Vulnerabilities > CVE-2013-2596 - Integer Overflow or Wraparound vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
linux
motorola
CWE-190
nessus

Summary

Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.

Vulnerable Configurations

Part Description Count
OS
Linux
999
OS
Motorola
1
Hardware
Motorola
3
Hardware
Qualcomm
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-176.NASL
    descriptionMultiple vulnerabilities has been found and corrected in the Linux kernel : The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application. (CVE-2013-1979) The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3232) net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3235) The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3234) The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable and a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3233) The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3231) The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3229) The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3228) The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3227) The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3225) The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3224) The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3223) The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3222) Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program. (CVE-2013-2596) arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (CVE-2013-2146) The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. (CVE-2013-2094) The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. (CVE-2013-1798) Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. (CVE-2013-1797) The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. (CVE-2013-1796) The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. (CVE-2013-2141) Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure. (CVE-2013-1929) The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669. (CVE-2012-5532) The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (CVE-2012-6548) The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (CVE-2012-6549) net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (CVE-2013-2634) The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (CVE-2013-2635) fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application. (CVE-2013-1848) The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. (CVE-2013-0914) Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device. (CVE-2013-1860) Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads. (CVE-2013-1792) The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability. (CVE-2013-2546) The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. (CVE-2013-2547) The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. (CVE-2013-2548) The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges. (CVE-2013-0311) Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message. (CVE-2013-1763) The __skb_recv_datagram function in net/core/datagram.c in the Linux kernel before 3.8 does not properly handle the MSG_PEEK flag with zero-length data, which allows local users to cause a denial of service (infinite loop and system hang) via a crafted application. (CVE-2013-0290) Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. (CVE-2013-1767) The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel before 3.7.9 on 32-bit Xen paravirt_ops platforms does not properly handle an invalid value in the DS segment register, which allows guest OS users to gain guest OS privileges via a crafted application. (CVE-2013-0228) Memory leak in drivers/net/xen-netback/netback.c in the Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (memory consumption) by triggering certain error conditions. (CVE-2013-0217) The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. (CVE-2013-0216) The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (CVE-2012-6547) The updated packages provides a solution for these security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id66975
    published2013-06-25
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66975
    titleMandriva Linux Security Advisory : kernel (MDVSA-2013:176)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2013:176. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(66975);
      script_version("1.11");
      script_cvs_date("Date: 2019/08/02 13:32:55");
    
      script_cve_id("CVE-2012-5532", "CVE-2012-6547", "CVE-2012-6548", "CVE-2012-6549", "CVE-2013-0216", "CVE-2013-0217", "CVE-2013-0228", "CVE-2013-0290", "CVE-2013-0311", "CVE-2013-0914", "CVE-2013-1763", "CVE-2013-1767", "CVE-2013-1792", "CVE-2013-1796", "CVE-2013-1797", "CVE-2013-1798", "CVE-2013-1848", "CVE-2013-1860", "CVE-2013-1929", "CVE-2013-1979", "CVE-2013-2094", "CVE-2013-2141", "CVE-2013-2146", "CVE-2013-2546", "CVE-2013-2547", "CVE-2013-2548", "CVE-2013-2596", "CVE-2013-2634", "CVE-2013-2635", "CVE-2013-3222", "CVE-2013-3223", "CVE-2013-3224", "CVE-2013-3225", "CVE-2013-3227", "CVE-2013-3228", "CVE-2013-3229", "CVE-2013-3231", "CVE-2013-3232", "CVE-2013-3233", "CVE-2013-3234", "CVE-2013-3235");
      script_bugtraq_id(56710, 57743, 57744, 57940, 57964, 58053, 58137, 58177, 58368, 58382, 58426, 58510, 58597, 58600, 58604, 58605, 58607, 58908, 58993, 58994, 58996, 59264, 59377, 59380, 59381, 59383, 59385, 59388, 59389, 59390, 59393, 59394, 59396, 59397, 59538, 59846, 60254, 60324);
      script_xref(name:"MDVSA", value:"2013:176");
    
      script_name(english:"Mandriva Linux Security Advisory : kernel (MDVSA-2013:176)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities has been found and corrected in the Linux
    kernel :
    
    The scm_set_cred function in include/net/scm.h in the Linux kernel
    before 3.8.11 uses incorrect uid and gid values during credentials
    passing, which allows local users to gain privileges via a crafted
    application. (CVE-2013-1979)
    
    The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel
    before 3.9-rc7 does not initialize a certain data structure, which
    allows local users to obtain sensitive information from kernel stack
    memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3232)
    
    net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not
    initialize a certain data structure and a certain length variable,
    which allows local users to obtain sensitive information from kernel
    stack memory via a crafted recvmsg or recvfrom system call.
    (CVE-2013-3235)
    
    The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel
    before 3.9-rc7 does not initialize a certain data structure, which
    allows local users to obtain sensitive information from kernel stack
    memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3234)
    
    The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux
    kernel before 3.9-rc7 does not initialize a certain length variable
    and a certain data structure, which allows local users to obtain
    sensitive information from kernel stack memory via a crafted recvmsg
    or recvfrom system call. (CVE-2013-3233)
    
    The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel
    before 3.9-rc7 does not initialize a certain length variable, which
    allows local users to obtain sensitive information from kernel stack
    memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3231)
    
    The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux
    kernel before 3.9-rc7 does not initialize a certain length variable,
    which allows local users to obtain sensitive information from kernel
    stack memory via a crafted recvmsg or recvfrom system call.
    (CVE-2013-3229)
    
    The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux
    kernel before 3.9-rc7 does not initialize a certain length variable,
    which allows local users to obtain sensitive information from kernel
    stack memory via a crafted recvmsg or recvfrom system call.
    (CVE-2013-3228)
    
    The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the
    Linux kernel before 3.9-rc7 does not initialize a certain length
    variable, which allows local users to obtain sensitive information
    from kernel stack memory via a crafted recvmsg or recvfrom system
    call. (CVE-2013-3227)
    
    The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the
    Linux kernel before 3.9-rc7 does not initialize a certain length
    variable, which allows local users to obtain sensitive information
    from kernel stack memory via a crafted recvmsg or recvfrom system
    call. (CVE-2013-3225)
    
    The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the
    Linux kernel before 3.9-rc7 does not properly initialize a certain
    length variable, which allows local users to obtain sensitive
    information from kernel stack memory via a crafted recvmsg or recvfrom
    system call. (CVE-2013-3224)
    
    The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel
    before 3.9-rc7 does not initialize a certain data structure, which
    allows local users to obtain sensitive information from kernel stack
    memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3223)
    
    The vcc_recvmsg function in net/atm/common.c in the Linux kernel
    before 3.9-rc7 does not initialize a certain length variable, which
    allows local users to obtain sensitive information from kernel stack
    memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3222)
    
    Integer overflow in the fb_mmap function in drivers/video/fbmem.c in
    the Linux kernel before 3.8.9, as used in a certain Motorola build of
    Android 4.1.2 and other products, allows local users to create a
    read-write memory mapping for the entirety of kernel memory, and
    consequently gain privileges, via crafted /dev/graphics/fb0 mmap2
    system calls, as demonstrated by the Motochopper pwn program.
    (CVE-2013-2596)
    
    arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before
    3.8.9, when the Performance Events Subsystem is enabled, specifies an
    incorrect bitmask, which allows local users to cause a denial of
    service (general protection fault and system crash) by attempting to
    set a reserved bit. (CVE-2013-2146)
    
    The perf_swevent_init function in kernel/events/core.c in the Linux
    kernel before 3.8.9 uses an incorrect integer data type, which allows
    local users to gain privileges via a crafted perf_event_open system
    call. (CVE-2013-2094)
    
    The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux
    kernel through 3.8.4 does not properly handle a certain combination of
    invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which
    allows guest OS users to obtain sensitive information from host OS
    memory or cause a denial of service (host OS OOPS) via a crafted
    application. (CVE-2013-1798)
    
    Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel
    through 3.8.4 allows guest OS users to cause a denial of service (host
    OS memory corruption) or possibly have unspecified other impact via a
    crafted application that triggers use of a guest physical address
    (GPA) in (1) movable or (2) removable memory during an
    MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. (CVE-2013-1797)
    
    The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux
    kernel through 3.8.4 does not ensure a required time_page alignment
    during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users
    to cause a denial of service (buffer overflow and host OS memory
    corruption) or possibly have unspecified other impact via a crafted
    application. (CVE-2013-1796)
    
    The do_tkill function in kernel/signal.c in the Linux kernel before
    3.8.9 does not initialize a certain data structure, which allows local
    users to obtain sensitive information from kernel memory via a crafted
    application that makes a (1) tkill or (2) tgkill system call.
    (CVE-2013-2141)
    
