Vulnerabilities > CVE-2013-2224 - Unspecified vulnerability in Redhat Enterprise Linux 6.0

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
redhat
nessus

Summary

A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows local users to cause a denial of service (invalid free operation and system crash) or possibly gain privileges via a sendmsg system call with the IP_RETOPTS option, as demonstrated by hemlock.c. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-3552.

Vulnerable Configurations

Part Description Count
OS
Redhat
1

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-1173.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id69496
    published2013-08-29
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69496
    titleCentOS 6 : kernel (CESA-2013:1173)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:1173 and 
    # CentOS Errata and Security Advisory 2013:1173 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(69496);
      script_version("1.7");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2012-6544", "CVE-2013-2146", "CVE-2013-2206", "CVE-2013-2224", "CVE-2013-2232", "CVE-2013-2237");
      script_bugtraq_id(58990, 60324, 60715, 60858, 60893, 60953);
      script_xref(name:"RHSA", value:"2013:1173");
    
      script_name(english:"CentOS 6 : kernel (CESA-2013:1173)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix multiple security issues and several
    bugs are now available for Red Hat Enterprise Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    This update fixes the following security issues :
    
    * A flaw was found in the way the Linux kernel's Stream Control
    Transmission Protocol (SCTP) implementation handled duplicate cookies.
    If a local user queried SCTP connection information at the same time a
    remote attacker has initialized a crafted SCTP connection to the
    system, it could trigger a NULL pointer dereference, causing the
    system to crash. (CVE-2013-2206, Important)
    
    * It was found that the fix for CVE-2012-3552 released via
    RHSA-2012:1304 introduced an invalid free flaw in the Linux kernel's
    TCP/IP protocol suite implementation. A local, unprivileged user could
    use this flaw to corrupt kernel memory via crafted sendmsg() calls,
    allowing them to cause a denial of service or, potentially, escalate
    their privileges on the system. (CVE-2013-2224, Important)
    
    * A flaw was found in the Linux kernel's Performance Events
    implementation. On systems with certain Intel processors, a local,
    unprivileged user could use this flaw to cause a denial of service by
    leveraging the perf subsystem to write into the reserved bits of the
    OFFCORE_RSP_0 and OFFCORE_RSP_1 model-specific registers.
    (CVE-2013-2146, Moderate)
    
    * An invalid pointer dereference flaw was found in the Linux kernel's
    TCP/IP protocol suite implementation. A local, unprivileged user could
    use this flaw to crash the system or, potentially, escalate their
    privileges on the system by using sendmsg() with an IPv6 socket
    connected to an IPv4 destination. (CVE-2013-2232, Moderate)
    
    * Information leak flaws in the Linux kernel's Bluetooth
    implementation could allow a local, unprivileged user to leak kernel
    memory to user-space. (CVE-2012-6544, Low)
    
    * An information leak flaw in the Linux kernel could allow a
    privileged, local user to leak kernel memory to user-space.
    (CVE-2013-2237, Low)
    
    This update also fixes several bugs. Documentation for these changes
    will be available shortly from the Technical Notes document linked to
    in the References section.
    
    Users should upgrade to these updated packages, which contain
    backported patches to correct these issues. The system must be
    rebooted for this update to take effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2013-August/019918.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9bbc3c9d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2224");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/29");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", reference:"kernel-2.6.32-358.18.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-debug-2.6.32-358.18.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-debug-devel-2.6.32-358.18.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-devel-2.6.32-358.18.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-doc-2.6.32-358.18.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-firmware-2.6.32-358.18.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-headers-2.6.32-358.18.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"perf-2.6.32-358.18.1.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"python-perf-2.6.32-358.18.1.el6")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debug / kernel-debug-devel / kernel-devel / etc");
    }
    
