Vulnerabilities > CVE-2013-2146 - Improper Input Validation vulnerability in Linux Kernel

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit.

Vulnerable Configurations

Part Description Count
OS
Linux
1676

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-1173.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id69496
    published2013-08-29
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69496
    titleCentOS 6 : kernel (CESA-2013:1173)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:1173 and 
    # CentOS Errata and Security Advisory 2013:1173 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69496);
      script_version("1.7");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2012-6544", "CVE-2013-2146", "CVE-2013-2206", "CVE-2013-2224", "CVE-2013-2232", "CVE-2013-2237");
      script_bugtraq_id(58990, 60324, 60715, 60858, 60893, 60953);
      script_xref(name:"RHSA", value:"2013:1173");
    
      script_name(english:"CentOS 6 : kernel (CESA-2013:1173)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix multiple security issues and several
    bugs are now available for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    This update fixes the following security issues :
    
    * A flaw was found in the way the Linux kernel's Stream Control
    Transmission Protocol (SCTP) implementation handled duplicate cookies.
    If a local user queried SCTP connection information at the same time a
    remote attacker has initialized a crafted SCTP connection to the
    system, it could trigger a NULL pointer dereference, causing the
    system to crash. (CVE-2013-2206, Important)
    
    * It was found that the fix for CVE-2012-3552 released via
    RHSA-2012:1304 introduced an invalid free flaw in the Linux kernel's
    TCP/IP protocol suite implementation. A local, unprivileged user could
    use this flaw to corrupt kernel memory via crafted sendmsg() calls,
    allowing them to cause a denial of service or, potentially, escalate
    their privileges on the system. (CVE-2013-2224, Important)
    
    * A flaw was found in the Linux kernel's Performance Events
    implementation. On systems with certain Intel processors, a local,
    unprivileged user could use this flaw to cause a denial of service by
    leveraging the perf subsystem to write into the reserved bits of the
    OFFCORE_RSP_0 and OFFCORE_RSP_1 model-specific registers.
    (CVE-2013-2146, Moderate)
    
    * An invalid pointer dereference flaw was found in the Linux kernel's
    TCP/IP protocol suite implementation. A local, unprivileged user could
    use this flaw to crash the system or, potentially, escalate their
    privileges on the system by using sendmsg() with an IPv6 socket
    connected to an IPv4 destination. (CVE-2013-2232, Moderate)
    
    * Information leak flaws in the Linux kernel's Bluetooth
    implementation could allow a local, unprivileged user to leak kernel
    memory to user-space. (CVE-2012-6544, Low)
    
    * An information leak flaw in the Linux kernel could allow a
    privileged, local user to leak kernel memory to user-space.
    (CVE-2013-2237, Low)
    
    This update also fixes several bugs. Documentation for these changes
    will be available shortly from the Technical Notes document linked to
    in the References section.
    
    Users should upgrade to these updated packages, which contain
    backported patches to correct these issues. The system must be
    rebooted for this update to take effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2013-August/019918.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9bbc3c9d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2224");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", reference:"kernel-2.6.32-358.18.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-debug-2.6.32-358.18.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-debug-devel-2.6.32-358.18.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-devel-2.6.32-358.18.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-doc-2.6.32-358.18.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-firmware-2.6.32-358.18.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-headers-2.6.32-358.18.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"perf-2.6.32-358.18.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"python-perf-2.6.32-358.18.1.el6")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debug / kernel-debug-devel / kernel-devel / etc");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-176.NASL
    descriptionMultiple vulnerabilities has been found and corrected in the Linux kernel : The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application. (CVE-2013-1979) The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3232) net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3235) The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3234) The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3233) The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3231) The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3229) The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3228) The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3227) The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3225) The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3224) The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3223) The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3222) Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program. (CVE-2013-2596) arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (CVE-2013-2146) The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. (CVE-2013-2094) The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. (CVE-2013-1798) Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. (CVE-2013-1797) The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. (CVE-2013-1796) The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. (CVE-2013-2141) Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure. (CVE-2013-1929) The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669. (CVE-2012-5532) The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (CVE-2012-6548) The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (CVE-2012-6549) net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (CVE-2013-2634) The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (CVE-2013-2635) fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application. (CVE-2013-1848) The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. (CVE-2013-0914) Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device. (CVE-2013-1860) Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads. (CVE-2013-1792) The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability. (CVE-2013-2546) The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. (CVE-2013-2547) The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. (CVE-2013-2548) The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges. (CVE-2013-0311) Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message. (CVE-2013-1763) The __skb_recv_datagram function in net/core/datagram.c in the Linux kernel before 3.8 does not properly handle the MSG_PEEK flag with zero-length data, which allows local users to cause a denial of service (infinite loop and system hang) via a crafted application. (CVE-2013-0290) Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. (CVE-2013-1767) The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel before 3.7.9 on 32-bit Xen paravirt_ops platforms does not properly handle an invalid value in the DS segment register, which allows guest OS users to gain guest OS privileges via a crafted application. (CVE-2013-0228) Memory leak in drivers/net/xen-netback/netback.c in the Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (memory consumption) by triggering certain error conditions. (CVE-2013-0217) The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. (CVE-2013-0216) The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (CVE-2012-6547) The updated packages provides a solution for these security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id66975
    published2013-06-25
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66975
    titleMandriva Linux Security Advisory : kernel (MDVSA-2013:176)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2013:176. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66975);
      script_version("1.11");
      script_cvs_date("Date: 2019/08/02 13:32:55");
    
      script_cve_id("CVE-2012-5532", "CVE-2012-6547", "CVE-2012-6548", "CVE-2012-6549", "CVE-2013-0216", "CVE-2013-0217", "CVE-2013-0228", "CVE-2013-0290", "CVE-2013-0311", "CVE-2013-0914", "CVE-2013-1763", "CVE-2013-1767", "CVE-2013-1792", "CVE-2013-1796", "CVE-2013-1797", "CVE-2013-1798", "CVE-2013-1848", "CVE-2013-1860", "CVE-2013-1929", "CVE-2013-1979", "CVE-2013-2094", "CVE-2013-2141", "CVE-2013-2146", "CVE-2013-2546", "CVE-2013-2547", "CVE-2013-2548", "CVE-2013-2596", "CVE-2013-2634", "CVE-2013-2635", "CVE-2013-3222", "CVE-2013-3223", "CVE-2013-3224", "CVE-2013-3225", "CVE-2013-3227", "CVE-2013-3228", "CVE-2013-3229", "CVE-2013-3231", "CVE-2013-3232", "CVE-2013-3233", "CVE-2013-3234", "CVE-2013-3235");
      script_bugtraq_id(56710, 57743, 57744, 57940, 57964, 58053, 58137, 58177, 58368, 58382, 58426, 58510, 58597, 58600, 58604, 58605, 58607, 58908, 58993, 58994, 58996, 59264, 59377, 59380, 59381, 59383, 59385, 59388, 59389, 59390, 59393, 59394, 59396, 59397, 59538, 59846, 60254, 60324);
      script_xref(name:"MDVSA", value:"2013:176");
    
      script_name(english:"Mandriva Linux Security Advisory : kernel (MDVSA-2013:176)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities has been found and corrected in the Linux
    kernel :
    
    The scm_set_cred function in include/net/scm.h in the Linux kernel
    before 3.8.11 uses incorrect uid and gid values during credentials
    passing, which allows local users to gain privileges via a crafted
    application. (CVE-2013-1979)
    
    The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel
    before 3.9-rc7 does not initialize a certain data structure, which
    allows local users to obtain sensitive information from kernel stack
    memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3232)
    
    net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not
    initialize a certain data structure and a certain length variable,
    which allows local users to obtain sensitive information from kernel
    stack memory via a crafted recvmsg or recvfrom system call.
    (CVE-2013-3235)
    
    The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel
    before 3.9-rc7 does not initialize a certain data structure, which
    allows local users to obtain sensitive information from kernel stack
    memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3234)
    
    The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux
    kernel before 3.9-rc7 does not initialize a certain length variable
    and a certain data structure, which allows local users to obtain
    sensitive information from kernel stack memory via a crafted recvmsg
    or recvfrom system call. (CVE-2013-3233)
    
    The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel
    before 3.9-rc7 does not initialize a certain length variable, which
    allows local users to obtain sensitive information from kernel stack
    memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3231)
    
    The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux
    kernel before 3.9-rc7 does not initialize a certain length variable,
    which allows local users to obtain sensitive information from kernel
    stack memory via a crafted recvmsg or recvfrom system call.
    (CVE-2013-3229)
    
    The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux
    kernel before 3.9-rc7 does not initialize a certain length variable,
    which allows local users to obtain sensitive information from kernel
    stack memory via a crafted recvmsg or recvfrom system call.
    (CVE-2013-3228)
    
    The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the
    Linux kernel before 3.9-rc7 does not initialize a certain length
    variable, which allows local users to obtain sensitive information
    from kernel stack memory via a crafted recvmsg or recvfrom system
    call. (CVE-2013-3227)
    
    The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the
    Linux kernel before 3.9-rc7 does not initialize a certain length
    variable, which allows local users to obtain sensitive information
    from kernel stack memory via a crafted recvmsg or recvfrom system
    call. (CVE-2013-3225)
    
    The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the
    Linux kernel before 3.9-rc7 does not properly initialize a certain
    length variable, which allows local users to obtain sensitive
    information from kernel stack memory via a crafted recvmsg or recvfrom
    system call. (CVE-2013-3224)
    
    The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel
    before 3.9-rc7 does not initialize a certain data structure, which
    allows local users to obtain sensitive information from kernel stack
    memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3223)
    
    The vcc_recvmsg function in net/atm/common.c in the Linux kernel
    before 3.9-rc7 does not initialize a certain length variable, which
    allows local users to obtain sensitive information from kernel stack
    memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3222)
    