    Heap-based buffer overflow in the tg3_read_vpd function in
    drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6
    allows physically proximate attackers to cause a denial of service
    (system crash) or possibly execute arbitrary code via crafted firmware
    that specifies a long string in the Vital Product Data (VPD) data
    structure. (CVE-2013-1929)
    
    The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as
    distributed in the Linux kernel before 3.8-rc1, allows local users to
    cause a denial of service (daemon exit) via a crafted application that
    sends a Netlink message. NOTE: this vulnerability exists because of an
    incorrect fix for CVE-2012-2669. (CVE-2012-5532)
    
    The udf_encode_fh function in fs/udf/namei.c in the Linux kernel
    before 3.6 does not initialize a certain structure member, which
    allows local users to obtain sensitive information from kernel heap
    memory via a crafted application. (CVE-2012-6548)
    
    The isofs_export_encode_fh function in fs/isofs/export.c in the Linux
    kernel before 3.6 does not initialize a certain structure member,
    which allows local users to obtain sensitive information from kernel
    heap memory via a crafted application. (CVE-2012-6549)
    
    net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize
    certain structures, which allows local users to obtain sensitive
    information from kernel stack memory via a crafted application.
    (CVE-2013-2634)
    
    The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux
    kernel before 3.8.4 does not initialize a certain structure member,
    which allows local users to obtain sensitive information from kernel
    stack memory via a crafted application. (CVE-2013-2635)
    
    fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect
    arguments to functions in certain circumstances related to printk
    input, which allows local users to conduct format-string attacks and
    possibly gain privileges via a crafted application. (CVE-2013-1848)
    
    The flush_signal_handlers function in kernel/signal.c in the Linux
    kernel before 3.8.4 preserves the value of the sa_restorer field
    across an exec operation, which makes it easier for local users to
    bypass the ASLR protection mechanism via a crafted application
    containing a sigaction system call. (CVE-2013-0914)
    
    Heap-based buffer overflow in the wdm_in_callback function in
    drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows
    physically proximate attackers to cause a denial of service (system
    crash) or possibly execute arbitrary code via a crafted cdc-wdm USB
    device. (CVE-2013-1860)
    
    Race condition in the install_user_keyrings function in
    security/keys/process_keys.c in the Linux kernel before 3.8.3 allows
    local users to cause a denial of service (NULL pointer dereference and
    system crash) via crafted keyctl system calls that trigger keyring
    operations in simultaneous threads. (CVE-2013-1792)
    
    The report API in the crypto user configuration API in the Linux
    kernel through 3.8.2 uses an incorrect C library function for copying
    strings, which allows local users to obtain sensitive information from
    kernel stack memory by leveraging the CAP_NET_ADMIN capability.
    (CVE-2013-2546)
    
    The crypto_report_one function in crypto/crypto_user.c in the report
    API in the crypto user configuration API in the Linux kernel through
    3.8.2 does not initialize certain structure members, which allows
    local users to obtain sensitive information from kernel heap memory by
    leveraging the CAP_NET_ADMIN capability. (CVE-2013-2547)
    
    The crypto_report_one function in crypto/crypto_user.c in the report
    API in the crypto user configuration API in the Linux kernel through
    3.8.2 uses an incorrect length value during a copy operation, which
    allows local users to obtain sensitive information from kernel memory
    by leveraging the CAP_NET_ADMIN capability. (CVE-2013-2548)
    
    The translate_desc function in drivers/vhost/vhost.c in the Linux
    kernel before 3.7 does not properly handle cross-region descriptors,
    which allows guest OS users to obtain host OS privileges by leveraging
    KVM guest OS privileges. (CVE-2013-0311)
    
    Array index error in the __sock_diag_rcv_msg function in
    net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local
    users to gain privileges via a large family value in a Netlink
    message. (CVE-2013-1763)
    
    The __skb_recv_datagram function in net/core/datagram.c in the Linux
    kernel before 3.8 does not properly handle the MSG_PEEK flag with
    zero-length data, which allows local users to cause a denial of
    service (infinite loop and system hang) via a crafted application.
    (CVE-2013-0290)
    
    Use-after-free vulnerability in the shmem_remount_fs function in
    mm/shmem.c in the Linux kernel before 3.7.10 allows local users to
    gain privileges or cause a denial of service (system crash) by
    remounting a tmpfs filesystem without specifying a required mpol (aka
    mempolicy) mount option. (CVE-2013-1767)
    
    The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel
    before 3.7.9 on 32-bit Xen paravirt_ops platforms does not properly
    handle an invalid value in the DS segment register, which allows guest
    OS users to gain guest OS privileges via a crafted application.
    (CVE-2013-0228)
    
    Memory leak in drivers/net/xen-netback/netback.c in the Xen netback
    functionality in the Linux kernel before 3.7.8 allows guest OS users
    to cause a denial of service (memory consumption) by triggering
    certain error conditions. (CVE-2013-0217)
    
    The Xen netback functionality in the Linux kernel before 3.7.8 allows
    guest OS users to cause a denial of service (loop) by triggering ring
    pointer corruption. (CVE-2013-0216)
    
    The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel
    before 3.6 does not initialize a certain structure, which allows local
    users to obtain sensitive information from kernel stack memory via a
    crafted application. (CVE-2012-6547)
    
    The updated packages provides a solution for these security issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cpupower");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cpupower-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cpupower0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/06/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"cpupower-3.4.47-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", reference:"kernel-firmware-3.4.47-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-headers-3.4.47-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-server-3.4.47-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-server-devel-3.4.47-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", reference:"kernel-source-3.4.47-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64cpupower-devel-3.4.47-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64cpupower0-3.4.47-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"perf-3.4.47-1.1.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0450.NASL
    descriptionUpdated kernel packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id89968
    published2016-03-17
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89968
    titleCentOS 5 : kernel (CESA-2016:0450)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2016:0450 and 
    # CentOS Errata and Security Advisory 2016:0450 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89968);
      script_version("2.6");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id("CVE-2013-2596", "CVE-2015-2151");
      script_xref(name:"RHSA", value:"2016:0450");
    
      script_name(english:"CentOS 5 : kernel (CESA-2016:0450)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix two security issues and two bugs are
    now available for Red Hat Enterprise Linux 5.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * An integer overflow flaw was found in the way the Linux kernel's
    Frame Buffer device implementation mapped kernel memory to user space
    via the mmap syscall. A local user able to access a frame buffer
    device file (/dev/fb*) could possibly use this flaw to escalate their
    privileges on the system. (CVE-2013-2596, Important)
    
    * It was found that the Xen hypervisor x86 CPU emulator implementation
    did not correctly handle certain instructions with segment overrides,
    potentially resulting in a memory corruption. A malicious guest user
    could use this flaw to read arbitrary data relating to other guests,
    cause a denial of service on the host, or potentially escalate their
    privileges on the host. (CVE-2015-2151, Important)
    
    This update also fixes the following bugs :
    
    * Previously, the CPU power of a CPU group could be zero. As a
    consequence, a kernel panic occurred at 'find_busiest_group+570' with
    do_divide_error. The provided patch ensures that the division is only
    performed if the CPU power is not zero, and the aforementioned panic
    no longer occurs. (BZ#1209728)
    
    * Prior to this update, a bug occurred when performing an online
    resize of an ext4 file system which had been previously converted from
    ext3. As a consequence, the kernel crashed. The provided patch fixes
    online resizing for such file systems by limiting the blockgroup
    search loop for non-extent files, and the mentioned kernel crash no
    longer occurs. (BZ#1301100)
    
    All kernel users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. The system
    must be rebooted for this update to take effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2016-March/021734.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?05d02f12"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-2151");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/03/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"kernel-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-debug-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-debug-devel-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-devel-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-doc-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-headers-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-xen-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-xen-devel-2.6.18-409.el5")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0695.NASL
    descriptionUpdated kernel packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id81906
    published2015-03-18
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81906
    titleRHEL 6 : kernel (RHSA-2015:0695)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2015:0695. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81906);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/24 15:35:39");
    
      script_cve_id("CVE-2013-2596", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-7841", "CVE-2014-8159");
      script_xref(name:"RHSA", value:"2015:0695");
    
      script_name(english:"RHEL 6 : kernel (RHSA-2015:0695)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix multiple security issues and two bugs
    are now available for Red Hat Enterprise Linux 6.2 Advanced Update
    Support.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * A flaw was found in the way the Linux kernel's SCTP implementation
    validated INIT chunks when performing Address Configuration Change
    (ASCONF). A remote attacker could use this flaw to crash the system by
    sending a specially crafted SCTP packet to trigger a NULL pointer
    dereference on the system. (CVE-2014-7841, Important)
    
    * It was found that the Linux kernel's Infiniband subsystem did not
    properly sanitize input parameters while registering memory regions
    from user space via the (u)verbs API. A local user with access to a
    /dev/infiniband/uverbsX device could use this flaw to crash the system
    or, potentially, escalate their privileges on the system.
    (CVE-2014-8159, Important)
    
    * An integer overflow flaw was found in the way the Linux kernel's
    Frame Buffer device implementation mapped kernel memory to user space
    via the mmap syscall. A local user able to access a frame buffer
    device file (/dev/fb*) could possibly use this flaw to escalate their
    privileges on the system. (CVE-2013-2596, Important)
    
    * It was found that the parse_rock_ridge_inode_internal() function of
    the Linux kernel's ISOFS implementation did not correctly check
    relocated directories when processing Rock Ridge child link (CL) tags.
    An attacker with physical access to the system could use a specially
    crafted ISO image to crash the system or, potentially, escalate their
    privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low)
    
    Red Hat would like to thank Mellanox for reporting the CVE-2014-8159
    issue. The CVE-2014-7841 issue was discovered by Liu Wei of Red Hat.
    