  • NASL familyMisc.
    NASL idVMWARE_ESX_VMSA-2013-0015_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several third-party libraries : - Kernel - Netscape Portable Runtime (NSPR) - Network Security Services (NSS)
    last seen2020-06-01
    modified2020-06-02
    plugin id89670
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89670
    titleVMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0015) (remote check)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89670);
      script_version("1.4");
      script_cvs_date("Date: 2018/11/15 20:50:24");
    
      script_cve_id(
        "CVE-2012-2372",
        "CVE-2012-3552",
        "CVE-2013-0791",
        "CVE-2013-1620",
        "CVE-2013-2147",
        "CVE-2013-2164",
        "CVE-2013-2206",
        "CVE-2013-2224",
        "CVE-2013-2232",
        "CVE-2013-2234",
        "CVE-2013-2237"
      );
      script_bugtraq_id(
        54062, 
        55359, 
        57777, 
        58826, 
        60280, 
        60375, 
        60715, 
        60858, 
        60874, 
        60893, 
        60953
      );
      script_xref(name:"VMSA", value:"2013-0015");
    
      script_name(english:"VMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0015) (remote check)");
      script_summary(english:"Checks the version and build numbers of the remote host.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote VMware ESX / ESXi host is missing a security-related patch.");
      script_set_attribute(attribute:"description", value:
    "The remote VMware ESX / ESXi host is missing a security-related patch.
    It is, therefore, affected by multiple vulnerabilities, including
    remote code execution vulnerabilities, in several third-party
    libraries :
    
      - Kernel
      - Netscape Portable Runtime (NSPR)
      - Network Security Services (NSS)");
      script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2013-0015.html");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the vendor advisory that
    pertains to ESX version 4.0 / 4.1.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/12/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Misc.");
    
      script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
    
      script_dependencies("vmware_vsphere_detect.nbin");
      script_require_keys("Host/VMware/version", "Host/VMware/release");
      script_require_ports("Host/VMware/vsphere");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    ver   = get_kb_item_or_exit("Host/VMware/version");
    rel   = get_kb_item_or_exit("Host/VMware/release");
    port  = get_kb_item_or_exit("Host/VMware/vsphere");
    esx   = '';
    build = 0;
    fix   = FALSE;
    
    if ("ESX" >!< rel || "ESXi" >< rel)
      audit(AUDIT_OS_NOT, "VMware ESX");
    
    extract = eregmatch(pattern:"^ESX (\d\.\d).*$", string:ver);
    if (empty_or_null(extract))
      audit(AUDIT_UNKNOWN_APP_VER, "VMware ESX/ESXi");
    
    ver = extract[1];
    
    extract = eregmatch(pattern:'^VMware ESX.* build-([0-9]+)$', string:rel);
    if (isnull(extract))
      audit(AUDIT_UNKNOWN_BUILD, "VMware ESX", ver);
    
    build = int(extract[1]);
    
    fixes = make_array(
        "4.1", 1363503,
        "4.0", -1
    );
    
    fix = fixes[ver];
    
    if (!fix)
      audit(AUDIT_INST_VER_NOT_VULN, "VMware ESX", ver, build);
    
    if (build < fix || fix == -1)
    {
      if (fix == -1)
        fixl = '\n  Note            : No patch was ever released.';
      else
        fixl = '\n  Fixed build     : ' + fix;
      report = '\n  Version         : ' + esx + " " + ver +
               '\n  Installed build : ' + build +
               fixl +'\n';
      security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);
      exit(0);
    }
    else
      audit(AUDIT_INST_VER_NOT_VULN, "VMware ESX", ver, build);
    
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2013-0015.NASL
    descriptiona. Update to ESX service console kernel The ESX service console kernel is updated to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-2372, CVE-2012-3552, CVE-2013-2147, CVE-2013-2164, CVE-2013-2206, CVE-2013-2224, CVE-2013-2234, CVE-2013-2237, CVE-2013-2232 to these issues. b. Update to ESX service console NSPR and NSS This patch updates the ESX service console Netscape Portable Runtime (NSPR) and Network Security Services (NSS) RPMs to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2013-0791 and CVE-2013-1620 to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id71245
    published2013-12-06
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71245
    titleVMSA-2013-0015 : VMware ESX updates to third-party libraries
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from VMware Security Advisory 2013-0015. 
    # The text itself is copyright (C) VMware Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71245);
      script_version("1.6");
      script_cvs_date("Date: 2018/08/06 14:03:16");
    
      script_cve_id("CVE-2012-2372", "CVE-2012-3552", "CVE-2013-0791", "CVE-2013-1620", "CVE-2013-2147", "CVE-2013-2164", "CVE-2013-2206", "CVE-2013-2224", "CVE-2013-2232", "CVE-2013-2234", "CVE-2013-2237");
      script_bugtraq_id(54062, 55359, 57777, 58826, 60280, 60375, 60715, 60858, 60874, 60893, 60953);
      script_xref(name:"VMSA", value:"2013-0015");
    
      script_name(english:"VMSA-2013-0015 : VMware ESX updates to third-party libraries");
      script_summary(english:"Checks esxupdate output for the patches");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote VMware ESX host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "a. Update to ESX service console kernel
    
