Vulnerabilities > CVE-2013-2206 - Unspecified vulnerability in Linux Kernel
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN linux
nessus
Summary
The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic.
Vulnerable Configurations
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-1173.NASL description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 69496 published 2013-08-29 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69496 title CentOS 6 : kernel (CESA-2013:1173) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:1173 and # CentOS Errata and Security Advisory 2013:1173 respectively. # include("compat.inc"); if (description) { script_id(69496); script_version("1.7"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2012-6544", "CVE-2013-2146", "CVE-2013-2206", "CVE-2013-2224", "CVE-2013-2232", "CVE-2013-2237"); script_bugtraq_id(58990, 60324, 60715, 60858, 60893, 60953); script_xref(name:"RHSA", value:"2013:1173"); script_name(english:"CentOS 6 : kernel (CESA-2013:1173)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled duplicate cookies. If a local user queried SCTP connection information at the same time a remote attacker has initialized a crafted SCTP connection to the system, it could trigger a NULL pointer dereference, causing the system to crash. (CVE-2013-2206, Important) * It was found that the fix for CVE-2012-3552 released via RHSA-2012:1304 introduced an invalid free flaw in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to corrupt kernel memory via crafted sendmsg() calls, allowing them to cause a denial of service or, potentially, escalate their privileges on the system. (CVE-2013-2224, Important) * A flaw was found in the Linux kernel's Performance Events implementation. On systems with certain Intel processors, a local, unprivileged user could use this flaw to cause a denial of service by leveraging the perf subsystem to write into the reserved bits of the OFFCORE_RSP_0 and OFFCORE_RSP_1 model-specific registers. (CVE-2013-2146, Moderate) * An invalid pointer dereference flaw was found in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system by using sendmsg() with an IPv6 socket connected to an IPv4 destination. (CVE-2013-2232, Moderate) * Information leak flaws in the Linux kernel's Bluetooth implementation could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2012-6544, Low) * An information leak flaw in the Linux kernel could allow a privileged, local user to leak kernel memory to user-space. (CVE-2013-2237, Low) This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2013-August/019918.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9bbc3c9d" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2224"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-firmware"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/15"); script_set_attribute(attribute:"patch_publication_date", value:"2013/08/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-6", reference:"kernel-2.6.32-358.18.1.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"kernel-debug-2.6.32-358.18.1.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"kernel-debug-devel-2.6.32-358.18.1.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"kernel-devel-2.6.32-358.18.1.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"kernel-doc-2.6.32-358.18.1.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"kernel-firmware-2.6.32-358.18.1.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"kernel-headers-2.6.32-358.18.1.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"perf-2.6.32-358.18.1.el6")) flag++; if (rpm_check(release:"CentOS-6", reference:"python-perf-2.6.32-358.18.1.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debug / kernel-debug-devel / kernel-devel / etc"); }NASL family Misc. NASL id VMWARE_ESX_VMSA-2013-0015_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - Kernel - Netscape Portable Runtime (NSPR) - Network Security Services (NSS) last seen 2020-06-01 modified 2020-06-02 plugin id 89670 published 2016-03-04 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89670 title VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0015) (remote check) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(89670); script_version("1.4"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id( "CVE-2012-2372", "CVE-2012-3552", "CVE-2013-0791", "CVE-2013-1620", "CVE-2013-2147", "CVE-2013-2164", "CVE-2013-2206", "CVE-2013-2224", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2237" ); script_bugtraq_id( 54062, 55359, 57777, 58826, 60280, 60375, 60715, 60858, 60874, 60893, 60953 ); script_xref(name:"VMSA", value:"2013-0015"); script_name(english:"VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0015) (remote check)"); script_summary(english:"Checks the version and build numbers of the remote host."); script_set_attribute(attribute:"synopsis", value: "The remote VMware ESX / ESXi host is missing a security-related patch."); script_set_attribute(attribute:"description", value: "The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - Kernel - Netscape Portable Runtime (NSPR) - Network Security Services (NSS)"); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2013-0015.html"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the vendor advisory that pertains to ESX version 4.0 / 4.1."