    Integer overflow in the fb_mmap function in drivers/video/fbmem.c in
    the Linux kernel before 3.8.9, as used in a certain Motorola build of
    Android 4.1.2 and other products, allows local users to create a
    read-write memory mapping for the entirety of kernel memory, and
    consequently gain privileges, via crafted /dev/graphics/fb0 mmap2
    system calls, as demonstrated by the Motochopper pwn program.
    (CVE-2013-2596)
    
    arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before
    3.8.9, when the Performance Events Subsystem is enabled, specifies an
    incorrect bitmask, which allows local users to cause a denial of
    service (general protection fault and system crash) by attempting to
    set a reserved bit. (CVE-2013-2146)
    
    The perf_swevent_init function in kernel/events/core.c in the Linux
    kernel before 3.8.9 uses an incorrect integer data type, which allows
    local users to gain privileges via a crafted perf_event_open system
    call. (CVE-2013-2094)
    
    The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux
    kernel through 3.8.4 does not properly handle a certain combination of
    invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which
    allows guest OS users to obtain sensitive information from host OS
    memory or cause a denial of service (host OS OOPS) via a crafted
    application. (CVE-2013-1798)
    
    Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel
    through 3.8.4 allows guest OS users to cause a denial of service (host
    OS memory corruption) or possibly have unspecified other impact via a
    crafted application that triggers use of a guest physical address
    (GPA) in (1) movable or (2) removable memory during an
    MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. (CVE-2013-1797)
    
    The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux
    kernel through 3.8.4 does not ensure a required time_page alignment
    during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users
    to cause a denial of service (buffer overflow and host OS memory
    corruption) or possibly have unspecified other impact via a crafted
    application. (CVE-2013-1796)
    
    The do_tkill function in kernel/signal.c in the Linux kernel before
    3.8.9 does not initialize a certain data structure, which allows local
    users to obtain sensitive information from kernel memory via a crafted
    application that makes a (1) tkill or (2) tgkill system call.
    (CVE-2013-2141)
    
    Heap-based buffer overflow in the tg3_read_vpd function in
    drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6
    allows physically proximate attackers to cause a denial of service
    (system crash) or possibly execute arbitrary code via crafted firmware
    that specifies a long string in the Vital Product Data (VPD) data
    structure. (CVE-2013-1929)
    
    The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as
    distributed in the Linux kernel before 3.8-rc1, allows local users to
    cause a denial of service (daemon exit) via a crafted application that
    sends a Netlink message. NOTE: this vulnerability exists because of an
    incorrect fix for CVE-2012-2669. (CVE-2012-5532)
    
    The udf_encode_fh function in fs/udf/namei.c in the Linux kernel
    before 3.6 does not initialize a certain structure member, which
    allows local users to obtain sensitive information from kernel heap
    memory via a crafted application. (CVE-2012-6548)
    
    The isofs_export_encode_fh function in fs/isofs/export.c in the Linux
    kernel before 3.6 does not initialize a certain structure member,
    which allows local users to obtain sensitive information from kernel
    heap memory via a crafted application. (CVE-2012-6549)
    
    net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize
    certain structures, which allows local users to obtain sensitive
    information from kernel stack memory via a crafted application.
    (CVE-2013-2634)
    
    The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux
    kernel before 3.8.4 does not initialize a certain structure member,
    which allows local users to obtain sensitive information from kernel
    stack memory via a crafted application. (CVE-2013-2635)
    
    fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect
    arguments to functions in certain circumstances related to printk
    input, which allows local users to conduct format-string attacks and
    possibly gain privileges via a crafted application. (CVE-2013-1848)
    
    The flush_signal_handlers function in kernel/signal.c in the Linux
    kernel before 3.8.4 preserves the value of the sa_restorer field
    across an exec operation, which makes it easier for local users to
    bypass the ASLR protection mechanism via a crafted application
    containing a sigaction system call. (CVE-2013-0914)
    
    Heap-based buffer overflow in the wdm_in_callback function in
    drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows
    physically proximate attackers to cause a denial of service (system
    crash) or possibly execute arbitrary code via a crafted cdc-wdm USB
    device. (CVE-2013-1860)
    
    Race condition in the install_user_keyrings function in
    security/keys/process_keys.c in the Linux kernel before 3.8.3 allows
    local users to cause a denial of service (NULL pointer dereference and
    system crash) via crafted keyctl system calls that trigger keyring
    operations in simultaneous threads. (CVE-2013-1792)
    
    The report API in the crypto user configuration API in the Linux
    kernel through 3.8.2 uses an incorrect C library function for copying
    strings, which allows local users to obtain sensitive information from
    kernel stack memory by leveraging the CAP_NET_ADMIN capability.
    (CVE-2013-2546)
    
    The crypto_report_one function in crypto/crypto_user.c in the report
    API in the crypto user configuration API in the Linux kernel through
    3.8.2 does not initialize certain structure members, which allows
    local users to obtain sensitive information from kernel heap memory by
    leveraging the CAP_NET_ADMIN capability. (CVE-2013-2547)
    
    The crypto_report_one function in crypto/crypto_user.c in the report
    API in the crypto user configuration API in the Linux kernel through
    3.8.2 uses an incorrect length value during a copy operation, which
    allows local users to obtain sensitive information from kernel memory
    by leveraging the CAP_NET_ADMIN capability. (CVE-2013-2548)
    
    The translate_desc function in drivers/vhost/vhost.c in the Linux
    kernel before 3.7 does not properly handle cross-region descriptors,
    which allows guest OS users to obtain host OS privileges by leveraging
    KVM guest OS privileges. (CVE-2013-0311)
    
    Array index error in the __sock_diag_rcv_msg function in
    net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local
    users to gain privileges via a large family value in a Netlink
    message. (CVE-2013-1763)
    
    The __skb_recv_datagram function in net/core/datagram.c in the Linux
    kernel before 3.8 does not properly handle the MSG_PEEK flag with
    zero-length data, which allows local users to cause a denial of
    service (infinite loop and system hang) via a crafted application.
    (CVE-2013-0290)
    
    Use-after-free vulnerability in the shmem_remount_fs function in
    mm/shmem.c in the Linux kernel before 3.7.10 allows local users to
    gain privileges or cause a denial of service (system crash) by
    remounting a tmpfs filesystem without specifying a required mpol (aka
    mempolicy) mount option. (CVE-2013-1767)
    
    The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel
    before 3.7.9 on 32-bit Xen paravirt_ops platforms does not properly
    handle an invalid value in the DS segment register, which allows guest
    OS users to gain guest OS privileges via a crafted application.
    (CVE-2013-0228)
    
    Memory leak in drivers/net/xen-netback/netback.c in the Xen netback
    functionality in the Linux kernel before 3.7.8 allows guest OS users
    to cause a denial of service (memory consumption) by triggering
    certain error conditions. (CVE-2013-0217)
    
    The Xen netback functionality in the Linux kernel before 3.7.8 allows
    guest OS users to cause a denial of service (loop) by triggering ring
    pointer corruption. (CVE-2013-0216)
    
    The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel
    before 3.6 does not initialize a certain structure, which allows local
    users to obtain sensitive information from kernel stack memory via a
    crafted application. (CVE-2012-6547)
    
    The updated packages provides a solution for these security issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cpupower");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cpupower-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cpupower0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/06/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"cpupower-3.4.47-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", reference:"kernel-firmware-3.4.47-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-headers-3.4.47-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-server-3.4.47-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-server-devel-3.4.47-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", reference:"kernel-source-3.4.47-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64cpupower-devel-3.4.47-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64cpupower0-3.4.47-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"perf-3.4.47-1.1.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1181.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes three security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of
    last seen2020-06-01
    modified2020-06-02
    plugin id78969
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78969
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2013:1181)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:1181. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78969);
      script_version("1.10");
      script_cvs_date("Date: 2019/10/24 15:35:37");
    
      script_cve_id("CVE-2013-0791", "CVE-2013-1620", "CVE-2013-4236");
      script_bugtraq_id(57777, 58826, 61772);
      script_xref(name:"RHSA", value:"2013:1181");
    
      script_name(english:"RHEL 6 : rhev-hypervisor6 (RHSA-2013:1181)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated rhev-hypervisor6 package that fixes three security issues
    and various bugs is now available.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The rhev-hypervisor6 package provides a Red Hat Enterprise
    Virtualization Hypervisor ISO disk image. The Red Hat Enterprise
    Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine
    (KVM) hypervisor. It includes everything necessary to run and manage
    virtual machines: A subset of the Red Hat Enterprise Linux operating
    environment and the Red Hat Enterprise Virtualization Agent.
    
    Note: Red Hat Enterprise Virtualization Hypervisor is only available
    for the Intel 64 and AMD64 architectures with virtualization
    extensions.
    
    Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization
    Hypervisor through the 3.2 Manager administration portal, the Host may
    appear with the status of 'Install Failed'. If this happens, place the
    host into maintenance mode, then activate it again to get the host
    back to an 'Up' state.
    
    It was discovered that NSS leaked timing information when decrypting
    TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher
    suites were used. A remote attacker could possibly use this flaw to
    retrieve plain text from the encrypted packets by using a TLS/SSL or
    DTLS server as a padding oracle. (CVE-2013-1620)
    
    It was found that the fix for CVE-2013-0167 released via
    RHSA-2013:0907 was incomplete. A privileged guest user could
    potentially use this flaw to make the host the guest is running on
    unavailable to the management server. (CVE-2013-4236)
    
    An out-of-bounds memory read flaw was found in the way NSS decoded
    certain certificates. If an application using NSS decoded a malformed
    certificate, it could cause the application to crash. (CVE-2013-0791)
    
    Red Hat would like to thank the Mozilla project for reporting
    CVE-2013-0791. Upstream acknowledges Ambroz Bizjak as the original
    reporter of CVE-2013-0791. The CVE-2013-4236 issue was found by David
    Gibson of Red Hat.
    