    The ESX service console kernel is updated to resolve multiple
    security issues.
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2012-2372, CVE-2012-3552, CVE-2013-2147,
    CVE-2013-2164, CVE-2013-2206, CVE-2013-2224, CVE-2013-2234, 
    CVE-2013-2237, CVE-2013-2232 to these issues.
    
    b. Update to ESX service console NSPR and NSS
    
    This patch updates the ESX service console Netscape Portable 
    Runtime (NSPR) and Network Security Services (NSS) RPMs to resolve
    multiple security issues. 
    
    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    has assigned the names CVE-2013-0791 and CVE-2013-1620 to these 
    issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://lists.vmware.com/pipermail/security-announce/2013/000227.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply the missing patches.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/12/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/06");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
      script_family(english:"VMware ESX Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version");
      script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("vmware_esx_packages.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi");
    if (
      !get_kb_item("Host/VMware/esxcli_software_vibs") &&
      !get_kb_item("Host/VMware/esxupdate")
    ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    init_esx_check(date:"2013-12-05");
    flag = 0;
    
    
    if (
      esx_check(
        ver           : "ESX 4.1",
        patch         : "ESX410-201312401-SG",
        patch_updates : make_list("ESX410-201404401-SG")
      )
    ) flag++;
    if (esx_check(ver:"ESX 4.1", patch:"ESX410-201312403-SG")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:esx_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1181.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes three security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization Hypervisor through the 3.2 Manager administration portal, the Host may appear with the status of
    last seen2020-06-01
    modified2020-06-02
    plugin id78969
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78969
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2013:1181)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2013:1181. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78969);
      script_version("1.10");
      script_cvs_date("Date: 2019/10/24 15:35:37");
    
      script_cve_id("CVE-2013-0791", "CVE-2013-1620", "CVE-2013-4236");
      script_bugtraq_id(57777, 58826, 61772);
      script_xref(name:"RHSA", value:"2013:1181");
    
      script_name(english:"RHEL 6 : rhev-hypervisor6 (RHSA-2013:1181)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated rhev-hypervisor6 package that fixes three security issues
    and various bugs is now available.
    
    The Red Hat Security Response Team has rated this update as having
    moderate security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The rhev-hypervisor6 package provides a Red Hat Enterprise
    Virtualization Hypervisor ISO disk image. The Red Hat Enterprise
    Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine
    (KVM) hypervisor. It includes everything necessary to run and manage
    virtual machines: A subset of the Red Hat Enterprise Linux operating
    environment and the Red Hat Enterprise Virtualization Agent.
    
    Note: Red Hat Enterprise Virtualization Hypervisor is only available
    for the Intel 64 and AMD64 architectures with virtualization
    extensions.
    
    Upgrade Note: If you upgrade the Red Hat Enterprise Virtualization
    Hypervisor through the 3.2 Manager administration portal, the Host may
    appear with the status of 'Install Failed'. If this happens, place the
    host into maintenance mode, then activate it again to get the host
    back to an 'Up' state.
    
    It was discovered that NSS leaked timing information when decrypting
    TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher
    suites were used. A remote attacker could possibly use this flaw to
    retrieve plain text from the encrypted packets by using a TLS/SSL or
    DTLS server as a padding oracle. (CVE-2013-1620)
    
    It was found that the fix for CVE-2013-0167 released via
    RHSA-2013:0907 was incomplete. A privileged guest user could
    potentially use this flaw to make the host the guest is running on
    unavailable to the management server. (CVE-2013-4236)
    
    An out-of-bounds memory read flaw was found in the way NSS decoded
    certain certificates. If an application using NSS decoded a malformed
    certificate, it could cause the application to crash. (CVE-2013-0791)
    
    Red Hat would like to thank the Mozilla project for reporting
    CVE-2013-0791. Upstream acknowledges Ambroz Bizjak as the original
    reporter of CVE-2013-0791. The CVE-2013-4236 issue was found by David
    Gibson of Red Hat.
    