    This update also fixes the following bugs :
    
    * Previously, certain network device drivers did not accept ethtool
    commands right after they were loaded. As a consequence, the current
    setting of the specified device driver was not applied and an error
    message was returned. The ETHTOOL_DELAY variable has been added, which
    makes sure the ethtool utility waits for some time before it tries to
    apply the options settings, thus fixing the bug. (BZ#1138299)
    
    * During the memory allocation for a new socket to communicate to the
    server, the rpciod daemon released a clean page which needed to be
    committed. However, the commit was queueing indefinitely as the commit
    could only be provided with a socket connection. As a consequence, a
    deadlock occurred in rpciod. This update sets the PF_FSTRANS flag on
    the work queue task prior to the socket allocation, and adds the
    nfs_release_page check for the flag when deciding whether to make a
    commit call, thus fixing this bug. (BZ#1192326)
    
    All kernel users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. The system
    must be rebooted for this update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2015:0695"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-5472"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-5471"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-2596"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-7841"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-8159"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/03/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6\.2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.2", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-2596", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-7841", "CVE-2014-8159");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2015:0695");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2015:0695";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-debug-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-debug-debuginfo-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-debug-devel-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-debuginfo-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-devel-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", reference:"kernel-doc-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", reference:"kernel-firmware-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-headers-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"perf-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"perf-debuginfo-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"python-perf-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"python-perf-debuginfo-2.6.32-220.60.2.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0782.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id82636
    published2015-04-08
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82636
    titleRHEL 6 : kernel (RHSA-2015:0782)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2015:0782. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82636);
      script_version("1.14");
      script_cvs_date("Date: 2019/10/24 15:35:39");
    
      script_cve_id("CVE-2013-2596", "CVE-2014-3690", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-8159", "CVE-2014-8884", "CVE-2015-1421");
      script_xref(name:"RHSA", value:"2015:0782");
    
      script_name(english:"RHEL 6 : kernel (RHSA-2015:0782)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix multiple security issues and several
    bugs are now available for Red Hat Enterprise Linux 6.5 Extended
    Update Support.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * It was found that the Linux kernel's Infiniband subsystem did not
    properly sanitize input parameters while registering memory regions
    from user space via the (u)verbs API. A local user with access to a
    /dev/infiniband/uverbsX device could use this flaw to crash the system
    or, potentially, escalate their privileges on the system.
    (CVE-2014-8159, Important)
    
    * A use-after-free flaw was found in the way the Linux kernel's SCTP
    implementation handled authentication key reference counting during
    INIT collisions. A remote attacker could use this flaw to crash the
    system or, potentially, escalate their privileges on the system.
    (CVE-2015-1421, Important)
    
    * An integer overflow flaw was found in the way the Linux kernel's
    Frame Buffer device implementation mapped kernel memory to user space
    via the mmap syscall. A local user able to access a frame buffer
    device file (/dev/fb*) could possibly use this flaw to escalate their
    privileges on the system. (CVE-2013-2596, Important)
    
    * It was found that the Linux kernel's KVM implementation did not
    ensure that the host CR4 control register value remained unchanged
    across VM entries on the same virtual CPU. A local, unprivileged user
    could use this flaw to cause a denial of service on the system.
    (CVE-2014-3690, Moderate)
    
    * It was found that the parse_rock_ridge_inode_internal() function of
    the Linux kernel's ISOFS implementation did not correctly check
    relocated directories when processing Rock Ridge child link (CL) tags.
    An attacker with physical access to the system could use a specially
    crafted ISO image to crash the system or, potentially, escalate their
    privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low)
    
    * A stack-based buffer overflow flaw was found in the
    TechnoTrend/Hauppauge DEC USB device driver. A local user with write
    access to the corresponding device could use this flaw to crash the
    kernel or, potentially, elevate their privileges on the system.
    (CVE-2014-8884, Low)
    
    Red Hat would like to thank Mellanox for reporting CVE-2014-8159, and
    Andy Lutomirski for reporting CVE-2014-3690. The CVE-2015-1421 issue
    was discovered by Sun Baoliang of Red Hat.
    
    This update also fixes the following bugs :
    
    * Previously, a NULL pointer check that is needed to prevent an oops
    in the nfs_async_inode_return_delegation() function was removed. As a
    consequence, a NFS4 client could terminate unexpectedly. The missing
    NULL pointer check has been added back, and NFS4 client no longer
    crashes in this situation. (BZ#1187638)
    
    * Due to unbalanced multicast join and leave processing, the attempt
    to leave a multicast group that had not previously completed a join
    became unresponsive. This update resolves multiple locking issues in
    the IPoIB multicast code that allowed multicast groups to be left
    before the joining was entirely completed. Now, multicast join and
    leave failures or lockups no longer occur in the described situation.
    (BZ#1187663)
    
    * A failure to leave a multicast group which had previously been
    joined prevented the attempt to unregister from the 'sa' service.
    Multiple locking issues in the IPoIB multicast join and leave
    processing have been fixed so that leaving a group that has completed
    its join process is successful. As a result, attempts to unregister
    from the 'sa' service no longer lock up due to leaked resources.
    (BZ#1187665)
    
    * Due to a regression, when large reads which partially extended
    beyond the end of the underlying device were done, the raw driver
    returned the EIO error code instead of returning a short read covering
    the valid part of the device. The underlying source code has been
    patched, and the raw driver now returns a short read for the remainder
    of the device. (BZ#1195746)
    
    All kernel users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. The system
    must be rebooted for this update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2015:0782"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-5472"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-5471"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-2596"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-3690"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-8884"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-8159"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-1421"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6\.5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.5", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-2596", "CVE-2014-3690", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-8159", "CVE-2014-8884", "CVE-2015-1421");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2015:0782");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2015:0782";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", reference:"kernel-abi-whitelists-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-debug-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-debug-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-debug-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-debug-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-debug-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-debug-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-debug-devel-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-debug-devel-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-debug-devel-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-debuginfo-common-i686-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-debuginfo-common-s390x-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-devel-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-devel-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-devel-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", reference:"kernel-doc-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", reference:"kernel-firmware-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-headers-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-headers-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-headers-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-kdump-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-kdump-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-kdump-devel-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"perf-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"perf-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"perf-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"perf-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"perf-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"perf-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"python-perf-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"python-perf-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"python-perf-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"python-perf-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"python-perf-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"python-perf-debuginfo-2.6.32-431.53.2.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0450.NASL
    descriptionUpdated kernel packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id89956
    published2016-03-16
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89956
    titleRHEL 5 : kernel (RHSA-2016:0450)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2016:0450. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89956);
      script_version("2.8");
      script_cvs_date("Date: 2019/10/24 15:35:41");
    
      script_cve_id("CVE-2013-2596", "CVE-2015-2151");
      script_xref(name:"RHSA", value:"2016:0450");
    
      script_name(english:"RHEL 5 : kernel (RHSA-2016:0450)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix two security issues and two bugs are
    now available for Red Hat Enterprise Linux 5.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * An integer overflow flaw was found in the way the Linux kernel's
    Frame Buffer device implementation mapped kernel memory to user space
    via the mmap syscall. A local user able to access a frame buffer
    device file (/dev/fb*) could possibly use this flaw to escalate their
    privileges on the system. (CVE-2013-2596, Important)
    
    * It was found that the Xen hypervisor x86 CPU emulator implementation
    did not correctly handle certain instructions with segment overrides,
    potentially resulting in a memory corruption. A malicious guest user
    could use this flaw to read arbitrary data relating to other guests,
    cause a denial of service on the host, or potentially escalate their
    privileges on the host. (CVE-2015-2151, Important)
    
    This update also fixes the following bugs :
    