    This updated package provides updated components that include fixes
    for various security issues. These issues have no security impact on
    Red Hat Enterprise Virtualization Hypervisor itself, however. The
    security fixes included in this update address the following CVE
    numbers :
    
    CVE-2013-4854 (bind issue)
    
    CVE-2012-6544, CVE-2013-2146, CVE-2013-2206, CVE-2013-2224,
    CVE-2013-2232, and CVE-2013-2237 (kernel issues)
    
    This update also contains the fixes from the following errata :
    
    * vdsm: RHSA-2013:1155 and RHBA-2013:1158
    
    Users of the Red Hat Enterprise Virtualization Hypervisor are advised
    to upgrade to this updated package, which corrects these issues."
      );
      # https://rhn.redhat.com/errata/RHSA-2013-0907.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2013:0907"
      );
      # https://rhn.redhat.com/errata/RHSA-2013-1155.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2013:1155"
      );
      # https://rhn.redhat.com/errata/RHBA-2013-1158.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHBA-2013:1158"
      );
      # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c6b506c4"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2013:1181"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-0791"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-1620"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4236"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected rhev-hypervisor6 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2013:1181";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", reference:"rhev-hypervisor6-6.4-20130815.0.el6_4")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhev-hypervisor6");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2014-0189-1.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) CVE-2013-4592: Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101) CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) CVE-2013-6376: The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (bnc#853053) CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) CVE-2013-4514: Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029) CVE-2013-4515: The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034) CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) CVE-2013-6380: The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373) CVE-2013-7027: The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634) CVE-2013-6463: Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722) CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) CVE-2013-2146: arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (bnc#825006) CVE-2013-2930: The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (bnc#849362) Also the following non-security bugs have been fixed : - kernel: correct tlb flush on page table upgrade (bnc#847660, LTC#99268). - kernel: fix floating-point-control register save and restore (bnc#847660, LTC#99000). kernel: correct handling of asce-type exceptions (bnc#851879, LTC#100293). watchdog: Get rid of MODULE_ALIAS_MISCDEV statements (bnc#827767). - random: fix accounting race condition with lockless irq entropy_count update (bnc#789359). - blktrace: Send BLK_TN_PROCESS events to all running traces (bnc#838623). - printk: forcibly flush nmi ringbuffer if oops is in progress (bnc#849675). - Introduce KABI exception for cpuidle_state->disable via #ifndef __GENKSYMS__ - Honor state disabling in the cpuidle ladder governor (bnc#845378). - cpuidle: add a sysfs entry to disable specific C state for debug purpose (bnc#845378). - net: Do not enable tx-nocache-copy by default (bnc#845378). - mm: reschedule to avoid RCU stall triggering during boot of large machines (bnc#820434,bnc#852153). rtc-cmos: Add an alarm disable quirk (bnc#805740). tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973, LTC#97595). tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973, LTC#97595). sched: Avoid throttle_cfs_rq() racing with period_timer stopping (bnc#848336). - sched/balancing: Periodically decay max cost of idle balance (bnc#849256). - sched: Consider max cost of idle balance per sched domain (bnc#849256). - sched: Reduce overestimating rq->avg_idle (bnc#849256). - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining (bnc#848336). - sched: Fix hrtimer_cancel()/rq->lock deadlock (bnc#848336). - sched: Fix race on toggling cfs_bandwidth_used (bnc#848336). - sched: Guarantee new group-entities always have weight (bnc#848336). - sched: Use jump labels to reduce overhead when bandwidth control is inactive (bnc#848336). sched: Fix several races in CFS_BANDWIDTH (bnc#848336). futex: fix handling of read-only-mapped hugepages (VM Functionality). - futex: move user address verification up to common code (bnc#851603). - futexes: Clean up various details (bnc#851603). - futexes: Increase hash table size for better performance (bnc#851603). - futexes: Document multiprocessor ordering guarantees (bnc#851603). - futexes: Avoid taking the hb->lock if there is nothing to wake up (bnc#851603). - futexes: Fix futex_hashsize initialization (bnc#851603). mutex: Make more scalable by doing fewer atomic operations (bnc#849256). powerpc: Fix memory hotplug with sparse vmemmap (bnc#827527). - powerpc: Add System RAM to /proc/iomem (bnc#827527). - powerpc/mm: Mark Memory Resources as busy (bnc#827527). - powerpc: Fix fatal SLB miss when restoring PPR (bnc#853465). - powerpc: Make function that parses RTAS error logs global (bnc#852761). - powerpc/pseries: Parse and handle EPOW interrupts (bnc#852761). - powerpc/rtas_flash: Fix validate_flash buffer overflow issue (bnc#847842). powerpc/rtas_flash: Fix bad memory access (bnc#847842). x86: Update UV3 hub revision ID (bnc#846298 fate#314987). - x86: Remove some noise from boot log when starting cpus (bnc#770541). - x86/microcode/amd: Tone down printk(), do not treat a missing firmware file as an error (bnc#843654). - x86/dumpstack: Fix printk_address for direct addresses (bnc#845621). x86/PCI: reduce severity of host bridge window conflict warnings (bnc#858534). ipv6: fix race condition regarding dst->expires and dst->from (bnc#843185). - netback: bump tx queue length (bnc#849404). - xfrm: invalidate dst on policy insertion/deletion (bnc#842239). xfrm: prevent ipcomp scratch buffer race condition (bnc#842239). tcp: bind() fix autoselection to share ports (bnc#823618). - tcp: bind() use stronger condition for bind_conflict (bnc#823618). - tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). macvlan: introduce IFF_MACVLAN flag and helper function (bnc#846984). - macvlan: introduce macvlan_dev_real_dev() helper function (bnc#846984). macvlan: disable LRO on lower device instead of macvlan (bnc#846984). fs: Avoid softlockup in shrink_dcache_for_umount_subtree (bnc#834473). - blkdev_max_block: make private to fs/buffer.c (bnc#820338). storage: SMI Corporation usb key added to READ_CAPACITY_10 quirk (bnc#850324). autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race (bnc#851314). - autofs4: catatonic_mode vs. notify_daemon race (bnc#851314). - autofs4: close the races around autofs4_notify_daemon() (bnc#851314). - autofs4: deal with autofs4_write/autofs4_write races (bnc#851314). - autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless mount (bnc#851314). - autofs4: fix deal with autofs4_write races (bnc#851314). autofs4: use simple_empty() for empty directory check (bnc#851314). dlm: set zero linger time on sctp socket (bnc#787843). - SUNRPC: Fix a data corruption issue when retransmitting RPC calls (no bugzilla yet - netapp confirms problem and fix). - nfs: Change NFSv4 to not recover locks after they are lost (bnc#828236). nfs: Adapt readdirplus to application usage patterns (bnc#834708). xfs: Account log unmount transaction correctly (bnc#849950). - xfs: improve ioend error handling (bnc#846036). - xfs: reduce ioend latency (bnc#846036). - xfs: use per-filesystem I/O completion workqueues (bnc#846036). xfs: Hide additional entries in struct xfs_mount (bnc#846036 bnc#848544). Btrfs: do not BUG_ON() if we get an error walking backrefs (FATE#312888). vfs: avoid
    last seen2020-06-05
    modified2015-05-20
    plugin id83609
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83609
    titleSUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2014:0189-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2014:0189-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83609);
      script_version("2.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-2146", "CVE-2013-2930", "CVE-2013-4345", "CVE-2013-4483", "CVE-2013-4511", "CVE-2013-4514", "CVE-2013-4515", "CVE-2013-4587", "CVE-2013-4592", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6378", "CVE-2013-6380", "CVE-2013-6383", "CVE-2013-6463", "CVE-2013-7027");
      script_bugtraq_id(60324, 62740, 63445, 63509, 63512, 63518, 63790, 63886, 63887, 63888, 64013, 64270, 64291, 64318, 64319, 64328, 64669, 64739, 64741, 64742, 64743, 64744, 64746);
    
      script_name(english:"SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2014:0189-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to
    3.0.101 and also includes various other bug and security fixes.
    
    A new feature was added :
    
      - supported.conf: marked net/netfilter/xt_set as supported
        (bnc#851066)(fate#313309)
    
    The following security bugs have been fixed :
    
    CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu
    function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux
    kernel through 3.12.5 allows local users to gain privileges via a
    large id value. (bnc#853050)
    
    CVE-2013-4592: Memory leak in the __kvm_set_memory_region
    function in virt/kvm/kvm_main.c in the Linux kernel before
    3.9 allows local users to cause a denial of service (memory
    consumption) by leveraging certain device access to trigger
    movement of memory slots. (bnc#851101)
    
    CVE-2013-6367: The apic_get_tmcct function in
    arch/x86/kvm/lapic.c in the KVM subsystem in the Linux
    kernel through 3.12.5 allows guest OS users to cause a
    denial of service (divide-by-zero error and host OS crash)
    via crafted modifications of the TMICT value. (bnc#853051)
    
    CVE-2013-6368: The KVM subsystem in the Linux kernel through
    3.12.5 allows local users to gain privileges or cause a
    denial of service (system crash) via a VAPIC synchronization
    operation involving a page-end address. (bnc#853052)
    
    CVE-2013-6376: The recalculate_apic_map function in
    arch/x86/kvm/lapic.c in the KVM subsystem in the Linux
    kernel through 3.12.5 allows guest OS users to cause a
    denial of service (host OS crash) via a crafted ICR write
    operation in x2apic mode. (bnc#853053)
    
    CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in
    the Linux kernel before 3.10 does not properly manage a
    reference count, which allows local users to cause a denial
    of service (memory consumption or system crash) via a
    crafted application. (bnc#848321)
    