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/18"); script_set_attribute(attribute:"patch_publication_date", value:"2013/12/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc."); script_dependencies("vmware_vsphere_detect.nbin"); script_require_keys("Host/VMware/version", "Host/VMware/release"); script_require_ports("Host/VMware/vsphere"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); ver = get_kb_item_or_exit("Host/VMware/version"); rel = get_kb_item_or_exit("Host/VMware/release"); port = get_kb_item_or_exit("Host/VMware/vsphere"); esx = ''; build = 0; fix = FALSE; if ("ESX" >!< rel || "ESXi" >< rel) audit(AUDIT_OS_NOT, "VMware ESX"); extract = eregmatch(pattern:"^ESX (\d\.\d).*$", string:ver); if (empty_or_null(extract)) audit(AUDIT_UNKNOWN_APP_VER, "VMware ESX/ESXi"); ver = extract[1]; extract = eregmatch(pattern:'^VMware ESX.* build-([0-9]+)$', string:rel); if (isnull(extract)) audit(AUDIT_UNKNOWN_BUILD, "VMware ESX", ver); build = int(extract[1]); fixes = make_array( "4.1", 1363503, "4.0", -1 ); fix = fixes[ver]; if (!fix) audit(AUDIT_INST_VER_NOT_VULN, "VMware ESX", ver, build); if (build < fix || fix == -1) { if (fix == -1) fixl = '\n Note : No patch was ever released.'; else fixl = '\n Fixed build : ' + fix; report = '\n Version : ' + esx + " " + ver + '\n Installed build : ' + build + fixl +'\n'; security_report_v4(port:port, severity:SECURITY_WARNING, extra:report); exit(0); } else audit(AUDIT_INST_VER_NOT_VULN, "VMware ESX", ver, build);NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2013-0015.NASL description a. Update to ESX service console kernel The ESX service console kernel is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-2372, CVE-2012-3552, CVE-2013-2147, CVE-2013-2164, CVE-2013-2206, CVE-2013-2224, CVE-2013-2234, CVE-2013-2237, CVE-2013-2232 to these issues. b. Update to ESX service console NSPR and NSS This patch updates the ESX service console Netscape Portable Runtime (NSPR) and Network Security Services (NSS) RPMs to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-0791 and CVE-2013-1620 to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 71245 published 2013-12-06 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71245 title VMSA-2013-0015 : VMware ESX updates to third-party libraries code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory 2013-0015. # The text itself is copyright (C) VMware Inc. # include("compat.inc"); if (description) { script_id(71245); script_version("1.6"); script_cvs_date("Date: 2018/08/06 14:03:16"); script_cve_id("CVE-2012-2372", "CVE-2012-3552", "CVE-2013-0791", "CVE-2013-1620", "CVE-2013-2147", "CVE-2013-2164", "CVE-2013-2206", "CVE-2013-2224", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2237"); script_bugtraq_id(54062, 55359, 57777, 58826, 60280, 60375, 60715, 60858, 60874, 60893, 60953); script_xref(name:"VMSA", value:"2013-0015"); script_name(english:"VMSA-2013-0015 : VMware ESX updates to third-party libraries"); script_summary(english:"Checks esxupdate output for the patches"); script_set_attribute( attribute:"synopsis", value: "The remote VMware ESX host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "a. Update to ESX service console kernel The ESX service console kernel is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-2372, CVE-2012-3552, CVE-2013-2147, CVE-2013-2164, CVE-2013-2206, CVE-2013-2224, CVE-2013-2234, CVE-2013-2237, CVE-2013-2232 to these issues. b. Update to ESX service console NSPR and NSS This patch updates the ESX service console Netscape Portable Runtime (NSPR) and Network Security Services (NSS) RPMs to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-0791 and CVE-2013-1620 to these issues." ); script_set_attribute( attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2013/000227.html" ); script_set_attribute(attribute:"solution", value:"Apply the missing patches."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.1"); script_set_attribute(attribute:"patch_publication_date", value:"2013/12/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"VMware ESX Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version"); script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs"); exit(0); } include("audit.inc"); include("vmware_esx_packages.