    This updated package provides updated components that include fixes
    for various security issues. These issues have no security impact on
    Red Hat Enterprise Virtualization Hypervisor itself, however. The
    security fixes included in this update address the following CVE
    numbers :
    
    CVE-2013-4854 (bind issue)
    
    CVE-2012-6544, CVE-2013-2146, CVE-2013-2206, CVE-2013-2224,
    CVE-2013-2232, and CVE-2013-2237 (kernel issues)
    
    This update also contains the fixes from the following errata :
    
    * vdsm: RHSA-2013:1155 and RHBA-2013:1158
    
    Users of the Red Hat Enterprise Virtualization Hypervisor are advised
    to upgrade to this updated package, which corrects these issues."
      );
      # https://rhn.redhat.com/errata/RHSA-2013-0907.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2013:0907"
      );
      # https://rhn.redhat.com/errata/RHSA-2013-1155.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2013:1155"
      );
      # https://rhn.redhat.com/errata/RHBA-2013-1158.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHBA-2013:1158"
      );
      # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c6b506c4"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2013:1181"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-0791"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-1620"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4236"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected rhev-hypervisor6 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/08/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2013:1181";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", reference:"rhev-hypervisor6-6.4-20130815.0.el6_4")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhev-hypervisor6");
      }
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130827_KERNEL_ON_SL6_X.NASL
    descriptionThis update fixes the following security issues : - A flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2013-08-29
    plugin id69503
    published2013-08-29
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69503
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20130827)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-1166-1.NASL
    descriptionFrom Red Hat Security Advisory 2013:1166 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id69455
    published2013-08-23
    reporterThis script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/69455
    titleOracle Linux 5 : kernel (ELSA-2013-1166-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-1166.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id69434
    published2013-08-22
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69434
    titleCentOS 5 : kernel (CESA-2013:1166)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1173.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id69493
    published2013-08-28
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69493
    titleRHEL 6 : kernel (RHSA-2013:1173)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-1166.NASL
    descriptionFrom Red Hat Security Advisory 2013:1166 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id69456
    published2013-08-23
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69456
    titleOracle Linux 5 : kernel (ELSA-2013-1166)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1166.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id69413
    published2013-08-21
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69413
    titleRHEL 5 : kernel (RHSA-2013:1166)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-1450.NASL
    descriptionUpdated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 6.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the fix for CVE-2012-3552 released via RHSA-2012:1540 introduced an invalid free flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id78974
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78974
    titleRHEL 6 : kernel (RHSA-2013:1450)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130820_KERNEL_ON_SL5_X.NASL
    descriptionThis update fixes the following security issues : - A flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2013-08-22
    plugin id69440
    published2013-08-22
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69440
    titleScientific Linux Security Update : kernel on SL5.x i386/x86_64 (20130820)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-1173.NASL
    descriptionFrom Red Hat Security Advisory 2013:1173 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id69492
    published2013-08-28
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/69492
    titleOracle Linux 6 : kernel (ELSA-2013-1173)