    * Previously, the CPU power of a CPU group could be zero. As a
    consequence, a kernel panic occurred at 'find_busiest_group+570' with
    do_divide_error. The provided patch ensures that the division is only
    performed if the CPU power is not zero, and the aforementioned panic
    no longer occurs. (BZ#1209728)
    
    * Prior to this update, a bug occurred when performing an online
    resize of an ext4 file system which had been previously converted from
    ext3. As a consequence, the kernel crashed. The provided patch fixes
    online resizing for such file systems by limiting the blockgroup
    search loop for non-extent files, and the mentioned kernel crash no
    longer occurs. (BZ#1301100)
    
    All kernel users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. The system
    must be rebooted for this update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2016:0450"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-2596"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-2151"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/03/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2016:0450";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-debuginfo-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-devel-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-debuginfo-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-debuginfo-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-debuginfo-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-devel-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-devel-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-devel-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debuginfo-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debuginfo-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debuginfo-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debuginfo-common-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debuginfo-common-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debuginfo-common-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-devel-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-devel-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-devel-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", reference:"kernel-doc-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"kernel-headers-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-headers-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-headers-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-debuginfo-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-devel-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-debuginfo-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-debuginfo-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-devel-2.6.18-409.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-devel-2.6.18-409.el5")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc");
      }
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0450.NASL
    descriptionFrom Red Hat Security Advisory 2016:0450 : Updated kernel packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id89953
    published2016-03-16
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89953
    titleOracle Linux 5 : kernel (ELSA-2016-0450)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2016:0450 and 
    # Oracle Linux Security Advisory ELSA-2016-0450 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89953);
      script_version("2.6");
      script_cvs_date("Date: 2019/09/27 13:00:37");
    
      script_cve_id("CVE-2013-2596", "CVE-2015-2151");
      script_xref(name:"RHSA", value:"2016:0450");
    
      script_name(english:"Oracle Linux 5 : kernel (ELSA-2016-0450)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2016:0450 :
    
    Updated kernel packages that fix two security issues and two bugs are
    now available for Red Hat Enterprise Linux 5.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * An integer overflow flaw was found in the way the Linux kernel's
    Frame Buffer device implementation mapped kernel memory to user space
    via the mmap syscall. A local user able to access a frame buffer
    device file (/dev/fb*) could possibly use this flaw to escalate their
    privileges on the system. (CVE-2013-2596, Important)
    
    * It was found that the Xen hypervisor x86 CPU emulator implementation
    did not correctly handle certain instructions with segment overrides,
    potentially resulting in a memory corruption. A malicious guest user
    could use this flaw to read arbitrary data relating to other guests,
    cause a denial of service on the host, or potentially escalate their
    privileges on the host. (CVE-2015-2151, Important)
    
    This update also fixes the following bugs :
    
    * Previously, the CPU power of a CPU group could be zero. As a
    consequence, a kernel panic occurred at 'find_busiest_group+570' with
    do_divide_error. The provided patch ensures that the division is only
    performed if the CPU power is not zero, and the aforementioned panic
    no longer occurs. (BZ#1209728)
    
    * Prior to this update, a bug occurred when performing an online
    resize of an ext4 file system which had been previously converted from
    ext3. As a consequence, the kernel crashed. The provided patch fixes
    online resizing for such file systems by limiting the blockgroup
    search loop for non-extent files, and the mentioned kernel crash no
    longer occurs. (BZ#1301100)
    
    All kernel users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. The system
    must be rebooted for this update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2016-March/005861.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/03/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-2596", "CVE-2015-2151");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2016-0450");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "2.6";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL5", rpm:"kernel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-2.6.18-409.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-PAE-2.6.18") && rpm_check(release:"EL5", cpu:"i386", reference:"kernel-PAE-2.6.18-409.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-PAE-devel-2.6.18") && rpm_check(release:"EL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-409.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-debug-2.6.18") && rpm_check(release:"EL5", reference:"kernel-debug-2.6.18-409.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-debug-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-debug-devel-2.6.18-409.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-devel-2.6.18-409.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-doc-2.6.18") && rpm_check(release:"EL5", reference:"kernel-doc-2.6.18-409.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-headers-2.6.18") && rpm_check(release:"EL5", reference:"kernel-headers-2.6.18-409.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-xen-2.6.18") && rpm_check(release:"EL5", reference:"kernel-xen-2.6.18-409.el5")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-xen-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-xen-devel-2.6.18-409.el5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-3082.NASL
    descriptionDescription of changes: [2.6.39-400.215.11.el6uek] - ALSA: control: Don
    last seen2020-06-01
    modified2020-06-02
    plugin id78579
    published2014-10-20
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78579
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3082)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Oracle Linux Security Advisory ELSA-2014-3082.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78579);
      script_version("1.10");
      script_cvs_date("Date: 2019/09/30 10:58:19");
    
      script_cve_id("CVE-2013-2596", "CVE-2014-3122", "CVE-2014-3601", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-5077");
      script_bugtraq_id(59264, 67162, 68162, 68164, 68881, 69489);
    
      script_name(english:"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3082)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Description of changes:
    
    [2.6.39-400.215.11.el6uek]
    - ALSA: control: Don't access controls outside of protected regions 
    (Lars-Peter Clausen)  [Orabug: 19817786]  {CVE-2014-4653} 
    {CVE-2014-4654} {CVE-2014-4655}
    - ALSA: control: Fix replacing user controls (Lars-Peter Clausen) 
    [Orabug: 19817748]  {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655}
    - kvm: iommu: fix the third parameter of kvm_iommu_put_pages 
    (CVE-2014-3601) (Michael S. Tsirkin)  [Orabug: 19817647] {CVE-2014-3601}
    - mm: try_to_unmap_cluster() should lock_page() before mlocking 
    (Vlastimil Babka)  [Orabug: 19817323]  {CVE-2014-3122}
    - vm: convert fb_mmap to vm_iomap_memory() helper (Linus Torvalds) 
    [Orabug: 19816563]  {CVE-2013-2596}
    - vm: add vm_iomap_memory() helper function (Linus Torvalds) [Orabug: 
    19816563]  {CVE-2013-2596}
    - net: sctp: inherit auth_capable on INIT collisions (Daniel Borkmann)  
    [Orabug: 19816068]  {CVE-2014-5077}"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-October/004547.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-October/004548.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected unbreakable enterprise kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/10/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-2596", "CVE-2014-3122", "CVE-2014-3601", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-5077");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2014-3082");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "2.6";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL5", rpm:"kernel-uek-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-2.6.39-400.215.11.el5uek")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-uek-debug-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-debug-2.6.39-400.215.11.el5uek")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-uek-debug-devel-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-debug-devel-2.6.39-400.215.11.el5uek")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-uek-devel-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-devel-2.6.39-400.215.11.el5uek")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-uek-doc-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-doc-2.6.39-400.215.11.el5uek")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-uek-firmware-2.6.39") && rpm_check(release:"EL5", reference:"kernel-uek-firmware-2.6.39-400.215.11.el5uek")) flag++;
    
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-2.6.39-400.215.11.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-debug-2.6.39-400.215.11.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-debug-devel-2.6.39-400.215.11.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-devel-2.6.39-400.215.11.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-doc-2.6.39-400.215.11.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-firmware-2.6.39-400.215.11.el6uek")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0803.NASL
    descriptionUpdated kernel packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id82790
    published2015-04-15
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82790
    titleRHEL 6 : kernel (RHSA-2015:0803)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2015:0803. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82790);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/24 15:35:39");
    
      script_cve_id("CVE-2013-2596", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-8159");
      script_xref(name:"RHSA", value:"2015:0803");
    
      script_name(english:"RHEL 6 : kernel (RHSA-2015:0803)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix multiple security issues and two bugs
    are now available for Red Hat Enterprise Linux 6.4 Advanced Update
    Support.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * It was found that the Linux kernel's Infiniband subsystem did not
    properly sanitize input parameters while registering memory regions
    from user space via the (u)verbs API. A local user with access to a
    /dev/infiniband/uverbsX device could use this flaw to crash the system
    or, potentially, escalate their privileges on the system.
    (CVE-2014-8159, Important)
    
    * An integer overflow flaw was found in the way the Linux kernel's
    Frame Buffer device implementation mapped kernel memory to user space
    via the mmap syscall. A local user able to access a frame buffer
    device file (/dev/fb*) could possibly use this flaw to escalate their
    privileges on the system. (CVE-2013-2596, Important)
    
    * It was found that the parse_rock_ridge_inode_internal() function of
    the Linux kernel's ISOFS implementation did not correctly check
    relocated directories when processing Rock Ridge child link (CL) tags.
    An attacker with physical access to the system could use a specially
    crafted ISO image to crash the system or, potentially, escalate their
    privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low)
    
    Red Hat would like to thank Mellanox for reporting the CVE-2014-8159
    issue.
    