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi"); if ( !get_kb_item("Host/VMware/esxcli_software_vibs") && !get_kb_item("Host/VMware/esxupdate") ) audit(AUDIT_PACKAGE_LIST_MISSING); init_esx_check(date:"2013-12-05"); flag = 0; if ( esx_check( ver : "ESX 4.1", patch : "ESX410-201312401-SG", patch_updates : make_list("ESX410-201404401-SG") ) ) flag++; if (esx_check(ver:"ESX 4.1", patch:"ESX410-201312403-SG")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:esx_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1635.NASL description According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.(CVE-2018-20836)The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.(CVE-2019-11190)The Siemens R3964 line discipline driver in drivers/tty_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.(CVE-2019-11486)The Linux kernel before 5.1-rc5 allows page-i1/4z_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.(CVE-2019-11487)The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.(CVE-2019-11599)A n issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.(CVE-2019-11810)In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.(CVE-2018-7191)net/ipv6etfilterf_conntrac k_reasm.c in the Linux kernel before 2.6.34, when the nf_conntrack_ipv6 module is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets.(CVE-2012-2744)Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem.(CVE-2012-3400)The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.(CVE-2013-2164)The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.(CVE-2013-6282)The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic.(CVE-2013-2206)A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101.(CVE-2017-0786)An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.(CVE-2019-11811)Not e1: kernel-4.19.36-vhulk1907.1.0.h529 and earlier versions in EulerOS Virtualization for ARM 64 3.0.2.0 return incorrect time information when executing the uname -a command.Note2: The kernel version number naming format has been changed after 4.19.36-1.2.184.aarch64, the new version format is 4.19.36-vhulk1907.1.0.hxxx.aarch64, which may lead to false positives of this security advisory. Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-13 modified 2019-05-30 plugin id 125587 published 2019-05-30 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125587 title EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1635) NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-131107.NASL description The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to version 3.0.101 and also includes various other bug and security fixes. The following features have been added : - Drivers: hv: Support handling multiple VMBUS versions (FATE#314665). - Drivers: hv: Save and export negotiated vmbus version (FATE#314665). - Drivers: hv: Move vmbus version definitions to hyperv.h (FATE#314665). The following security issue has been fixed : - The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. (bnc#826102). (CVE-2013-2206) The following non-security bugs have been fixed : - mm, memcg: introduce own oom handler to iterate only over its own threads. - mm, memcg: move all oom handling to memcontrol.c. - mm, oom: avoid looping when chosen thread detaches its mm. - mm, oom: fold oom_kill_task() into oom_kill_process(). - mm, oom: introduce helper function to process threads during scan. - mm, oom: reduce dependency on tasklist_lock (Reduce tasklist_lock hold times). (bnc#821259) - mm: do not walk all of system memory during show_mem (Reduce tasklist_lock hold times). (bnc#821259) - iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets. (bnc#844513) - x86/iommu/vt-d: Expand interrupt remapping quirk to cover x58 chipset. (bnc#844513) - iommu/vt-d: Only warn about broken interrupt remapping. (bnc#844513) - iommu: Remove stack trace from broken irq remapping warning. (bnc#844513) - intel-iommu: Fix leaks in pagetable freeing. (bnc#841402) - Revert aer_recover_queue() __GENKSYMS__ hack, add a fake symset with the previous value instead. (bnc#847721) - i2c: ismt: initialize DMA buffer. (bnc#843753) - powerpc/irq: Run softirqs off the top of the irq stack. (bnc#847319) - quirks: add touchscreen that is dazzeled by remote wakeup. (bnc#835930) - kernel: sclp console hangs (bnc#841498, LTC#95711). - tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973,LTC#97595). - tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973,LTC#97595). - softirq: reduce latencies. (bnc#797526) - X.509: Remove certificate date checks. (bnc#841656) - config/debug: Enable FSCACHE_DEBUG and CACHEFILES_DEBUG. (bnc#837372) - splice: fix racy pipe->buffers uses. (bnc#827246) - blktrace: fix race with open trace files and directory removal. (bnc#832292) - rcu: Do not trigger false positive RCU stall detection. (bnc#834204) - kernel: allow program interruption filtering in user space (bnc#837596, LTC#97332). - Audit: do not print error when LSMs disabled. (bnc#842057) - SUNRPC: close a rare race in xs_tcp_setup_socket. (bnc#794824) - Btrfs: fix negative qgroup tracking from owner accounting. (bnc#821948) - cifs: fill TRANS2_QUERY_FILE_INFO ByteCount fields. (bnc#804950) - NFS: make nfs_flush_incompatible more generous. (bnc#816099) - xfs: growfs: use uncached buffers for new headers. (bnc#842604) - NFS: do not try to use lock state when we hold a delegation. (bnc#831029) - NFS: nfs_lookup_revalidate(): fix a leak. (bnc#828894) - fs: do_add_mount()/umount -l races. (bnc#836801) - xfs: avoid double-free in xfs_attr_node_addname. - xfs: Check the return value of xfs_buf_get(). (bnc#842604) - iscsi: do not hang in endless loop if no targets present. (bnc#841094) - scsi_dh_alua: Allow get_alua_data() to return NULL. (bnc#839407) - cifs: revalidate directories instiantiated via FIND_ in order to handle DFS referrals. (bnc#831143) - cifs: do not instantiate new dentries in readdir for inodes that need to be revalidated immediately. (bnc#831143) - cifs: rename cifs_readdir_lookup to cifs_prime_dcache and make it void return. (bnc#831143) - cifs: get rid of blind d_drop() in readdir. (bnc#831143) - cifs: cleanup cifs_filldir. (bnc#831143) - cifs: on send failure, readjust server sequence number downward. (bnc#827966) - cifs: adjust sequence number downward after signing NT_CANCEL request. (bnc#827966) - cifs: on send failure, readjust server sequence number downward. (bnc#827966) - cifs: adjust sequence number downward after signing NT_CANCEL request. (bnc#827966) - reiserfs: fix race with flush_used_journal_lists and flush_journal_list. (bnc#837803) - reiserfs: remove useless flush_old_journal_lists. - lib/radix-tree.c: make radix_tree_node_alloc() work correctly within interrupt. (bnc#763463) - md: Throttle number of pending write requests in md/raid10. (bnc#833858) - dm: ignore merge_bvec for snapshots when safe. (bnc#820848) - ata: Set proper SK when CK_COND is set. (bnc#833588) - Btrfs: abort unlink trans in missed error case. - Btrfs: add all ioctl checks before user change for quota operations. - Btrfs: add a rb_tree to improve performance of ulist search. - Btrfs: add btrfs_fs_incompat helper. - Btrfs: add ioctl to wait for qgroup rescan completion. - Btrfs: add log message stubs. - Btrfs: add missing error checks to add_data_references. - Btrfs: add missing error code to BTRFS_IOC_INO_LOOKUP handler. - Btrfs: add missing error handling to read_tree_block. - Btrfs: add missing mounting options in btrfs_show_options(). - Btrfs: add sanity checks regarding to parsing mount options. - Btrfs: add some missing iput()s in btrfs_orphan_cleanup. - Btrfs: add tree block level sanity check. - Btrfs: allocate new chunks if the space is not enough for global rsv. - Btrfs: allow file data clone within a file. - Btrfs: allow superblock mismatch from older mkfs. - Btrfs: annotate quota tree for lockdep. - Btrfs: automatic rescan after last seen 2020-06-05 modified 2013-11-22 plugin id 71034 published 2013-11-22 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71034 title SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 8524 / 8525 / 8528) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1181.NASL description An updated rhev-hypervisor6 package that fixes three security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of last seen 2020-06-01 modified 2020-06-02 plugin id 78969 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78969 title RHEL 6 : rhev-hypervisor6 (RHSA-2013:1181) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-2542.NASL description Description of changes: kernel-uek [2.6.32-400.29.3.el5uek] - block: do not pass disk names as format strings (Jerry Snitselaar) [Orabug: 17230124] {CVE-2013-2851} - af_key: initialize satype in key_notify_policy_flush() (Nicolas Dichtel) [Orabug: 17370765] {CVE-2013-2237} - Bluetooth: L2CAP - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17371054] {CVE-2012-6544} - Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER) (Mathias Krause) [Orabug: 17371072] {CVE-2012-6544} - ipv6: ip6_sk_dst_check() must not assume ipv6 dst (Eric Dumazet) [Orabug: 17371079] {CVE-2013-2232} - sctp: Use correct sideffect command in duplicate cookie handling (Vlad Yasevich) [Orabug: 17371121] {CVE-2013-2206} - sctp: deal with multiple COOKIE_ECHO chunks (Max Matveev) [Orabug: 17372129] {CVE-2013-2206} last seen 2020-06-01 modified 2020-06-02 plugin id 69509 published 2013-08-30 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69509 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2542) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2766.NASL description Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-2141 Emese Revfy provided a fix for an information leak in the tkill and tgkill system calls. A local user