Redhat

advisories
  • rhsa
    idRHSA-2013:1166
  • rhsa
    idRHSA-2013:1173
  • rhsa
    idRHSA-2013:1450
rpms
  • kernel-0:2.6.18-348.16.1.el5
  • kernel-PAE-0:2.6.18-348.16.1.el5
  • kernel-PAE-debuginfo-0:2.6.18-348.16.1.el5
  • kernel-PAE-devel-0:2.6.18-348.16.1.el5
  • kernel-debug-0:2.6.18-348.16.1.el5
  • kernel-debug-debuginfo-0:2.6.18-348.16.1.el5
  • kernel-debug-devel-0:2.6.18-348.16.1.el5
  • kernel-debuginfo-0:2.6.18-348.16.1.el5
  • kernel-debuginfo-common-0:2.6.18-348.16.1.el5
  • kernel-devel-0:2.6.18-348.16.1.el5
  • kernel-doc-0:2.6.18-348.16.1.el5
  • kernel-headers-0:2.6.18-348.16.1.el5
  • kernel-kdump-0:2.6.18-348.16.1.el5
  • kernel-kdump-debuginfo-0:2.6.18-348.16.1.el5
  • kernel-kdump-devel-0:2.6.18-348.16.1.el5
  • kernel-xen-0:2.6.18-348.16.1.el5
  • kernel-xen-debuginfo-0:2.6.18-348.16.1.el5
  • kernel-xen-devel-0:2.6.18-348.16.1.el5
  • kernel-0:2.6.32-358.18.1.el6
  • kernel-bootwrapper-0:2.6.32-358.18.1.el6
  • kernel-debug-0:2.6.32-358.18.1.el6
  • kernel-debug-debuginfo-0:2.6.32-358.18.1.el6
  • kernel-debug-devel-0:2.6.32-358.18.1.el6
  • kernel-debuginfo-0:2.6.32-358.18.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-358.18.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-358.18.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-358.18.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-358.18.1.el6
  • kernel-devel-0:2.6.32-358.18.1.el6
  • kernel-doc-0:2.6.32-358.18.1.el6
  • kernel-firmware-0:2.6.32-358.18.1.el6
  • kernel-headers-0:2.6.32-358.18.1.el6
  • kernel-kdump-0:2.6.32-358.18.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-358.18.1.el6
  • kernel-kdump-devel-0:2.6.32-358.18.1.el6
  • perf-0:2.6.32-358.18.1.el6
  • perf-debuginfo-0:2.6.32-358.18.1.el6
  • python-perf-0:2.6.32-358.18.1.el6
  • python-perf-debuginfo-0:2.6.32-358.18.1.el6
  • kernel-0:2.6.32-358.118.1.openstack.el6
  • kernel-debug-0:2.6.32-358.118.1.openstack.el6
  • kernel-debug-debuginfo-0:2.6.32-358.118.1.openstack.el6
  • kernel-debug-devel-0:2.6.32-358.118.1.openstack.el6
  • kernel-debuginfo-0:2.6.32-358.118.1.openstack.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-358.118.1.openstack.el6
  • kernel-devel-0:2.6.32-358.118.1.openstack.el6
  • kernel-doc-0:2.6.32-358.118.1.openstack.el6
  • kernel-firmware-0:2.6.32-358.118.1.openstack.el6
  • kernel-headers-0:2.6.32-358.118.1.openstack.el6
  • perf-0:2.6.32-358.118.1.openstack.el6
  • perf-debuginfo-0:2.6.32-358.118.1.openstack.el6
  • python-perf-0:2.6.32-358.118.1.openstack.el6
  • python-perf-debuginfo-0:2.6.32-358.118.1.openstack.el6
  • kernel-0:2.6.32-279.37.2.el6
  • kernel-bootwrapper-0:2.6.32-279.37.2.el6
  • kernel-debug-0:2.6.32-279.37.2.el6
  • kernel-debug-debuginfo-0:2.6.32-279.37.2.el6
  • kernel-debug-devel-0:2.6.32-279.37.2.el6
  • kernel-debuginfo-0:2.6.32-279.37.2.el6
  • kernel-debuginfo-common-i686-0:2.6.32-279.37.2.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-279.37.2.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-279.37.2.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-279.37.2.el6
  • kernel-devel-0:2.6.32-279.37.2.el6
  • kernel-doc-0:2.6.32-279.37.2.el6
  • kernel-firmware-0:2.6.32-279.37.2.el6
  • kernel-headers-0:2.6.32-279.37.2.el6
  • kernel-kdump-0:2.6.32-279.37.2.el6
  • kernel-kdump-debuginfo-0:2.6.32-279.37.2.el6
  • kernel-kdump-devel-0:2.6.32-279.37.2.el6
  • perf-0:2.6.32-279.37.2.el6
  • perf-debuginfo-0:2.6.32-279.37.2.el6
  • python-perf-0:2.6.32-279.37.2.el6
  • python-perf-debuginfo-0:2.6.32-279.37.2.el6