    CVE-2013-4511: Multiple integer overflows in Alchemy LCD
    frame-buffer drivers in the Linux kernel before 3.12 allow
    local users to create a read-write memory mapping for the
    entirety of kernel memory, and consequently gain privileges,
    via crafted mmap operations, related to the (1)
    au1100fb_fb_mmap function in drivers/video/au1100fb.c and
    the (2) au1200fb_fb_mmap function in
    drivers/video/au1200fb.c. (bnc#849021)
    
    CVE-2013-4514: Multiple buffer overflows in
    drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel
    before 3.12 allow local users to cause a denial of service
    or possibly have unspecified other impact by leveraging the
    CAP_NET_ADMIN capability and providing a long station-name
    string, related to the (1) wvlan_uil_put_info and (2)
    wvlan_set_station_nickname functions. (bnc#849029)
    
    CVE-2013-4515: The bcm_char_ioctl function in
    drivers/staging/bcm/Bcmchar.c in the Linux kernel before
    3.12 does not initialize a certain data structure, which
    allows local users to obtain sensitive information from
    kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl
    call. (bnc#849034)
    
    CVE-2013-6378: The lbs_debugfs_write function in
    drivers/net/wireless/libertas/debugfs.c in the Linux kernel
    through 3.12.1 allows local users to cause a denial of
    service (OOPS) by leveraging root privileges for a
    zero-length write operation. (bnc#852559)
    
    CVE-2013-6380: The aac_send_raw_srb function in
    drivers/scsi/aacraid/commctrl.c in the Linux kernel through
    3.12.1 does not properly validate a certain size value,
    which allows local users to cause a denial of service
    (invalid pointer dereference) or possibly have unspecified
    other impact via an FSACTL_SEND_RAW_SRB ioctl call that
    triggers a crafted SRB command. (bnc#852373)
    
    CVE-2013-7027: The ieee80211_radiotap_iterator_init function
    in net/wireless/radiotap.c in the Linux kernel before 3.11.7
    does not check whether a frame contains any data outside of
    the header, which might allow attackers to cause a denial of
    service (buffer over-read) via a crafted header.
    (bnc#854634)
    
    CVE-2013-6463: Linux kernel built with the networking
    support(CONFIG_NET) is vulnerable to an information leakage
    flaw in the socket layer. It could occur while doing
    recvmsg(2), recvfrom(2) socket calls. It occurs due to
    improperly initialised msg_name & msg_namelen message header
    parameters. (bnc#854722)
    
    CVE-2013-6383: The aac_compat_ioctl function in
    drivers/scsi/aacraid/linit.c in the Linux kernel before
    3.11.8 does not require the CAP_SYS_RAWIO capability, which
    allows local users to bypass intended access restrictions
    via a crafted ioctl call. (bnc#852558)
    
    CVE-2013-4345: Off-by-one error in the get_prng_bytes
    function in crypto/ansi_cprng.c in the Linux kernel through
    3.11.4 makes it easier for context-dependent attackers to
    defeat cryptographic protection mechanisms via multiple
    requests for small amounts of data, leading to improper
    management of the state of the consumed data. (bnc#840226)
    
    CVE-2013-2146: arch/x86/kernel/cpu/perf_event_intel.c in the
    Linux kernel before 3.8.9, when the Performance Events
    Subsystem is enabled, specifies an incorrect bitmask, which
    allows local users to cause a denial of service (general
    protection fault and system crash) by attempting to set a
    reserved bit. (bnc#825006)
    
    CVE-2013-2930: The perf_trace_event_perm function in
    kernel/trace/trace_event_perf.c in the Linux kernel before
    3.12.2 does not properly restrict access to the perf
    subsystem, which allows local users to enable function
    tracing via a crafted application. (bnc#849362)
    
    Also the following non-security bugs have been fixed :
    
      - kernel: correct tlb flush on page table upgrade
        (bnc#847660, LTC#99268).
    
      - kernel: fix floating-point-control register save and
        restore (bnc#847660, LTC#99000). kernel: correct
        handling of asce-type exceptions (bnc#851879,
        LTC#100293).
    
        watchdog: Get rid of MODULE_ALIAS_MISCDEV statements
        (bnc#827767).
    
      - random: fix accounting race condition with lockless irq
        entropy_count update (bnc#789359).
    
      - blktrace: Send BLK_TN_PROCESS events to all running
        traces (bnc#838623).
    
      - printk: forcibly flush nmi ringbuffer if oops is in
        progress (bnc#849675).
    
      - Introduce KABI exception for cpuidle_state->disable via
        #ifndef __GENKSYMS__
    
      - Honor state disabling in the cpuidle ladder governor
        (bnc#845378).
    
      - cpuidle: add a sysfs entry to disable specific C state
        for debug purpose (bnc#845378).
    
      - net: Do not enable tx-nocache-copy by default
        (bnc#845378).
    
      - mm: reschedule to avoid RCU stall triggering during boot
        of large machines (bnc#820434,bnc#852153). rtc-cmos: Add
        an alarm disable quirk (bnc#805740).
    
        tty/hvc_iucv: Disconnect IUCV connection when lowering
        DTR (bnc#839973, LTC#97595).
    
        tty/hvc_console: Add DTR/RTS callback to handle HUPCL
        control (bnc#839973, LTC#97595).
    
        sched: Avoid throttle_cfs_rq() racing with period_timer
        stopping (bnc#848336).
    
      - sched/balancing: Periodically decay max cost of idle
        balance (bnc#849256).
    
      - sched: Consider max cost of idle balance per sched
        domain (bnc#849256).
    
      - sched: Reduce overestimating rq->avg_idle (bnc#849256).
    
      - sched: Fix cfs_bandwidth misuse of
        hrtimer_expires_remaining (bnc#848336).
    
      - sched: Fix hrtimer_cancel()/rq->lock deadlock
        (bnc#848336).
    
      - sched: Fix race on toggling cfs_bandwidth_used
        (bnc#848336).
    
      - sched: Guarantee new group-entities always have weight
        (bnc#848336).
    
      - sched: Use jump labels to reduce overhead when bandwidth
        control is inactive (bnc#848336). sched: Fix several
        races in CFS_BANDWIDTH (bnc#848336).
    
        futex: fix handling of read-only-mapped hugepages (VM
        Functionality).
    
      - futex: move user address verification up to common code
        (bnc#851603).
    
      - futexes: Clean up various details (bnc#851603).
    
      - futexes: Increase hash table size for better performance
        (bnc#851603).
    
      - futexes: Document multiprocessor ordering guarantees
        (bnc#851603).
    
      - futexes: Avoid taking the hb->lock if there is nothing
        to wake up (bnc#851603).
    
      - futexes: Fix futex_hashsize initialization (bnc#851603).
        mutex: Make more scalable by doing fewer atomic
        operations (bnc#849256).
    
        powerpc: Fix memory hotplug with sparse vmemmap
        (bnc#827527).
    
      - powerpc: Add System RAM to /proc/iomem (bnc#827527).
    
      - powerpc/mm: Mark Memory Resources as busy (bnc#827527).
    
      - powerpc: Fix fatal SLB miss when restoring PPR
        (bnc#853465).
    
      - powerpc: Make function that parses RTAS error logs
        global (bnc#852761).
    
      - powerpc/pseries: Parse and handle EPOW interrupts
        (bnc#852761).
    
      - powerpc/rtas_flash: Fix validate_flash buffer overflow
        issue (bnc#847842). powerpc/rtas_flash: Fix bad memory
        access (bnc#847842).
    
        x86: Update UV3 hub revision ID (bnc#846298
        fate#314987).
    
      - x86: Remove some noise from boot log when starting cpus
        (bnc#770541).
    
      - x86/microcode/amd: Tone down printk(), do not treat a
        missing firmware file as an error (bnc#843654).
    
      - x86/dumpstack: Fix printk_address for direct addresses
        (bnc#845621). x86/PCI: reduce severity of host bridge
        window conflict warnings (bnc#858534).
    
        ipv6: fix race condition regarding dst->expires and
        dst->from (bnc#843185).
    
      - netback: bump tx queue length (bnc#849404).
    
      - xfrm: invalidate dst on policy insertion/deletion
        (bnc#842239). xfrm: prevent ipcomp scratch buffer race
        condition (bnc#842239).
    
        tcp: bind() fix autoselection to share ports
        (bnc#823618).
    
      - tcp: bind() use stronger condition for bind_conflict
        (bnc#823618).
    
      - tcp: ipv6: bind() use stronger condition for
        bind_conflict (bnc#823618). kabi: protect bind_conflict
        callback in struct inet_connection_sock_af_ops
        (bnc#823618).
    
        macvlan: introduce IFF_MACVLAN flag and helper function
        (bnc#846984).
    
      - macvlan: introduce macvlan_dev_real_dev() helper
        function (bnc#846984). macvlan: disable LRO on lower
        device instead of macvlan (bnc#846984).
    
        fs: Avoid softlockup in shrink_dcache_for_umount_subtree
        (bnc#834473).
    
      - blkdev_max_block: make private to fs/buffer.c
        (bnc#820338). storage: SMI Corporation usb key added to
        READ_CAPACITY_10 quirk (bnc#850324).
    
        autofs4: autofs4_wait() vs. autofs4_catatonic_mode()
        race (bnc#851314).
    
      - autofs4: catatonic_mode vs. notify_daemon race
        (bnc#851314).
    
      - autofs4: close the races around autofs4_notify_daemon()
        (bnc#851314).
    
      - autofs4: deal with autofs4_write/autofs4_write races
        (bnc#851314).
    
      - autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless
        mount (bnc#851314).
    
      - autofs4: fix deal with autofs4_write races (bnc#851314).
        autofs4: use simple_empty() for empty directory check
        (bnc#851314).
    
        dlm: set zero linger time on sctp socket (bnc#787843).
    