    This update also fixes the following bugs :
    
    * The kernel could sometimes panic due to a possible division by zero
    in the kernel scheduler. This bug has been fixed by defining a new
    div64_ul() division function and correcting the affected calculation
    in the proc_sched_show_task() function. (BZ#1199898)
    
    * When repeating a Coordinated Universal Time (UTC) value during a
    leap second (when the UTC time should be 23:59:60), the International
    Atomic Time (TAI) timescale previously stopped as the kernel NTP code
    incremented the TAI offset one second too late. A patch has been
    provided, which fixes the bug by incrementing the offset during the
    leap second itself. Now, the correct TAI is set during the leap
    second. (BZ#1201672)
    
    All kernel users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. The system
    must be rebooted for this update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2015:0803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-5472"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-5471"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-2596"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-8159"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6\.4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.4", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-2596", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-8159");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2015:0803");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2015:0803";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"kernel-2.6.32-358.59.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"kernel-debug-2.6.32-358.59.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"kernel-debug-debuginfo-2.6.32-358.59.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"kernel-debug-devel-2.6.32-358.59.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"kernel-debuginfo-2.6.32-358.59.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-358.59.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"kernel-devel-2.6.32-358.59.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", reference:"kernel-doc-2.6.32-358.59.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", reference:"kernel-firmware-2.6.32-358.59.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"kernel-headers-2.6.32-358.59.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"perf-2.6.32-358.59.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"perf-debuginfo-2.6.32-358.59.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"python-perf-2.6.32-358.59.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"python-perf-debuginfo-2.6.32-358.59.1.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc");
      }
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-3083.NASL
    descriptionDescription of changes: kernel-uek [2.6.32-400.36.9.el5uek] - ALSA: control: Don
    last seen2020-06-01
    modified2020-06-02
    plugin id78580
    published2014-10-20
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78580
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3083)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Oracle Linux Security Advisory ELSA-2014-3083.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78580);
      script_version("1.11");
      script_cvs_date("Date: 2019/09/30 10:58:19");
    
      script_cve_id("CVE-2013-2596", "CVE-2014-3122", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-5077");
      script_bugtraq_id(59264, 67162, 68162, 68164, 68881);
    
      script_name(english:"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3083)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Description of changes:
    
    kernel-uek
    [2.6.32-400.36.9.el5uek]
    - ALSA: control: Don't access controls outside of protected regions 
    (Lars-Peter Clausen)  [Orabug: 19817787]  {CVE-2014-4653} 
    {CVE-2014-4654} {CVE-2014-4655}
    - ALSA: control: Fix replacing user controls (Lars-Peter Clausen) 
    [Orabug: 19817749]  {CVE-2014-4653} {CVE-2014-4654} {CVE-2014-4655}
    - mm: try_to_unmap_cluster() should lock_page() before mlocking 
    (Vlastimil Babka)  [Orabug: 19817324]  {CVE-2014-3122}
    - vm: convert fb_mmap to vm_iomap_memory() helper (Linus Torvalds) 
    [Orabug: 19816564]  {CVE-2013-2596}
    - vm: add vm_iomap_memory() helper function (Linus Torvalds) [Orabug: 
    19816564]  {CVE-2013-2596}
    - net: sctp: inherit auth_capable on INIT collisions (Daniel Borkmann)  
    [Orabug: 19816069]  {CVE-2014-5077}"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-October/004551.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-October/004552.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected unbreakable enterprise kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.9.el5uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.9.el5uekdebug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.9.el6uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.9.el6uekdebug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.9.el5uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.9.el5uekdebug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.9.el6uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.9.el6uekdebug");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/10/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-2596", "CVE-2014-3122", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-5077");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2014-3083");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "2.6";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL5", rpm:"kernel-uek-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-2.6.32-400.36.9.el5uek")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-uek-debug-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-debug-2.6.32-400.36.9.el5uek")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-uek-debug-devel-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-debug-devel-2.6.32-400.36.9.el5uek")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-uek-devel-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-devel-2.6.32-400.36.9.el5uek")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-uek-doc-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-doc-2.6.32-400.36.9.el5uek")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-uek-firmware-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-firmware-2.6.32-400.36.9.el5uek")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-uek-headers-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-headers-2.6.32-400.36.9.el5uek")) flag++;
    if (rpm_check(release:"EL5", reference:"mlnx_en-2.6.32-400.36.9.el5uek-1.5.7-2")) flag++;
    if (rpm_check(release:"EL5", reference:"mlnx_en-2.6.32-400.36.9.el5uekdebug-1.5.7-2")) flag++;
    if (rpm_check(release:"EL5", reference:"ofa-2.6.32-400.36.9.el5uek-1.5.1-4.0.58")) flag++;
    if (rpm_check(release:"EL5", reference:"ofa-2.6.32-400.36.9.el5uekdebug-1.5.1-4.0.58")) flag++;
    
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-2.6.32-400.36.9.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-debug-2.6.32-400.36.9.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-debug-devel-2.6.32-400.36.9.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-devel-2.6.32-400.36.9.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-doc-2.6.32-400.36.9.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-firmware-2.6.32-400.36.9.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-headers-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-headers-2.6.32-400.36.9.el6uek")) flag++;
    if (rpm_check(release:"EL6", reference:"mlnx_en-2.6.32-400.36.9.el6uek-1.5.7-0.1")) flag++;
    if (rpm_check(release:"EL6", reference:"mlnx_en-2.6.32-400.36.9.el6uekdebug-1.5.7-0.1")) flag++;
    if (rpm_check(release:"EL6", reference:"ofa-2.6.32-400.36.9.el6uek-1.5.1-4.0.58")) flag++;
    if (rpm_check(release:"EL6", reference:"ofa-2.6.32-400.36.9.el6uekdebug-1.5.1-4.0.58")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160315_KERNEL_ON_SL5_X.NASL
    description - An integer overflow flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2016-03-16
    plugin id89957
    published2016-03-16
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89957
    titleScientific Linux Security Update : kernel on SL5.x i386/x86_64 (20160315)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89957);
      script_version("2.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-2596", "CVE-2015-2151");
    
      script_name(english:"Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20160315)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - An integer overflow flaw was found in the way the Linux
        kernel's Frame Buffer device implementation mapped
        kernel memory to user space via the mmap syscall. A
        local user able to access a frame buffer device file
        (/dev/fb*) could possibly use this flaw to escalate
        their privileges on the system. (CVE-2013-2596,
        Important)
    
      - It was found that the Xen hypervisor x86 CPU emulator
        implementation did not correctly handle certain
        instructions with segment overrides, potentially
        resulting in a memory corruption. A malicious guest user
        could use this flaw to read arbitrary data relating to
        other guests, cause a denial of service on the host, or
        potentially escalate their privileges on the host.
        (CVE-2015-2151, Important)
    
    This update also fixes the following bugs :
    
      - Previously, the CPU power of a CPU group could be zero.
        As a consequence, a kernel panic occurred at
        'find_busiest_group+570' with do_divide_error. The
        provided patch ensures that the division is only
        performed if the CPU power is not zero, and the
        aforementioned panic no longer occurs.
    
      - Prior to this update, a bug occurred when performing an
        online resize of an ext4 file system which had been
        previously converted from ext3. As a consequence, the
        kernel crashed. The provided patch fixes online resizing
        for such file systems by limiting the blockgroup search
        loop for non- extent files, and the mentioned kernel
        crash no longer occurs.
    