on a 64-bit system may be able to gain access to sensitive memory contents. - CVE-2013-2164 Jonathan Salwan reported an information leak in the CD-ROM driver. A local user on a system with a malfunctioning CD-ROM drive could gain access to sensitive memory. - CVE-2013-2206 Karl Heiss reported an issue in the Linux SCTP implementation. A remote user could cause a denial of service (system crash). - CVE-2013-2232 Dave Jones and Hannes Frederic Sowa resolved an issue in the IPv6 subsystem. Local users could cause a denial of service by using an AF_INET6 socket to connect to an IPv4 destination. - CVE-2013-2234 Mathias Krause reported a memory leak in the implementation of PF_KEYv2 sockets. Local users could gain access to sensitive kernel memory. - CVE-2013-2237 Nicolas Dichtel reported a memory leak in the implementation of PF_KEYv2 sockets. Local users could gain access to sensitive kernel memory. - CVE-2013-2239 Jonathan Salwan discovered multiple memory leaks in the openvz kernel flavor. Local users could gain access to sensitive kernel memory. - CVE-2013-2851 Kees Cook reported an issue in the block subsystem. Local users with uid 0 could gain elevated ring 0 privileges. This is only a security issue for certain specially configured systems. - CVE-2013-2852 Kees Cook reported an issue in the b43 network driver for certain Broadcom wireless devices. Local users with uid 0 could gain elevated ring 0 privileges. This is only a security issue for certain specially configured systems. - CVE-2013-2888 Kees Cook reported an issue in the HID driver subsystem. A local user, with the ability to attach a device, could cause a denial of service (system crash). - CVE-2013-2892 Kees Cook reported an issue in the pantherlord HID device driver. Local users with the ability to attach a device could cause a denial of service or possibly gain elevated privileges. last seen 2020-03-17 modified 2013-09-30 plugin id 70200 published 2013-09-30 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70200 title Debian DSA-2766-1 : linux-2.6 - privilege escalation/denial of service/information leak NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1940-1.NASL description Vasily Kulikov discovered a flaw in the Linux Kernel last seen 2020-06-01 modified 2020-06-02 plugin id 69808 published 2013-09-07 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69808 title Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-1940-1) NASL family Scientific Linux Local Security Checks NASL id SL_20130827_KERNEL_ON_SL6_X.NASL description This update fixes the following security issues : - A flaw was found in the way the Linux kernel last seen 2020-03-18 modified 2013-08-29 plugin id 69503 published 2013-08-29 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69503 title Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20130827) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1186.NASL description According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem.(CVE-2012-3400)The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.(CVE-2013-2164)The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic.(CVE-2013-2206)The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.(CVE-2013-6282)An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free.(CVE-2018-20836)The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.(CVE-2019-11486)The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.(CVE-2019-11487)The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.(CVE-2019-11599)A n issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free.(CVE-2019-11810)An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c.(CVE-2019-11811)A flaw was found in the Linux kernel last seen 2020-05-03 modified 2020-03-11 plugin id 134387 published 2020-03-11 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134387 title EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1186) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-1166-1.NASL description From Red Hat Security Advisory 2013:1166 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 69455 published 2013-08-23 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69455 title Oracle Linux 5 : kernel (ELSA-2013-1166-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-1166.NASL description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 69434 published 2013-08-22 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69434 title CentOS 5 : kernel (CESA-2013:1166) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1173.NASL description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 69493 published 2013-08-28 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69493 title RHEL 6 : kernel (RHSA-2013:1173) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-1166.NASL description From Red Hat Security Advisory 2013:1166 