      - SUNRPC: Fix a data corruption issue when retransmitting
        RPC calls (no bugzilla yet - netapp confirms problem and
        fix).
    
      - nfs: Change NFSv4 to not recover locks after they are
        lost (bnc#828236). nfs: Adapt readdirplus to application
        usage patterns (bnc#834708).
    
        xfs: Account log unmount transaction correctly
        (bnc#849950).
    
      - xfs: improve ioend error handling (bnc#846036).
    
      - xfs: reduce ioend latency (bnc#846036).
    
      - xfs: use per-filesystem I/O completion workqueues
        (bnc#846036). xfs: Hide additional entries in struct
        xfs_mount (bnc#846036 bnc#848544).
    
        Btrfs: do not BUG_ON() if we get an error walking
        backrefs (FATE#312888).
    
        vfs: avoid 'attempt to access beyond end of device'
        warnings (bnc#820338).
    
      - vfs: fix O_DIRECT read past end of block device
        (bnc#820338).
    
      - cifs: Improve performance of browsing directories with
        several files (bnc#810323). cifs: Ensure cifs
        directories do not show up as files (bnc#826602).
    
        dm-multipath: abort all requests when failing a path
        (bnc#798050).
    
      - scsi: Add 'eh_deadline' to limit SCSI EH runtime
        (bnc#798050).
    
      - scsi: Allow error handling timeout to be specified
        (bnc#798050).
    
      - scsi: Fixup compilation warning (bnc#798050).
    
      - scsi: Retry failfast commands after EH (bnc#798050).
    
      - scsi: Warn on invalid command completion (bnc#798050).
    
      - advansys: Remove 'last_reset' references (bnc#798050).
    
      - cleanup setting task state in scsi_error_handler()
        (bnc#798050).
    
      - dc395: Move 'last_reset' into internal host structure
        (bnc#798050).
    
      - dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050).
    
      - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset
        (bnc#798050).
    
      - scsi: kABI fixes (bnc#798050).
    
      - scsi: remove check for 'resetting' (bnc#798050).
        tmscsim: Move 'last_reset' into host structure
        (bnc#798050).
    
        SCSI & usb-storage: add try_rc_10_first flag
        (bnc#853428).
    
      - iscsi_target: race condition on shutdown (bnc#850072).
    
      - libfcoe: Make fcoe_sysfs optional / fix fnic NULL
        exception (bnc#837206).
    
      - lpfc 8.3.42: Fixed issue of task management commands
        having a fixed timeout (bnc#856481).
    
      - advansys: Remove 'last_reset' references (bnc#856481).
    
      - dc395: Move 'last_reset' into internal host structure
        (bnc#856481).
    
      - Add 'eh_deadline' to limit SCSI EH runtime (bnc#856481).
    
      - remove check for 'resetting' (bnc#856481). tmscsim: Move
        'last_reset' into host structure (bnc#856481).
    
        scsi_dh_rdac: Add new IBM 1813 product id to rdac
        devlist (bnc#846654).
    
        md: Change handling of save_raid_disk and metadata
        update during recovery (bnc#849364).
    
        dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#856481).
    
        dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset
        (bnc#856481).
    
        crypto: unload of aes_s390 module causes kernel panic
        (bnc#847660, LTC#98706).
    
      - crypto: Fix aes-xts parameter corruption (bnc#854546,
        LTC#100718). crypto: gf128mul - fix call to memset()
        (obvious fix).
    
        X.509: Fix certificate gathering (bnc#805114).
    
        pcifront: Deal with toolstack missing
        'XenbusStateClosing' state.
    
      - xencons: generalize use of add_preferred_console()
        (bnc#733022, bnc#852652).
    
      - netxen: fix off by one bug in netxen_release_tx_buffer()
        (bnc#845729).
    
      - xen: xen_spin_kick fixed crash/lock release
        (bnc#807434)(bnc#848652). xen: fixed USB passthrough
        issue (bnc#852624).
    
        igb: Fix get_fw_version function for all parts
        (bnc#848317).
    
      - igb: Refactor of init_nvm_params (bnc#848317).
    
      - r8169: check ALDPS bit and disable it if enabled for the
        8168g (bnc#845352).
    
      - qeth: request length checking in snmp ioctl (bnc#847660,
        LTC#99511). bnx2x: remove false warning regarding
        interrupt number (bnc#769035).
    
        usb: Fix xHCI host issues on remote wakeup (bnc#846989).
    
      - xhci: Limit the spurious wakeup fix only to HP machines
        (bnc#833097).
    
      - Intel xhci: refactor EHCI/xHCI port switching
        (bnc#840116).
    
      - xhci-hub.c: preserved kABI (bnc#840116). xhci: Refactor
        port status into a new function (bnc#840116).
    
        HID: multitouch: Add support for NextWindow 0340
        touchscreen (bnc#849855).
    
      - HID: multitouch: Add support for Qaunta 3027 touchscreen
        (bnc#854516).
    
      - HID: multitouch: add support for Atmel 212c touchscreen
        (bnc#793727).
    
      - HID: multitouch: partial support of win8 devices
        (bnc#854516,bnc#793727,bnc#849855). HID: hid-multitouch:
        add support for the IDEACOM 6650 chip
        (bnc#854516,bnc#793727,bnc#849855).
    
        ALSA: hda - Fix inconsistent mic-mute LED (bnc#848864).
    
        ALSA: hda - load EQ params into IDT codec on HP bNB13
        systems (bnc#850493).
    
        lpfc: correct some issues with txcomplq processing
        (bnc#818064).
    
        lpfc: correct an issue with rrq processing (bnc#818064).
    
        block: factor out vector mergeable decision to a helper
        function (bnc#769644).
    
        block: modify __bio_add_page check to accept pages that
        do not start a new segment (bnc#769644).
    
        sd: avoid deadlocks when running under multipath
        (bnc#818545).
    
      - sd: fix crash when UA received on DIF enabled device
        (bnc#841445). sg: fix blk_get_queue usage (bnc#834808).
    
        lpfc: Do not free original IOCB whenever ABTS fails
        (bnc#806988).
    
      - lpfc: Fix kernel warning on spinlock usage (bnc#806988).
        lpfc: Fixed system panic due to midlayer abort
        (bnc#806988).
    
        qla2xxx: Add module parameter to override the default
        request queue size (bnc#826756).
    
        qla2xxx: Module parameter 'ql2xasynclogin' (bnc#825896).
    
        Pragmatic workaround for realtime class abuse induced
        latency issues.
    
        Provide realtime priority kthread and workqueue boot
        options (bnc#836718).
    
        mlx4: allocate just enough pages instead of always 4
        pages (bnc#835186 bnc#835074).
    
      - mlx4: allow order-0 memory allocations in RX path
        (bnc#835186 bnc#835074).
    
      - net/mlx4: use one page fragment per incoming frame
        (bnc#835186 bnc#835074). bna: do not register
        ndo_set_rx_mode callback (bnc#847261).
    
        PCI: pciehp: Retrieve link speed after link is trained
        (bnc#820102).
    
      - PCI: Separate pci_bus_read_dev_vendor_id from
        pci_scan_device (bnc#820102).
    
      - PCI: pciehp: replace unconditional sleep with config
        space access check (bnc#820102).
    
      - PCI: pciehp: make check_link_active more helpful
        (bnc#820102).
    
      - PCI: pciehp: Add pcie_wait_link_not_active()
        (bnc#820102).
    
      - PCI: pciehp: Add Disable/enable link functions
        (bnc#820102).
    
      - PCI: pciehp: Disable/enable link during slot power
        off/on (bnc#820102). PCI: fix truncation of resource
        size to 32 bits (bnc#843419).
    
        hv: handle more than just WS2008 in KVP negotiation
        (bnc#850640).
    
        mei: ME hardware reset needs to be synchronized
        (bnc#821619).
    
        kabi: Restore struct irq_desc::timer_rand_state.
    
        fs3270: unloading module does not remove device
        (bnc#851879, LTC#100284).
    
        cio: add message for timeouts on internal I/O
        (bnc#837739,LTC#97047).
    
        isci: Fix a race condition in the SSP task management
        path (bnc#826978).
    
        ptp: dynamic allocation of PHC char devices
        (bnc#851290).
    
        efifb: prevent null-deref when iterating dmi_list
        (bnc#848055).
    
        dm-mpath: Fixup race condition in activate_path()
        (bnc#708296).
    
      - dm-mpath: do not detach stale hardware handler
        (bnc#708296). dm-multipath: Improve logging
        (bnc#708296).
    
        scsi_dh: invoke callback if ->activate is not present
        (bnc#708296).
    
      - scsi_dh: return individual errors in scsi_dh_activate()
        (bnc#708296).
    
      - scsi_dh_alua: Decode EMC Clariion extended inquiry
        (bnc#708296).
    
      - scsi_dh_alua: Decode HP EVA array identifier
        (bnc#708296).
    
      - scsi_dh_alua: Evaluate state for all port groups
        (bnc#708296).
    
      - scsi_dh_alua: Fix missing close brace in
        alua_check_sense (bnc#843642).
    
      - scsi_dh_alua: Make stpg synchronous (bnc#708296).
    
      - scsi_dh_alua: Pass buffer as function argument
        (bnc#708296).
    
      - scsi_dh_alua: Re-evaluate port group states after STPG
        (bnc#708296).
    
      - scsi_dh_alua: Recheck state on transitioning
        (bnc#708296).
    
      - scsi_dh_alua: Rework rtpg workqueue (bnc#708296).
    
      - scsi_dh_alua: Use separate alua_port_group structure
        (bnc#708296).
    
      - scsi_dh_alua: Allow get_alua_data() to return NULL
        (bnc#839407).
    