    The system must be rebooted for this update to take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1603&L=scientific-linux-errata&F=&S=&P=5510
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2eb55a68"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/03/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/16");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL5", reference:"kernel-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-debuginfo-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-debug-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-debug-debuginfo-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-debug-devel-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-debuginfo-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-debuginfo-common-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-devel-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-doc-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-headers-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-xen-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-xen-debuginfo-2.6.18-409.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-xen-devel-2.6.18-409.el5")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1392.NASL
    descriptionUpdated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the sixth regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel
    last seen2020-05-16
    modified2014-10-14
    plugin id78409
    published2014-10-14
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78409
    titleRHEL 6 : kernel (RHSA-2014:1392)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:1392. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78409);
      script_version("1.25");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/15");
    
      script_cve_id("CVE-2013-2596", "CVE-2013-4483", "CVE-2014-0181", "CVE-2014-3122", "CVE-2014-3601", "CVE-2014-4608", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-5045", "CVE-2014-5077");
      script_bugtraq_id(63445, 67034, 67162, 68162, 68164, 68214, 68862, 68881, 69489);
      script_xref(name:"RHSA", value:"2014:1392");
    
      script_name(english:"RHEL 6 : kernel (RHSA-2014:1392)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix multiple security issues, address
    several hundred bugs, and add numerous enhancements are now available
    as part of the ongoing support and maintenance of Red Hat Enterprise
    Linux version 6. This is the sixth regular update.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * A NULL pointer dereference flaw was found in the way the Linux
    kernel's Stream Control Transmission Protocol (SCTP) implementation
    handled simultaneous connections between the same hosts. A remote
    attacker could use this flaw to crash the system. (CVE-2014-5077,
    Important)
    
    * An integer overflow flaw was found in the way the Linux kernel's
    Frame Buffer device implementation mapped kernel memory to user space
    via the mmap syscall. A local user able to access a frame buffer
    device file (/dev/fb*) could possibly use this flaw to escalate their
    privileges on the system. (CVE-2013-2596, Important)
    
    * A flaw was found in the way the ipc_rcu_putref() function in the
    Linux kernel's IPC implementation handled reference counter
    decrementing. A local, unprivileged user could use this flaw to
    trigger an Out of Memory (OOM) condition and, potentially, crash the
    system. (CVE-2013-4483, Moderate)
    
    * It was found that the permission checks performed by the Linux
    kernel when a netlink message was received were not sufficient. A
    local, unprivileged user could potentially bypass these restrictions
    by passing a netlink socket as stdout or stderr to a more privileged
    process and altering the output of this process. (CVE-2014-0181,
    Moderate)
    
    * It was found that the try_to_unmap_cluster() function in the Linux
    kernel's Memory Managment subsystem did not properly handle page
    locking in certain cases, which could potentially trigger the BUG_ON()
    macro in the mlock_vma_page() function. A local, unprivileged user
    could use this flaw to crash the system. (CVE-2014-3122, Moderate)
    
    * A flaw was found in the way the Linux kernel's kvm_iommu_map_pages()
    function handled IOMMU mapping failures. A privileged user in a guest
    with an assigned host device could use this flaw to crash the host.
    (CVE-2014-3601, Moderate)
    
    * Multiple use-after-free flaws were found in the way the Linux
    kernel's Advanced Linux Sound Architecture (ALSA) implementation
    handled user controls. A local, privileged user could use either of
    these flaws to crash the system. (CVE-2014-4653, CVE-2014-4654,
    CVE-2014-4655, Moderate)
    
    * A flaw was found in the way the Linux kernel's VFS subsystem handled
    reference counting when performing unmount operations on symbolic
    links. A local, unprivileged user could use this flaw to exhaust all
    available memory on the system or, potentially, trigger a
    use-after-free error, resulting in a system crash or privilege
    escalation. (CVE-2014-5045, Moderate)
    
    * An integer overflow flaw was found in the way the
    lzo1x_decompress_safe() function of the Linux kernel's LZO
    implementation processed Literal Runs. A local attacker could, in
    extremely rare cases, use this flaw to crash the system or,
    potentially, escalate their privileges on the system. (CVE-2014-4608,
    Low)
    
    Red Hat would like to thank Vladimir Davydov of Parallels for
    reporting CVE-2013-4483, Jack Morgenstein of Mellanox for reporting
    CVE-2014-3601, Vasily Averin of Parallels for reporting CVE-2014-5045,
    and Don A. Bailey from Lab Mouse Security for reporting CVE-2014-4608.
    The security impact of the CVE-2014-3601 issue was discovered by
    Michael Tsirkin of Red Hat.
    
    This update also fixes several hundred bugs and adds numerous
    enhancements. Refer to the Red Hat Enterprise Linux 6.6 Release Notes
    for information on the most significant of these changes, and the
    Technical Notes for further information, both linked to in the
    References.
    
    All Red Hat Enterprise Linux 6 users are advised to install these
    updated packages, which correct these issues, and fix the bugs and add
    the enhancements noted in the Red Hat Enterprise Linux 6.6 Release
    Notes and Technical Notes. The system must be rebooted for this update
    to take effect."
      );
      # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b5caa05f"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2014:1392"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4483"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-3122"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-0181"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4655"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4654"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-5077"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4653"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-5045"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-4608"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-2596"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-3601"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/10/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-2596", "CVE-2013-4483", "CVE-2014-0181", "CVE-2014-3122", "CVE-2014-3601", "CVE-2014-4608", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-5045", "CVE-2014-5077");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2014:1392");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2014:1392";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"kernel-abi-whitelists-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-debug-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-debug-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debug-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-debug-debuginfo-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-debug-debuginfo-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debug-debuginfo-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-debug-devel-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-debug-devel-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debug-devel-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-debuginfo-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-debuginfo-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debuginfo-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-debuginfo-common-i686-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-debuginfo-common-s390x-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-devel-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-devel-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-devel-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"kernel-doc-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"kernel-firmware-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-headers-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-headers-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-headers-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-kdump-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-kdump-debuginfo-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-kdump-devel-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perf-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perf-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perf-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perf-debuginfo-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perf-debuginfo-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perf-debuginfo-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"python-perf-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"python-perf-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-perf-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"python-perf-debuginfo-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"python-perf-debuginfo-2.6.32-504.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-perf-debuginfo-2.6.32-504.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
      }
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-1392.NASL
    descriptionFrom Red Hat Security Advisory 2014:1392 : Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the sixth regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id78618
    published2014-10-22
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78618
    titleOracle Linux 6 : kernel (ELSA-2014-1392)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2014:1392 and 
    # Oracle Linux Security Advisory ELSA-2014-1392 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78618);
      script_version("1.16");
      script_cvs_date("Date: 2019/09/30 10:58:19");
    
      script_cve_id("CVE-2013-2596", "CVE-2013-4483", "CVE-2014-0181", "CVE-2014-3122", "CVE-2014-3601", "CVE-2014-4608", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-5045", "CVE-2014-5077");
      script_bugtraq_id(63445, 67034, 67162, 68162, 68164, 68214, 68862, 68881, 69489);
      script_xref(name:"RHSA", value:"2014:1392");
    
      script_name(english:"Oracle Linux 6 : kernel (ELSA-2014-1392)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2014:1392 :
    
    Updated kernel packages that fix multiple security issues, address
    several hundred bugs, and add numerous enhancements are now available
    as part of the ongoing support and maintenance of Red Hat Enterprise
    Linux version 6. This is the sixth regular update.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * A NULL pointer dereference flaw was found in the way the Linux
    kernel's Stream Control Transmission Protocol (SCTP) implementation
    handled simultaneous connections between the same hosts. A remote
    attacker could use this flaw to crash the system. (CVE-2014-5077,
    Important)
    
    * An integer overflow flaw was found in the way the Linux kernel's
    Frame Buffer device implementation mapped kernel memory to user space
    via the mmap syscall. A local user able to access a frame buffer
    device file (/dev/fb*) could possibly use this flaw to escalate their
    privileges on the system. (CVE-2013-2596, Important)
    
    * A flaw was found in the way the ipc_rcu_putref() function in the
    Linux kernel's IPC implementation handled reference counter
    decrementing. A local, unprivileged user could use this flaw to
    trigger an Out of Memory (OOM) condition and, potentially, crash the
    system. (CVE-2013-4483, Moderate)
    
    * It was found that the permission checks performed by the Linux
    kernel when a netlink message was received were not sufficient. A
    local, unprivileged user could potentially bypass these restrictions
    by passing a netlink socket as stdout or stderr to a more privileged
    process and altering the output of this process. (CVE-2014-0181,
    Moderate)
    
    * It was found that the try_to_unmap_cluster() function in the Linux
    kernel's Memory Managment subsystem did not properly handle page
    locking in certain cases, which could potentially trigger the BUG_ON()
    macro in the mlock_vma_page() function. A local, unprivileged user
    could use this flaw to crash the system. (CVE-2014-3122, Moderate)
    
    * A flaw was found in the way the Linux kernel's kvm_iommu_map_pages()
    function handled IOMMU mapping failures. A privileged user in a guest
    with an assigned host device could use this flaw to crash the host.
    (CVE-2014-3601, Moderate)
    
    * Multiple use-after-free flaws were found in the way the Linux
    kernel's Advanced Linux Sound Architecture (ALSA) implementation
    handled user controls. A local, privileged user could use either of
    these flaws to crash the system. (CVE-2014-4653, CVE-2014-4654,
    CVE-2014-4655, Moderate)
    
    * A flaw was found in the way the Linux kernel's VFS subsystem handled
    reference counting when performing unmount operations on symbolic
    links. A local, unprivileged user could use this flaw to exhaust all
    available memory on the system or, potentially, trigger a
    use-after-free error, resulting in a system crash or privilege
    escalation. (CVE-2014-5045, Moderate)
    
    * An integer overflow flaw was found in the way the
    lzo1x_decompress_safe() function of the Linux kernel's LZO
    implementation processed Literal Runs. A local attacker could, in
    extremely rare cases, use this flaw to crash the system or,
    potentially, escalate their privileges on the system. (CVE-2014-4608,
    Low)
    
    Red Hat would like to thank Vladimir Davydov of Parallels for
    reporting CVE-2013-4483, Jack Morgenstein of Mellanox for reporting
    CVE-2014-3601, Vasily Averin of Parallels for reporting CVE-2014-5045,
    and Don A. Bailey from Lab Mouse Security for reporting CVE-2014-4608.
    The security impact of the CVE-2014-3601 issue was discovered by
    Michael Tsirkin of Red Hat.
    