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 69456 published 2013-08-23 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69456 title Oracle Linux 5 : kernel (ELSA-2013-1166) NASL family SuSE Local Security Checks NASL id SUSE_SU-2013-1832-1.NASL description The SUSE Linux Enterprise Server 10 SP3 LTSS kernel received a roll up update to fix lots of moderate security issues and several bugs. The Following security issues have been fixed : CVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel did not properly handle recursion, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2011-2494: kernel/taskstats.c in the Linux kernel allowed local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another users password. CVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel did not initialize certain structure members, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. CVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel did not initialize certain data structures, which allowed local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. CVE-2013-2141: The do_tkill function in kernel/signal.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. CVE-2013-0160: The Linux kernel allowed local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel did not initialize certain structures, which allowed local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-3235: net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. CVE-2013-1827: net/dccp/ccid.h in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. CVE-2012-6549: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory via a crafted application. CVE-2012-6547: The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2012-6546: The ATM implementation in the Linux kernel did not initialize certain structures, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2012-6544: The Bluetooth protocol stack in the Linux kernel did not properly initialize certain structures, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. CVE-2012-6545: The Bluetooth RFCOMM implementation in the Linux kernel did not properly initialize certain structures, which allowed local users to obtain sensitive information from kernel memory via a crafted application. CVE-2012-6542: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel had an incorrect return value in certain circumstances, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. CVE-2012-6541: The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2012-6540: The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel did not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2013-0914: The flush_signal_handlers function in kernel/signal.c in the Linux kernel preserved the value of the sa_restorer field across an exec operation, which made it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. CVE-2011-2492: The bluetooth subsystem in the Linux kernel did not properly initialize certain data structures, which allowed local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c. CVE-2013-2206: The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. CVE-2012-6539: The dev_ifconf function in net/socket.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application. CVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel allowed local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. CVE-2012-4444: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel allowed remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel on unspecified architectures lacked a certain error check, which might have allowed local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel allowed local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel allowed local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. CVE-2012-3510: Use-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel allowed local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command. CVE-2011-4110: The user_update function in security/keys/user_defined.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and last seen 2020-06-05 modified 2015-05-20 plugin id 83603 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83603 title SUSE SLES10 Security Update : kernel (SUSE-SU-2013:1832-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1166.NASL description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 69413 published 2013-08-21 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69413 title RHEL 5 : kernel (RHSA-2013:1166) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-2543.NASL description Description of changes: [2.6.39-400.109.6.el6uek] - block: do not pass disk names as format strings (Kees Cook) [Orabug: 17230083] {CVE-2013-2851} - libceph: Fix NULL pointer dereference in auth client code (Tyler Hicks) [Orabug: 17230108] {CVE-2013-1059} - ipv6: ip6_sk_dst_check() must