      - scsi_dh_alua: asynchronous RTPG (bnc#708296).
    
      - scsi_dh_alua: correctly terminate target port strings
        (bnc#708296).
    
      - scsi_dh_alua: defer I/O while workqueue item is pending
        (bnc#708296).
    
      - scsi_dh_alua: Do not attach to RAID or enclosure devices
        (bnc#819979).
    
      - scsi_dh_alua: Do not attach to well-known LUNs
        (bnc#821980).
    
      - scsi_dh_alua: fine-grained locking in alua_rtpg_work()
        (bnc#708296).
    
      - scsi_dh_alua: invalid state information for 'optimized'
        paths (bnc#843445).
    
      - scsi_dh_alua: move RTPG to workqueue (bnc#708296).
    
      - scsi_dh_alua: move 'expiry' into PG structure
        (bnc#708296).
    
      - scsi_dh_alua: move some sense code handling into generic
        code (bnc#813245).
    
      - scsi_dh_alua: multipath failover fails with error 15
        (bnc#825696).
    
      - scsi_dh_alua: parse target device id (bnc#708296).
    
      - scsi_dh_alua: protect accesses to struct alua_port_group
        (bnc#708296).
    
      - scsi_dh_alua: put sense buffer on stack (bnc#708296).
    
      - scsi_dh_alua: reattaching device handler fails with
        'Error 15' (bnc#843429).
    
      - scsi_dh_alua: remove locking when checking state
        (bnc#708296).
    
      - scsi_dh_alua: remove stale variable (bnc#708296).
    
      - scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296).
    
      - scsi_dh_alua: retry command on 'mode parameter changed'
        sense code (bnc#843645).
    
      - scsi_dh_alua: simplify alua_check_sense() (bnc#843642).
    
      - scsi_dh_alua: simplify state update (bnc#708296).
    
      - scsi_dh_alua: use delayed_work (bnc#708296).
    
      - scsi_dh_alua: use flag for RTPG extended header
        (bnc#708296).
    
      - scsi_dh_alua: use local buffer for VPD inquiry
        (bnc#708296).
    
      - scsi_dh_alua: use spin_lock_irqsave for port group
        (bnc#708296).
    
      - scsi_dh_alua: defer I/O while workqueue item is pending
        (bnc#708296).
    
      - scsi_dh_alua: Rework rtpg workqueue (bnc#708296).
    
      - scsi_dh_alua: use delayed_work (bnc#708296).
    
      - scsi_dh_alua: move 'expiry' into PG structure
        (bnc#708296).
    
      - scsi_dh: invoke callback if ->activate is not present
        (bnc#708296).
    
      - scsi_dh_alua: correctly terminate target port strings
        (bnc#708296).
    
      - scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296).
    
      - scsi_dh_alua: protect accesses to struct alua_port_group
        (bnc#708296).
    
      - scsi_dh_alua: fine-grained locking in alua_rtpg_work()
        (bnc#708296).
    
      - scsi_dh_alua: use spin_lock_irqsave for port group
        (bnc#708296).
    
      - scsi_dh_alua: remove locking when checking state
        (bnc#708296).
    
      - scsi_dh_alua: remove stale variable (bnc#708296).
    
      - scsi_dh: return individual errors in scsi_dh_activate()
        (bnc#708296). scsi_dh_alua: fixup misplaced brace in
        alua_initialize() (bnc#858831).
    
        drm/i915: add I915_PARAM_HAS_VEBOX to i915_getparam
        (bnc#831103,FATE#316109).
    
      - drm/i915: add I915_EXEC_VEBOX to
        i915_gem_do_execbuffer() (bnc#831103,FATE#316109).
    
      - drm/i915: add VEBOX into debugfs
        (bnc#831103,FATE#316109).
    
      - drm/i915: Enable vebox interrupts
        (bnc#831103,FATE#316109).
    
      - drm/i915: vebox interrupt get/put
        (bnc#831103,FATE#316109).
    
      - drm/i915: consolidate interrupt naming scheme
        (bnc#831103,FATE#316109).
    
      - drm/i915: Convert irq_refounct to struct
        (bnc#831103,FATE#316109).
    
      - drm/i915: make PM interrupt writes non-destructive
        (bnc#831103,FATE#316109).
    
      - drm/i915: Add PM regs to pre/post install
        (bnc#831103,FATE#316109).
    
      - drm/i915: Create an ivybridge_irq_preinstall
        (bnc#831103,FATE#316109).
    
      - drm/i915: Create a more generic pm handler for hsw+
        (bnc#831103,FATE#316109).
    
      - drm/i915: Vebox ringbuffer init
        (bnc#831103,FATE#316109).
    
      - drm/i915: add HAS_VEBOX (bnc#831103,FATE#316109).
    
      - drm/i915: Rename ring flush functions
        (bnc#831103,FATE#316109).
    
      - drm/i915: Add VECS semaphore bits
        (bnc#831103,FATE#316109).
    
      - drm/i915: Introduce VECS: the 4th ring
        (bnc#831103,FATE#316109).
    
      - drm/i915: Semaphore MBOX update generalization
        (bnc#831103,FATE#316109).
    
      - drm/i915: Comments for semaphore clarification
        (bnc#831103,FATE#316109).
    
      - drm/i915: fix gen4 digital port hotplug definitions
        (bnc#850103).
    
      - drm/mgag200: Bug fix: Modified pll algorithm for EH
        project (bnc#841654). drm: do not add inferred modes for
        monitors that do not support them (bnc #849809).
    
        s390/cio: dont abort verification after missing irq
        (bnc#837739,LTC#97047).
    
      - s390/cio: skip broken paths (bnc#837739,LTC#97047).
    
      - s390/cio: export vpm via sysfs (bnc#837739,LTC#97047).
    
      - s390/cio: handle unknown pgroup state
        (bnc#837739,LTC#97047).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://download.novell.com/patch/finder/?keywords=155ef3b4e3ba6228ccaef2cbc31bebd9
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?508af80c"
      );
      # http://download.novell.com/patch/finder/?keywords=5bc4480468b77bc708f1a53315eda1a5
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?41c59b1d"
      );
      # http://download.novell.com/patch/finder/?keywords=5bf653f731ed3521053f5341cf36caed
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?81371f29"
      );
      # http://download.novell.com/patch/finder/?keywords=80a0fe93ee599f6907148b6d57bc4386
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f2c10cd3"
      );
      # http://download.novell.com/patch/finder/?keywords=84ede2844b021edeba8226469dc99257
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4fd89842"
      );
      # http://download.novell.com/patch/finder/?keywords=8fce986182f7f5e181facfac1db4aae3
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?90e9ccc2"
      );
      # http://download.novell.com/patch/finder/?keywords=a863e6ada238d9cd2f9e9150d31fefff
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?09a3fa7e"
      );
      # http://download.novell.com/patch/finder/?keywords=b711e9a5616f248e3074a4b6c9570dc5
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4a374681"
      );
      # http://download.novell.com/patch/finder/?keywords=d80e8135e5fe036068f832766fc4cfb9
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fe789f30"
      );
      # http://download.novell.com/patch/finder/?keywords=ff3893b2e58671834b0dfa8fb9b43401
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2c79cf66"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2146.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2930.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4345.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4483.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4511.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4514.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4515.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4587.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4592.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6367.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6368.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6376.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6378.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6380.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6383.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6463.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-7027.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/708296"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/733022"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/769035"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/769644"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/770541"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/787843"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/789359"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/793727"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/798050"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/805114"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/805740"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/806988"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/807434"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/810323"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/813245"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/818064"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/818545"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/819979"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/820102"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/820338"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/820434"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/821619"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/821980"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/823618"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/825006"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/825696"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/825896"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/826602"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/826756"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/826978"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/827527"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/827767"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/828236"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/831103"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/833097"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/834473"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/834708"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/834808"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/835074"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/835186"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/836718"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/837206"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/837739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/838623"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/839407"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/839973"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/840116"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/840226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/841445"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/841654"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/842239"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/843185"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/843419"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/843429"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/843445"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/843642"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/843645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/843654"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/845352"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/845378"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/845621"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/845729"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/846036"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/846298"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/846654"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/846984"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/846989"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/847261"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/847660"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/847842"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/848055"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/848317"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/848321"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/848335"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/848336"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/848544"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/848652"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/848864"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849021"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849029"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849034"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849256"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849362"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849364"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849404"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849675"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849809"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849855"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849950"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/850072"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/850103"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/850324"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/850493"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/850640"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/851066"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/851101"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/851290"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/851314"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/851603"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/851879"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/852153"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/852373"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/852558"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/852559"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/852624"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/852652"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/852761"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/853050"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/853051"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/853052"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/853053"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/853428"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/853465"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/854516"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/854546"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/854634"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/854722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/856307"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/856481"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/858534"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/858831"
      );
      # https://www.suse.com/support/update/announcement/2014/suse-su-20140189-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b0cc1610"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 11 SP3 for VMware :
    
    zypper in -t patch slessp3-kernel-8823 slessp3-kernel-8827
    
    SUSE Linux Enterprise Server 11 SP3 :
    
    zypper in -t patch slessp3-kernel-8823 slessp3-kernel-8824
    slessp3-kernel-8825 slessp3-kernel-8826 slessp3-kernel-8827
    
    SUSE Linux Enterprise High Availability Extension 11 SP3 :
    
    zypper in -t patch slehasp3-kernel-8823 slehasp3-kernel-8824
    slehasp3-kernel-8825 slehasp3-kernel-8826 slehasp3-kernel-8827
    
