifiers in an
    fwpostfix modprobe parameter, leading to improper construction of an
    error message.
    
    The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions
    in net/key/af_key.c in the Linux kernel before 3.10 do not initialize
    certain structure members, which allows local users to obtain
    sensitive information from kernel heap memory by reading a broadcast
    message from the notify interface of an IPSec key_socket.
    
    The vcc_recvmsg function in net/atm/common.c in the Linux kernel
    before 3.9-rc7 does not initialize a certain length variable, which
    allows local users to obtain sensitive information from kernel stack
    memory via a crafted recvmsg or recvfrom system call.
    
    The flush_signal_handlers function in kernel/signal.c in the Linux
    kernel before 3.8.4 preserves the value of the sa_restorer field
    across an exec operation, which makes it easier for local users to
    bypass the ASLR protection mechanism via a crafted application
    containing a sigaction system call.
    
    net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize
    certain structures, which allows local users to obtain sensitive
    information from kernel stack memory via a crafted application.
    
    fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect
    arguments to functions in certain circumstances related to printk
    input, which allows local users to conduct format-string attacks and
    possibly gain privileges via a crafted application.
    
    net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote
    attackers to cause a denial of service (NULL pointer dereference and
    system crash) or possibly have unspecified other impact via an
    auth_reply message that triggers an attempted build_request operation."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2013-218.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Run 'yum update kernel' to update your system. You will need to reboot
    your system in order for the new kernel to be running."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/09/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"kernel-3.4.57-48.42.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-debuginfo-3.4.57-48.42.amzn1")) flag++;
    if (rpm_check(release:"ALA", cpu:"i686", reference:"kernel-debuginfo-common-i686-3.4.57-48.42.amzn1")) flag++;
    if (rpm_check(release:"ALA", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.4.57-48.42.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-devel-3.4.57-48.42.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-doc-3.4.57-48.42.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-headers-3.4.57-48.42.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-tools-3.4.57-48.42.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-tools-debuginfo-3.4.57-48.42.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-2543.NASL
    descriptionDescription of changes: [2.6.39-400.109.6.el6uek] - block: do not pass disk names as format strings (Kees Cook) [Orabug: 17230083] {CVE-2013-2851} - libceph: Fix NULL pointer dereference in auth client code (Tyler Hicks) [Orabug: 17230108] {CVE-2013-1059} - ipv6: ip6_sk_dst_check() must not assume ipv6 dst (Eric Dumazet) [Orabug: 17371078] {CVE-2013-2232} - af_key: initialize satype in key_notify_policy_flush() (Nicolas Dichtel) [Orabug: 17370788] {CVE-2013-2237} - Bluetooth: HCI - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17370892] {CVE-2012-6544} - Bluetooth: L2CAP - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17371050] {CVE-2012-6544} - Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER) (Mathias Krause) [Orabug: 17371065] {CVE-2012-6544} - sctp: Use correct sideffect command in duplicate cookie handling (Vlad Yasevich) [Orabug: 17371118] {CVE-2013-2206} - sctp: deal with multiple COOKIE_ECHO chunks (Max Matveev) [Orabug: 17372121] {CVE-2013-2206}
    last seen2020-06-01
    modified2020-06-02
    plugin id69510
    published2013-08-30
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69510
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2543)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1936-1.NASL
    descriptionChanam Park reported a NULL pointer flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id69419
    published2013-08-21
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69419
    titleUbuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-1936-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-1034.NASL
    descriptionThe Linux Kernel was updated to fix various security issues and bugs. - sctp: Use correct sideffect command in duplicate cookie handling (bnc#826102, CVE-2013-2206). - Drivers: hv: util: Fix a bug in util version negotiation code (bnc#838346). - vmxnet3: prevent div-by-zero panic when ring resizing uninitialized dev (bnc#833321). - md/raid1,5,10: Disable WRITE SAME until a recovery strategy is in place (bnc#813889). - netback: don
    last seen2020-06-05
    modified2014-06-13
    plugin id74878
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74878
    titleopenSUSE Security Update : kernel (openSUSE-SU-2013:1971-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-2546.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise Kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id69942
    published2013-09-18
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69942
    titleOracle Linux 5 / 6 : Unbreakable Enterprise Kernel (ELSA-2013-2546)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1935-1.NASL
    descriptionChanam Park reported a NULL pointer flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id69418
    published2013-08-21
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69418
    titleUbuntu 13.04 : linux vulnerabilities (USN-1935-1)