not assume ipv6 dst (Eric Dumazet) [Orabug: 17371078] {CVE-2013-2232} - af_key: initialize satype in key_notify_policy_flush() (Nicolas Dichtel) [Orabug: 17370788] {CVE-2013-2237} - Bluetooth: HCI - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17370892] {CVE-2012-6544} - Bluetooth: L2CAP - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17371050] {CVE-2012-6544} - Bluetooth: HCI - Fix info leak in getsockopt(HCI_FILTER) (Mathias Krause) [Orabug: 17371065] {CVE-2012-6544} - sctp: Use correct sideffect command in duplicate cookie handling (Vlad Yasevich) [Orabug: 17371118] {CVE-2013-2206} - sctp: deal with multiple COOKIE_ECHO chunks (Max Matveev) [Orabug: 17372121] {CVE-2013-2206} last seen 2020-06-01 modified 2020-06-02 plugin id 69510 published 2013-08-30 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69510 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2543) NASL family SuSE Local Security Checks NASL id SUSE_SU-2014-0536-1.NASL description The SUSE Linux Enterprise Server 10 Service Pack 4 LTSS kernel has been updated to fix various security issues and several bugs. The following security issues have been addressed : CVE-2011-2492: The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c. (bnc#702014) CVE-2011-2494: kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user last seen 2020-06-05 modified 2015-05-20 plugin id 83618 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83618 title SUSE SLES10 Security Update : kernel (SUSE-SU-2014:0536-1) NASL family Scientific Linux Local Security Checks NASL id SL_20130820_KERNEL_ON_SL5_X.NASL description This update fixes the following security issues : - A flaw was found in the way the Linux kernel last seen 2020-03-18 modified 2013-08-22 plugin id 69440 published 2013-08-22 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69440 title Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20130820) NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-131106.NASL description The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to version 3.0.101 and also includes various other bug and security fixes. The following features have been added : - Drivers: hv: Support handling multiple VMBUS versions (FATE#314665). - Drivers: hv: Save and export negotiated vmbus version (FATE#314665). - Drivers: hv: Move vmbus version definitions to hyperv.h (FATE#314665). The following security issue has been fixed : - The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel did not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. (bnc#826102). (CVE-2013-2206) The following non-security bugs have been fixed : - kernel: sclp console hangs (bnc#841498, LTC#95711). - intel-iommu: Fix leaks in pagetable freeing. (bnc#841402) - iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets. (bnc#844513) - x86/iommu/vt-d: Expand interrupt remapping quirk to cover x58 chipset. (bnc#844513) - iommu/vt-d: Only warn about broken interrupt remapping. (bnc#844513) - iommu: Remove stack trace from broken irq remapping warning. (bnc#844513) - softirq: reduce latencies. (bnc#797526) - Fix lockup related to stop_machine being stuck in __do_softirq. (bnc#797526) - splice: fix racy pipe->buffers uses. (bnc#827246) - blktrace: fix race with open trace files and directory removal. (bnc#832292) - mm: Do not walk all of system memory during show_mem (Reduce tasklist_lock hold times (bnc#821259)). - mm: Bounce memory pool initialisation. (bnc#836347) - mm, memcg: introduce own oom handler to iterate only over its own threads. - mm, memcg: move all oom handling to memcontrol.c. - mm, oom: avoid looping when chosen thread detaches its mm. - mm, oom: fold oom_kill_task() into oom_kill_process(). - mm, oom: introduce helper function to process threads during scan. - mm, oom: reduce dependency on tasklist_lock. - ipv6: do not call fib6_run_gc() until routing is ready. (bnc#836218) - ipv6: prevent fib6_run_gc() contention. (bnc#797526) - ipv6: update ip6_rt_last_gc every time GC is run. (bnc#797526) - net/mlx4_en: Fix BlueFlame race. (bnc#835684) - netfilter: nf_conntrack: use RCU safe kfree for conntrack extensions (bnc#827416 bko#60853). - netfilter: prevent race condition breaking net reference counting. (bnc#835094) - net: remove skb_orphan_try(). (bnc#834600) - bonding: check bond->vlgrp in bond_vlan_rx_kill_vid(). (bnc#834905) - sctp: deal with multiple COOKIE_ECHO chunks. (bnc#826102) - SUNRPC: close a rare race in xs_tcp_setup_socket. (bnc#794824) - NFS: make nfs_flush_incompatible more generous. (bnc#816099) - NFS: do not try to use lock state when we hold a delegation. (bnc#831029) - nfs_lookup_revalidate(): fix a leak. (bnc#828894) - xfs: growfs: use uncached buffers for new headers. (bnc#842604) - xfs: Check the return value of xfs_buf_get(). (bnc#842604) - xfs: avoid double-free in