    SUSE Linux Enterprise Desktop 11 SP3 :
    
    zypper in -t patch sledsp3-kernel-8823 sledsp3-kernel-8827
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/02/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^(SLED11|SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED11 / SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! ereg(pattern:"^3$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3", os_ver + " SP" + sp);
    if (os_ver == "SLED11" && (! ereg(pattern:"^3$", string:sp))) audit(AUDIT_OS_NOT, "SLED11 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-ec2-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-ec2-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-ec2-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-xen-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"xen-kmp-default-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-pae-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-pae-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-pae-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"xen-kmp-pae-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"s390x", reference:"kernel-default-man-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-default-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-default-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-default-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-source-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-syms-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-trace-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-trace-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-trace-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-ec2-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-ec2-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-ec2-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-xen-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-xen-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"xen-kmp-default-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-pae-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-pae-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"xen-kmp-pae-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-default-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-default-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-default-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-default-extra-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-source-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-syms-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-trace-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-xen-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-xen-extra-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"xen-kmp-default-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-pae-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-pae-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-pae-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-pae-extra-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"xen-kmp-pae-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-default-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-default-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-default-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-default-extra-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-source-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-syms-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-trace-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-xen-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-xen-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-xen-extra-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"xen-kmp-default-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-pae-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-pae-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-pae-extra-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"xen-kmp-pae-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1264.NASL
    descriptionUpdated kernel-rt packages that fix several security issues and multiple bugs are now available for Red Hat Enterprise MRG 2.3. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A heap-based buffer overflow flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76665
    published2014-07-22
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76665
    titleRHEL 6 : MRG (RHSA-2013:1264)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130827_KERNEL_ON_SL6_X.NASL
    descriptionThis update fixes the following security issues : - A flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2013-08-29
    plugin id69503
    published2013-08-29
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69503
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20130827)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-140124.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : - Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050). (CVE-2013-4587) - Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101). (CVE-2013-4592) - The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051). (CVE-2013-6367) - The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052). (CVE-2013-6368) - The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (bnc#853053). (CVE-2013-6376) - The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321). (CVE-2013-4483) - Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021). (CVE-2013-4511) - Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029). (CVE-2013-4514) - The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034). (CVE-2013-4515) - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559). (CVE-2013-6378) - The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373). (CVE-2013-6380) - The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634). (CVE-2013-7027) - Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name &amp; msg_namelen message header parameters. (bnc#854722). (CVE-2013-6463) - The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558). (CVE-2013-6383) - Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226). (CVE-2013-4345) - arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (bnc#825006). (CVE-2013-2146) - The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (bnc#849362). (CVE-2013-2930) Also the following non-security bugs have been fixed : - kernel: correct tlb flush on page table upgrade (bnc#847660, LTC#99268). - kernel: fix floating-point-control register save and restore (bnc#847660, LTC#99000). - kernel: correct handling of asce-type exceptions (bnc#851879, LTC#100293). - watchdog: Get rid of MODULE_ALIAS_MISCDEV statements. (bnc#827767) - random: fix accounting race condition with lockless irq entropy_count update. (bnc#789359) - blktrace: Send BLK_TN_PROCESS events to all running traces. (bnc#838623) - printk: forcibly flush nmi ringbuffer if oops is in progress. (bnc#849675) - Introduce KABI exception for cpuidle_state->disable via #ifndef __GENKSYMS__ - Honor state disabling in the cpuidle ladder governor. (bnc#845378) - cpuidle: add a sysfs entry to disable specific C state for debug purpose. (bnc#845378) - net: Do not enable tx-nocache-copy by default. (bnc#845378) - mm: reschedule to avoid RCU stall triggering during boot of large machines. (bnc#820434,bnc#852153) - rtc-cmos: Add an alarm disable quirk. (bnc#805740) - tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973, LTC#97595). - tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973, LTC#97595). - sched: Avoid throttle_cfs_rq() racing with period_timer stopping. (bnc#848336) - sched/balancing: Periodically decay max cost of idle balance. (bnc#849256) - sched: Consider max cost of idle balance per sched domain. (bnc#849256) - sched: Reduce overestimating rq->avg_idle. (bnc#849256) - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining. (bnc#848336) - sched: Fix hrtimer_cancel()/rq->lock deadlock. (bnc#848336) - sched: Fix race on toggling cfs_bandwidth_used. (bnc#848336) - sched: Guarantee new group-entities always have weight. (bnc#848336) - sched: Use jump labels to reduce overhead when bandwidth control is inactive. (bnc#848336) - sched: Fix several races in CFS_BANDWIDTH. (bnc#848336) - futex: fix handling of read-only-mapped hugepages (VM Functionality). - futex: move user address verification up to common code. (bnc#851603) - futexes: Clean up various details. (bnc#851603) - futexes: Increase hash table size for better performance. (bnc#851603) - futexes: Document multiprocessor ordering guarantees. (bnc#851603) - futexes: Avoid taking the hb->lock if there is nothing to wake up. (bnc#851603) - futexes: Fix futex_hashsize initialization. (bnc#851603) - mutex: Make more scalable by doing fewer atomic operations. (bnc#849256) - powerpc: Fix memory hotplug with sparse vmemmap. (bnc#827527) - powerpc: Add System RAM to /proc/iomem. (bnc#827527) - powerpc/mm: Mark Memory Resources as busy. (bnc#827527) - powerpc: Fix fatal SLB miss when restoring PPR. (bnc#853465) - powerpc: Make function that parses RTAS error logs global. (bnc#852761) - powerpc/pseries: Parse and handle EPOW interrupts. (bnc#852761) - powerpc/rtas_flash: Fix validate_flash buffer overflow issue. (bnc#847842) - powerpc/rtas_flash: Fix bad memory access. (bnc#847842) - x86: Update UV3 hub revision ID (bnc#846298 fate#314987). - x86: Remove some noise from boot log when starting cpus. (bnc#770541) - x86/microcode/amd: Tone down printk(), do not treat a missing firmware file as an error. (bnc#843654) - x86/dumpstack: Fix printk_address for direct addresses. (bnc#845621) - x86/PCI: reduce severity of host bridge window conflict warnings. (bnc#858534) - ipv6: fix race condition regarding dst->expires and dst->from. (bnc#843185) - netback: bump tx queue length. (bnc#849404) - xfrm: invalidate dst on policy insertion/deletion. (bnc#842239) - xfrm: prevent ipcomp scratch buffer race condition. (bnc#842239) - tcp: bind() fix autoselection to share ports. (bnc#823618) - tcp: bind() use stronger condition for bind_conflict. (bnc#823618) - tcp: ipv6: bind() use stronger condition for bind_conflict. (bnc#823618) - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops. (bnc#823618) - macvlan: introduce IFF_MACVLAN flag and helper function. (bnc#846984) - macvlan: introduce macvlan_dev_real_dev() helper function. (bnc#846984) - macvlan: disable LRO on lower device instead of macvlan. (bnc#846984) - fs: Avoid softlockup in shrink_dcache_for_umount_subtree. (bnc#834473) - blkdev_max_block: make private to fs/buffer.c. (bnc#820338) - storage: SMI Corporation usb key added to READ_CAPACITY_10 quirk. (bnc#850324) - autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race. (bnc#851314) - autofs4: catatonic_mode vs. notify_daemon race. (bnc#851314) - autofs4: close the races around autofs4_notify_daemon(). (bnc#851314) - autofs4: deal with autofs4_write/autofs4_write races. (bnc#851314) - autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless mount. (bnc#851314) - autofs4: fix deal with autofs4_write races. (bnc#851314) - autofs4: use simple_empty() for empty directory check. (bnc#851314) - dlm: set zero linger time on sctp socket. (bnc#787843) - SUNRPC: Fix a data corruption issue when retransmitting RPC calls (no bugzilla yet - netapp confirms problem and fix). - nfs: Change NFSv4 to not recover locks after they are lost. (bnc#828236) - nfs: Adapt readdirplus to application usage patterns. (bnc#834708) - xfs: Account log unmount transaction correctly. (bnc#849950) - xfs: improve ioend error handling. (bnc#846036) - xfs: reduce ioend latency. (bnc#846036) - xfs: use per-filesystem I/O completion workqueues. (bnc#846036) - xfs: Hide additional entries in struct xfs_mount. (bnc#846036 / bnc#848544) - Btrfs: do not BUG_ON() if we get an error walking backrefs (FATE#312888). - vfs: avoid
    last seen2020-06-05
    modified2014-02-05
    plugin id72324
    published2014-02-05
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72324
    titleSuSE 11.3 Security Update : Linux kernel (SAT Patch Number 8826)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1878-1.NASL
    descriptionAn information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. (CVE-2013-0160) A flaw was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id66902
    published2013-06-16
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66902
    titleUbuntu 12.04 LTS : linux vulnerabilities (USN-1878-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1173.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id69493
    published2013-08-28
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69493
    titleRHEL 6 : kernel (RHSA-2013:1173)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1880-1.NASL
    descriptionAn information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. (CVE-2013-0160) An information leak was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id66903
    published2013-06-16
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66903
    titleUbuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-1880-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-140125.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : - Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050). (CVE-2013-4587) - Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101). (CVE-2013-4592) - The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051). (CVE-2013-6367) - The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052). (CVE-2013-6368) - The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (bnc#853053). (CVE-2013-6376) - The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321). (CVE-2013-4483) - Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021). (CVE-2013-4511) - Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029). (CVE-2013-4514) - The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034). (CVE-2013-4515) - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559). (CVE-2013-6378) - The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373). (CVE-2013-6380) - The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634). (CVE-2013-7027) - Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name &amp; msg_namelen message header parameters. (bnc#854722). (CVE-2013-6463) - The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558). (CVE-2013-6383) - Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226). (CVE-2013-4345) - arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (bnc#825006). (CVE-2013-2146) - The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (bnc#849362). (CVE-2013-2930) Also the following non-security bugs have been fixed : - kernel: correct tlb flush on page table upgrade (bnc#847660, LTC#99268). - kernel: fix floating-point-control register save and restore (bnc#847660, LTC#99000). - kernel: correct handling of asce-type exceptions (bnc#851879, LTC#100293). - watchdog: Get rid of MODULE_ALIAS_MISCDEV statements. (bnc#827767) - random: fix accounting race condition with lockless irq entropy_count update. (bnc#789359) - blktrace: Send BLK_TN_PROCESS events to all running traces. (bnc#838623) - printk: forcibly flush nmi ringbuffer if oops is in progress. (bnc#849675) - Introduce KABI exception for cpuidle_state->disable via #ifndef __GENKSYMS__ - Honor state disabling in the cpuidle ladder governor. (bnc#845378) - cpuidle: add a sysfs entry to disable specific C state for debug purpose. (bnc#845378) - net: Do not enable tx-nocache-copy by default. (bnc#845378) - mm: reschedule to avoid RCU stall triggering during boot of large machines. (bnc#820434,bnc#852153) - rtc-cmos: Add an alarm disable quirk. (bnc#805740) - tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973, LTC#97595). - tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973, LTC#97595). - sched: Avoid throttle_cfs_rq() racing with period_timer stopping. (bnc#848336) - sched/balancing: Periodically decay max cost of idle balance. (bnc#849256) - sched: Consider max cost of idle balance per sched domain. (bnc#849256) - sched: Reduce overestimating rq->avg_idle. (bnc#849256) - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining. (bnc#848336) - sched: Fix hrtimer_cancel()/rq->lock deadlock. (bnc#848336) - sched: Fix race on toggling cfs_bandwidth_used. (bnc#848336) - sched: Guarantee new group-entities always have weight. (bnc#848336) - sched: Use jump labels to reduce overhead when bandwidth control is inactive. (bnc#848336) - sched: Fix several races in CFS_BANDWIDTH. (bnc#848336) - futex: fix handling of read-only-mapped hugepages (VM Functionality). - futex: move user address verification up to common code. (bnc#851603) - futexes: Clean up various details. (bnc#851603) - futexes: Increase hash table size for better performance. (bnc#851603) - futexes: Document multiprocessor ordering guarantees. (bnc#851603) - futexes: Avoid taking the hb->lock if there is nothing to wake up. (bnc#851603) - futexes: Fix futex_hashsize initialization. (bnc#851603) - mutex: Make more scalable by doing fewer atomic operations. (bnc#849256) - powerpc: Fix memory hotplug with sparse vmemmap. (bnc#827527) - powerpc: Add System RAM to /proc/iomem. (bnc#827527) - powerpc/mm: Mark Memory Resources as busy. (bnc#827527) - powerpc: Fix fatal SLB miss when restoring PPR. (bnc#853465) - powerpc: Make function that parses RTAS error logs global. (bnc#852761) - powerpc/pseries: Parse and handle EPOW interrupts. (bnc#852761) - powerpc/rtas_flash: Fix validate_flash buffer overflow issue. (bnc#847842) - powerpc/rtas_flash: Fix bad memory access. (bnc#847842) - x86: Update UV3 hub revision ID (bnc#846298 fate#314987). - x86: Remove some noise from boot log when starting cpus. (bnc#770541) - x86/microcode/amd: Tone down printk(), do not treat a missing firmware file as an error. (bnc#843654) - x86/dumpstack: Fix printk_address for direct addresses. (bnc#845621) - x86/PCI: reduce severity of host bridge window conflict warnings. (bnc#858534) - ipv6: fix race condition regarding dst->expires and dst->from. (bnc#843185) - netback: bump tx queue length. (bnc#849404) - xfrm: invalidate dst on policy insertion/deletion. (bnc#842239) - xfrm: prevent ipcomp scratch buffer race condition. (bnc#842239) - tcp: bind() fix autoselection to share ports. (bnc#823618) - tcp: bind() use stronger condition for bind_conflict. (bnc#823618) - tcp: ipv6: bind() use stronger condition for bind_conflict. (bnc#823618) - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops. (bnc#823618) - macvlan: introduce IFF_MACVLAN flag and helper function. (bnc#846984) - macvlan: introduce macvlan_dev_real_dev() helper function. (bnc#846984) - macvlan: disable LRO on lower device instead of macvlan. (bnc#846984) - fs: Avoid softlockup in shrink_dcache_for_umount_subtree. (bnc#834473) - blkdev_max_block: make private to fs/buffer.c. (bnc#820338) - storage: SMI Corporation usb key added to READ_CAPACITY_10 quirk. (bnc#850324) - autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race. (bnc#851314) - autofs4: catatonic_mode vs. notify_daemon race. (bnc#851314) - autofs4: close the races around autofs4_notify_daemon(). (bnc#851314) - autofs4: deal with autofs4_write/autofs4_write races. (bnc#851314) - autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless mount. (bnc#851314) - autofs4: fix deal with autofs4_write races. (bnc#851314) - autofs4: use simple_empty() for empty directory check. (bnc#851314) - dlm: set zero linger time on sctp socket. (bnc#787843) - SUNRPC: Fix a data corruption issue when retransmitting RPC calls (no bugzilla yet - netapp confirms problem and fix). - nfs: Change NFSv4 to not recover locks after they are lost. (bnc#828236) - nfs: Adapt readdirplus to application usage patterns. (bnc#834708) - xfs: Account log unmount transaction correctly. (bnc#849950) - xfs: improve ioend error handling. (bnc#846036) - xfs: reduce ioend latency. (bnc#846036) - xfs: use per-filesystem I/O completion workqueues. (bnc#846036) - xfs: Hide additional entries in struct xfs_mount. (bnc#846036 / bnc#848544) - Btrfs: do not BUG_ON() if we get an error walking backrefs (FATE#312888). - vfs: avoid
    last seen2020-06-05
    modified2014-02-05
    plugin id72325
    published2014-02-05
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72325
    titleSuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 8823 / 8827)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1881-1.NASL
    descriptionAn information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. (CVE-2013-0160) An information leak was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id66904
    published2013-06-16
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66904
    titleUbuntu 12.10 : linux vulnerabilities (USN-1881-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-1173.NASL
    descriptionFrom Red Hat Security Advisory 2013:1173 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id69492
    published2013-08-28
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69492
    titleOracle Linux 6 : kernel (ELSA-2013-1173)