    This update also fixes several hundred bugs and adds numerous
    enhancements. Refer to the Red Hat Enterprise Linux 6.6 Release Notes
    for information on the most significant of these changes, and the
    Technical Notes for further information, both linked to in the
    References.
    
    All Red Hat Enterprise Linux 6 users are advised to install these
    updated packages, which correct these issues, and fix the bugs and add
    the enhancements noted in the Red Hat Enterprise Linux 6.6 Release
    Notes and Technical Notes. The system must be rebooted for this update
    to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-October/004556.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/10/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-2596", "CVE-2013-4483", "CVE-2014-0181", "CVE-2014-3122", "CVE-2014-3601", "CVE-2014-4608", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-5045", "CVE-2014-5077");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2014-1392");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "2.6";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL6", rpm:"kernel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-2.6.32-504.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-abi-whitelists-2.6.32") && rpm_check(release:"EL6", reference:"kernel-abi-whitelists-2.6.32-504.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-debug-2.6.32") && rpm_check(release:"EL6", reference:"kernel-debug-2.6.32-504.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-debug-devel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-debug-devel-2.6.32-504.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-devel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-devel-2.6.32-504.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-doc-2.6.32") && rpm_check(release:"EL6", reference:"kernel-doc-2.6.32-504.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-firmware-2.6.32") && rpm_check(release:"EL6", reference:"kernel-firmware-2.6.32-504.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-headers-2.6.32") && rpm_check(release:"EL6", reference:"kernel-headers-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"perf-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"python-perf-2.6.32-504.el6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-1392.NASL
    descriptionUpdated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the sixth regular update. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id79181
    published2014-11-12
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79181
    titleCentOS 6 : kernel (CESA-2014:1392)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:1392 and 
    # CentOS Errata and Security Advisory 2014:1392 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79181);
      script_version("1.13");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2013-2596", "CVE-2013-4483", "CVE-2014-0181", "CVE-2014-3122", "CVE-2014-3601", "CVE-2014-4608", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-5045", "CVE-2014-5077");
      script_bugtraq_id(63445, 67034, 67162, 68162, 68164, 68214, 68862, 68881, 69489);
      script_xref(name:"RHSA", value:"2014:1392");
    
      script_name(english:"CentOS 6 : kernel (CESA-2014:1392)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix multiple security issues, address
    several hundred bugs, and add numerous enhancements are now available
    as part of the ongoing support and maintenance of Red Hat Enterprise
    Linux version 6. This is the sixth regular update.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * A NULL pointer dereference flaw was found in the way the Linux
    kernel's Stream Control Transmission Protocol (SCTP) implementation
    handled simultaneous connections between the same hosts. A remote
    attacker could use this flaw to crash the system. (CVE-2014-5077,
    Important)
    
    * An integer overflow flaw was found in the way the Linux kernel's
    Frame Buffer device implementation mapped kernel memory to user space
    via the mmap syscall. A local user able to access a frame buffer
    device file (/dev/fb*) could possibly use this flaw to escalate their
    privileges on the system. (CVE-2013-2596, Important)
    
    * A flaw was found in the way the ipc_rcu_putref() function in the
    Linux kernel's IPC implementation handled reference counter
    decrementing. A local, unprivileged user could use this flaw to
    trigger an Out of Memory (OOM) condition and, potentially, crash the
    system. (CVE-2013-4483, Moderate)
    
    * It was found that the permission checks performed by the Linux
    kernel when a netlink message was received were not sufficient. A
    local, unprivileged user could potentially bypass these restrictions
    by passing a netlink socket as stdout or stderr to a more privileged
    process and altering the output of this process. (CVE-2014-0181,
    Moderate)
    
    * It was found that the try_to_unmap_cluster() function in the Linux
    kernel's Memory Managment subsystem did not properly handle page
    locking in certain cases, which could potentially trigger the BUG_ON()
    macro in the mlock_vma_page() function. A local, unprivileged user
    could use this flaw to crash the system. (CVE-2014-3122, Moderate)
    
    * A flaw was found in the way the Linux kernel's kvm_iommu_map_pages()
    function handled IOMMU mapping failures. A privileged user in a guest
    with an assigned host device could use this flaw to crash the host.
    (CVE-2014-3601, Moderate)
    
    * Multiple use-after-free flaws were found in the way the Linux
    kernel's Advanced Linux Sound Architecture (ALSA) implementation
    handled user controls. A local, privileged user could use either of
    these flaws to crash the system. (CVE-2014-4653, CVE-2014-4654,
    CVE-2014-4655, Moderate)
    
    * A flaw was found in the way the Linux kernel's VFS subsystem handled
    reference counting when performing unmount operations on symbolic
    links. A local, unprivileged user could use this flaw to exhaust all
    available memory on the system or, potentially, trigger a
    use-after-free error, resulting in a system crash or privilege
    escalation. (CVE-2014-5045, Moderate)
    
    * An integer overflow flaw was found in the way the
    lzo1x_decompress_safe() function of the Linux kernel's LZO
    implementation processed Literal Runs. A local attacker could, in
    extremely rare cases, use this flaw to crash the system or,
    potentially, escalate their privileges on the system. (CVE-2014-4608,
    Low)
    
    Red Hat would like to thank Vladimir Davydov of Parallels for
    reporting CVE-2013-4483, Jack Morgenstein of Mellanox for reporting
    CVE-2014-3601, Vasily Averin of Parallels for reporting CVE-2014-5045,
    and Don A. Bailey from Lab Mouse Security for reporting CVE-2014-4608.
    The security impact of the CVE-2014-3601 issue was discovered by
    Michael Tsirkin of Red Hat.
    
    This update also fixes several hundred bugs and adds numerous
    enhancements. Refer to the Red Hat Enterprise Linux 6.6 Release Notes
    for information on the most significant of these changes, and the
    Technical Notes for further information, both linked to in the
    References.
    
    All Red Hat Enterprise Linux 6 users are advised to install these
    updated packages, which correct these issues, and fix the bugs and add
    the enhancements noted in the Red Hat Enterprise Linux 6.6 Release
    Notes and Technical Notes. The system must be rebooted for this update
    to take effect."
      );
      # https://lists.centos.org/pipermail/centos-cr-announce/2014-October/001221.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9556b27e"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2596");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/10/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", reference:"kernel-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-abi-whitelists-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-debug-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-debug-devel-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-devel-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-doc-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-firmware-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-headers-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"perf-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"python-perf-2.6.32-504.el6")) flag++;
    
    
    if (flag)
    {
      cr_plugin_caveat = '\n' +
        'NOTE: The security advisory associated with this vulnerability has a\n' +
        'fixed package version that may only be available in the continuous\n' +
        'release (CR) repository for CentOS, until it is present in the next\n' +
        'point release of CentOS.\n\n' +
    
        'If an equal or higher package level does not exist in the baseline\n' +
        'repository for your major version of CentOS, then updates from the CR\n' +
        'repository will need to be applied in order to address the\n' +
        'vulnerability.\n';
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get() + cr_plugin_caveat
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20141014_KERNEL_ON_SL6_X.NASL
    description* A NULL pointer dereference flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2014-11-04
    plugin id78845
    published2014-11-04
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78845
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20141014)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78845);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25");
    
      script_cve_id("CVE-2013-2596", "CVE-2013-4483", "CVE-2014-0181", "CVE-2014-3122", "CVE-2014-3601", "CVE-2014-4608", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-5045", "CVE-2014-5077");
    
      script_name(english:"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20141014)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "* A NULL pointer dereference flaw was found in the way the Linux
    kernel's Stream Control Transmission Protocol (SCTP) implementation
    handled simultaneous connections between the same hosts. A remote
    attacker could use this flaw to crash the system. (CVE-2014-5077,
    Important)
    
    * An integer overflow flaw was found in the way the Linux kernel's
    Frame Buffer device implementation mapped kernel memory to user space
    via the mmap syscall. A local user able to access a frame buffer
    device file (/dev/fb*) could possibly use this flaw to escalate their
    privileges on the system. (CVE-2013-2596, Important)
    