xfs_attr_node_addname. - do_add_mount()/umount -l races. (bnc#836801) - cifs: Fix TRANS2_QUERY_FILE_INFO ByteCount fields. (bnc#804950) - cifs: Fix EREMOTE errors encountered on DFS links. (bnc#831143) - reiserfs: fix race with flush_used_journal_lists and flush_journal_list. (bnc#837803) - reiserfs: remove useless flush_old_journal_lists. - fs: writeback: Do not sync data dirtied after sync start. (bnc#833820) - rcu: Do not trigger false positive RCU stall detection. (bnc#834204) - lib/radix-tree.c: make radix_tree_node_alloc() work correctly within interrupt. (bnc#763463) - bnx2x: Change to D3hot only on removal. (bnc#838448) - vmxnet3: prevent div-by-zero panic when ring resizing uninitialized dev. (bnc#833321) - Drivers: hv: Support handling multiple VMBUS versions (fate#314665). - Drivers: hv: Save and export negotiated vmbus version (fate#314665). - Drivers: hv: Move vmbus version definitions to hyperv.h (fate#314665). - Drivers: hv: util: Fix a bug in version negotiation code for util services. (bnc#828714) - Drivers: hv: util: Correctly support ws2008R2 and earlier. (bnc#838346) - Drivers: hv: util: Fix a bug in util version negotiation code. (bnc#838346) - iscsi: do not hang in endless loop if no targets present. (bnc#841094) - ata: Set proper SK when CK_COND is set. (bnc#833588) - md: Throttle number of pending write requests in md/raid10. (bnc#833858) - dm: ignore merge_bvec for snapshots when safe. (bnc#820848) - elousb: some systems cannot stomach work around. (bnc#840830) - bio-integrity: track owner of integrity payload. (bnc#831380) - quirks: add touchscreen that is dazzeled by remote wakeup. (bnc#835930) - Fixed Xen guest freezes. (bnc#829682, bnc#842063) - config/debug: Enable FSCACHE_DEBUG and CACHEFILES_DEBUG. (bnc#837372) - series.conf: disable XHCI ring expansion patches because on machines with large memory they cause a starvation problem. (bnc#833635) - rpm/old-flavors, rpm/mkspec: Add version information to obsolete flavors. (bnc#821465) - rpm/kernel-binary.spec.in: Move the xenpae obsolete to the old-flavors file. - rpm/old-flavors: Convert the old-packages.conf file to a flat list. - rpm/old-packages.conf: Drop bogus obsoletes for last seen 2020-06-05 modified 2013-11-22 plugin id 71033 published 2013-11-22 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/71033 title SuSE 11.2 Security Update : Linux Kernel (SAT Patch Numbers 8509 / 8516 / 8518) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1939-1.NASL description Vasily Kulikov discovered a flaw in the Linux Kernel last seen 2020-06-01 modified 2020-06-02 plugin id 69807 published 2013-09-07 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69807 title Ubuntu 10.04 LTS : linux vulnerabilities (USN-1939-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-1034.NASL description The Linux Kernel was updated to fix various security issues and bugs. - sctp: Use correct sideffect command in duplicate cookie handling (bnc#826102, CVE-2013-2206). - Drivers: hv: util: Fix a bug in util version negotiation code (bnc#838346). - vmxnet3: prevent div-by-zero panic when ring resizing uninitialized dev (bnc#833321). - md/raid1,5,10: Disable WRITE SAME until a recovery strategy is in place (bnc#813889). - netback: don last seen 2020-06-05 modified 2014-06-13 plugin id 74878 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74878 title openSUSE Security Update : kernel (openSUSE-SU-2013:1971-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-2546.NASL description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise Kernel package(s). last seen 2020-06-01 modified 2020-06-02 plugin id 69942 published 2013-09-18 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69942 title Oracle Linux 5 / 6 : Unbreakable Enterprise Kernel (ELSA-2013-2546) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-1173.NASL description From Red Hat Security Advisory 2013:1173 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 69492 published 2013-08-28 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69492 title Oracle Linux 6 : kernel (ELSA-2013-1173)
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- http://www.openwall.com/lists/oss-security/2013/06/21/1
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.5
- https://github.com/torvalds/linux/commit/f2815633504b442ca0b0605c16bf3d88a3a0fcea
- https://bugzilla.redhat.com/show_bug.cgi?id=976562
- http://www.ubuntu.com/usn/USN-1939-1
- http://www.debian.org/security/2013/dsa-2766
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html
- http://rhn.redhat.com/errata/RHSA-2013-1166.html
- http://rhn.redhat.com/errata/RHSA-2013-1173.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00023.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00020.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f2815633504b442ca0b0605c16bf3d88a3a0fcea