Redhat

advisories
rhsa
idRHSA-2013:1173
rpms
  • kernel-0:2.6.32-358.18.1.el6
  • kernel-bootwrapper-0:2.6.32-358.18.1.el6
  • kernel-debug-0:2.6.32-358.18.1.el6
  • kernel-debug-debuginfo-0:2.6.32-358.18.1.el6
  • kernel-debug-devel-0:2.6.32-358.18.1.el6
  • kernel-debuginfo-0:2.6.32-358.18.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-358.18.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-358.18.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-358.18.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-358.18.1.el6
  • kernel-devel-0:2.6.32-358.18.1.el6
  • kernel-doc-0:2.6.32-358.18.1.el6
  • kernel-firmware-0:2.6.32-358.18.1.el6
  • kernel-headers-0:2.6.32-358.18.1.el6
  • kernel-kdump-0:2.6.32-358.18.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-358.18.1.el6
  • kernel-kdump-devel-0:2.6.32-358.18.1.el6
  • perf-0:2.6.32-358.18.1.el6
  • perf-debuginfo-0:2.6.32-358.18.1.el6
  • python-perf-0:2.6.32-358.18.1.el6
  • python-perf-debuginfo-0:2.6.32-358.18.1.el6
  • kernel-0:2.6.32-358.118.1.openstack.el6
  • kernel-debug-0:2.6.32-358.118.1.openstack.el6
  • kernel-debug-debuginfo-0:2.6.32-358.118.1.openstack.el6
  • kernel-debug-devel-0:2.6.32-358.118.1.openstack.el6
  • kernel-debuginfo-0:2.6.32-358.118.1.openstack.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-358.118.1.openstack.el6
  • kernel-devel-0:2.6.32-358.118.1.openstack.el6
  • kernel-doc-0:2.6.32-358.118.1.openstack.el6
  • kernel-firmware-0:2.6.32-358.118.1.openstack.el6
  • kernel-headers-0:2.6.32-358.118.1.openstack.el6
  • perf-0:2.6.32-358.118.1.openstack.el6
  • perf-debuginfo-0:2.6.32-358.118.1.openstack.el6
  • python-perf-0:2.6.32-358.118.1.openstack.el6
  • python-perf-debuginfo-0:2.6.32-358.118.1.openstack.el6
  • kernel-rt-0:3.6.11.5-rt37.55.el6rt
  • kernel-rt-debug-0:3.6.11.5-rt37.55.el6rt
  • kernel-rt-debug-debuginfo-0:3.6.11.5-rt37.55.el6rt
  • kernel-rt-debug-devel-0:3.6.11.5-rt37.55.el6rt
  • kernel-rt-debuginfo-0:3.6.11.5-rt37.55.el6rt
  • kernel-rt-debuginfo-common-x86_64-0:3.6.11.5-rt37.55.el6rt
  • kernel-rt-devel-0:3.6.11.5-rt37.55.el6rt
  • kernel-rt-doc-0:3.6.11.5-rt37.55.el6rt
  • kernel-rt-firmware-0:3.6.11.5-rt37.55.el6rt
  • kernel-rt-trace-0:3.6.11.5-rt37.55.el6rt
  • kernel-rt-trace-debuginfo-0:3.6.11.5-rt37.55.el6rt
  • kernel-rt-trace-devel-0:3.6.11.5-rt37.55.el6rt
  • kernel-rt-vanilla-0:3.6.11.5-rt37.55.el6rt
  • kernel-rt-vanilla-debuginfo-0:3.6.11.5-rt37.55.el6rt
  • kernel-rt-vanilla-devel-0:3.6.11.5-rt37.55.el6rt
  • mrg-rt-release-0:3.6.11.5-rt37.55.el6rt