    * A flaw was found in the way the ipc_rcu_putref() function in the
    Linux kernel's IPC implementation handled reference counter
    decrementing. A local, unprivileged user could use this flaw to
    trigger an Out of Memory (OOM) condition and, potentially, crash the
    system. (CVE-2013-4483, Moderate)
    
    * It was found that the permission checks performed by the Linux
    kernel when a netlink message was received were not sufficient. A
    local, unprivileged user could potentially bypass these restrictions
    by passing a netlink socket as stdout or stderr to a more privileged
    process and altering the output of this process. (CVE-2014-0181,
    Moderate)
    
    * It was found that the try_to_unmap_cluster() function in the Linux
    kernel's Memory Managment subsystem did not properly handle page
    locking in certain cases, which could potentially trigger the BUG_ON()
    macro in the mlock_vma_page() function. A local, unprivileged user
    could use this flaw to crash the system. (CVE-2014-3122, Moderate)
    
    * A flaw was found in the way the Linux kernel's kvm_iommu_map_pages()
    function handled IOMMU mapping failures. A privileged user in a guest
    with an assigned host device could use this flaw to crash the host.
    (CVE-2014-3601, Moderate)
    
    * Multiple use-after-free flaws were found in the way the Linux
    kernel's Advanced Linux Sound Architecture (ALSA) implementation
    handled user controls. A local, privileged user could use either of
    these flaws to crash the system. (CVE-2014-4653, CVE-2014-4654,
    CVE-2014-4655, Moderate)
    
    * A flaw was found in the way the Linux kernel's VFS subsystem handled
    reference counting when performing unmount operations on symbolic
    links. A local, unprivileged user could use this flaw to exhaust all
    available memory on the system or, potentially, trigger a
    use-after-free error, resulting in a system crash or privilege
    escalation. (CVE-2014-5045, Moderate)
    
    * An integer overflow flaw was found in the way the
    lzo1x_decompress_safe() function of the Linux kernel's LZO
    implementation processed Literal Runs. A local attacker could, in
    extremely rare cases, use this flaw to crash the system or,
    potentially, escalate their privileges on the system. (CVE-2014-4608,
    Low)
    
    The system must be rebooted for this update to take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1411&L=scientific-linux-errata&T=0&P=1615
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?398f36ec"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/10/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL6", reference:"kernel-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-abi-whitelists-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debug-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debug-debuginfo-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debug-devel-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debuginfo-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"SL6", cpu:"i386", reference:"kernel-debuginfo-common-i686-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"SL6", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-devel-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-doc-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-firmware-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-headers-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perf-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perf-debuginfo-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"python-perf-2.6.32-504.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"python-perf-debuginfo-2.6.32-504.el6")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
    }
    

Redhat

advisories
  • rhsa
    idRHSA-2015:0695
  • rhsa
    idRHSA-2015:0782
  • rhsa
    idRHSA-2015:0803
rpms
  • kernel-0:2.6.32-504.el6
  • kernel-abi-whitelists-0:2.6.32-504.el6
  • kernel-bootwrapper-0:2.6.32-504.el6
  • kernel-debug-0:2.6.32-504.el6
  • kernel-debug-debuginfo-0:2.6.32-504.el6
  • kernel-debug-devel-0:2.6.32-504.el6
  • kernel-debuginfo-0:2.6.32-504.el6
  • kernel-debuginfo-common-i686-0:2.6.32-504.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-504.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-504.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-504.el6
  • kernel-devel-0:2.6.32-504.el6
  • kernel-doc-0:2.6.32-504.el6
  • kernel-firmware-0:2.6.32-504.el6
  • kernel-headers-0:2.6.32-504.el6
  • kernel-kdump-0:2.6.32-504.el6
  • kernel-kdump-debuginfo-0:2.6.32-504.el6
  • kernel-kdump-devel-0:2.6.32-504.el6
  • perf-0:2.6.32-504.el6
  • perf-debuginfo-0:2.6.32-504.el6
  • python-perf-0:2.6.32-504.el6
  • python-perf-debuginfo-0:2.6.32-504.el6
  • kernel-0:2.6.32-220.60.2.el6
  • kernel-debug-0:2.6.32-220.60.2.el6
  • kernel-debug-debuginfo-0:2.6.32-220.60.2.el6
  • kernel-debug-devel-0:2.6.32-220.60.2.el6
  • kernel-debuginfo-0:2.6.32-220.60.2.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-220.60.2.el6
  • kernel-devel-0:2.6.32-220.60.2.el6
  • kernel-doc-0:2.6.32-220.60.2.el6
  • kernel-firmware-0:2.6.32-220.60.2.el6
  • kernel-headers-0:2.6.32-220.60.2.el6
  • perf-0:2.6.32-220.60.2.el6
  • perf-debuginfo-0:2.6.32-220.60.2.el6
  • python-perf-0:2.6.32-220.60.2.el6
  • python-perf-debuginfo-0:2.6.32-220.60.2.el6
  • kernel-0:2.6.32-431.53.2.el6
  • kernel-abi-whitelists-0:2.6.32-431.53.2.el6
  • kernel-bootwrapper-0:2.6.32-431.53.2.el6
  • kernel-debug-0:2.6.32-431.53.2.el6
  • kernel-debug-debuginfo-0:2.6.32-431.53.2.el6
  • kernel-debug-devel-0:2.6.32-431.53.2.el6
  • kernel-debuginfo-0:2.6.32-431.53.2.el6
  • kernel-debuginfo-common-i686-0:2.6.32-431.53.2.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-431.53.2.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-431.53.2.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-431.53.2.el6
  • kernel-devel-0:2.6.32-431.53.2.el6
  • kernel-doc-0:2.6.32-431.53.2.el6
  • kernel-firmware-0:2.6.32-431.53.2.el6
  • kernel-headers-0:2.6.32-431.53.2.el6
  • kernel-kdump-0:2.6.32-431.53.2.el6
  • kernel-kdump-debuginfo-0:2.6.32-431.53.2.el6
  • kernel-kdump-devel-0:2.6.32-431.53.2.el6
  • perf-0:2.6.32-431.53.2.el6
  • perf-debuginfo-0:2.6.32-431.53.2.el6
  • python-perf-0:2.6.32-431.53.2.el6
  • python-perf-debuginfo-0:2.6.32-431.53.2.el6
  • kernel-0:2.6.32-358.59.1.el6
  • kernel-bootwrapper-0:2.6.32-358.59.1.el6
  • kernel-debug-0:2.6.32-358.59.1.el6
  • kernel-debug-debuginfo-0:2.6.32-358.59.1.el6
  • kernel-debug-devel-0:2.6.32-358.59.1.el6
  • kernel-debuginfo-0:2.6.32-358.59.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-358.59.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-358.59.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-358.59.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-358.59.1.el6
  • kernel-devel-0:2.6.32-358.59.1.el6
  • kernel-doc-0:2.6.32-358.59.1.el6
  • kernel-firmware-0:2.6.32-358.59.1.el6
  • kernel-headers-0:2.6.32-358.59.1.el6
  • kernel-kdump-0:2.6.32-358.59.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-358.59.1.el6
  • kernel-kdump-devel-0:2.6.32-358.59.1.el6
  • perf-0:2.6.32-358.59.1.el6
  • perf-debuginfo-0:2.6.32-358.59.1.el6
  • python-perf-0:2.6.32-358.59.1.el6
  • python-perf-debuginfo-0:2.6.32-358.59.1.el6
  • kernel-0:2.6.18-409.el5
  • kernel-PAE-0:2.6.18-409.el5
  • kernel-PAE-debuginfo-0:2.6.18-409.el5
  • kernel-PAE-devel-0:2.6.18-409.el5
  • kernel-debug-0:2.6.18-409.el5
  • kernel-debug-debuginfo-0:2.6.18-409.el5
  • kernel-debug-devel-0:2.6.18-409.el5
  • kernel-debuginfo-0:2.6.18-409.el5
  • kernel-debuginfo-common-0:2.6.18-409.el5
  • kernel-devel-0:2.6.18-409.el5
  • kernel-doc-0:2.6.18-409.el5
  • kernel-headers-0:2.6.18-409.el5
  • kernel-kdump-0:2.6.18-409.el5
  • kernel-kdump-debuginfo-0:2.6.18-409.el5
  • kernel-kdump-devel-0:2.6.18-409.el5
  • kernel-xen-0:2.6.18-409.el5
  • kernel-xen-debuginfo-0:2.6.18-409.el5
  • kernel-xen-devel-0:2.6.18-409.el5

The Hacker News

idTHN:C8A4219AFC2880AC311776A8C10BAE97
last seen2018-01-27
modified2017-11-28
published2017-11-27
reporterMohit Kumar
sourcehttps://thehackernews.com/2017/11/android-spying-app.html
titleGoogle Detects Android Spyware That Spies On WhatsApp, Skype Calls