Vulnerabilities > CVE-2013-2929 - Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h.

Vulnerable Configurations

Part Description Count
OS
Linux
1879

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Accessing, Modifying or Executing Executable Files
    An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Blue Boxing
    This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
  • Restful Privilege Elevation
    Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
  • Target Programs with Elevated Privileges
    This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.

Nessus

  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0285.NASL
    descriptionUpdated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id72986
    published2014-03-14
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72986
    titleCentOS 5 : kernel (CESA-2014:0285)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:0285 and 
    # CentOS Errata and Security Advisory 2014:0285 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72986);
      script_version("1.9");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2013-2929", "CVE-2013-4483", "CVE-2013-4554", "CVE-2013-6381", "CVE-2013-6383", "CVE-2013-6885", "CVE-2013-7263");
      script_bugtraq_id(63445, 63888, 63890, 63931, 63983, 64111, 64686);
      script_xref(name:"RHSA", value:"2014:0285");
    
      script_name(english:"CentOS 5 : kernel (CESA-2014:0285)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix multiple security issues, several
    bugs, and add one enhancement are now available for Red Hat Enterprise
    Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    Important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * A buffer overflow flaw was found in the way the qeth_snmp_command()
    function in the Linux kernel's QETH network device driver
    implementation handled SNMP IOCTL requests with an out-of-bounds
    length. A local, unprivileged user could use this flaw to crash the
    system or, potentially, escalate their privileges on the system.
    (CVE-2013-6381, Important)
    
    * A flaw was found in the way the ipc_rcu_putref() function in the
    Linux kernel's IPC implementation handled reference counter
    decrementing. A local, unprivileged user could use this flaw to
    trigger an Out of Memory (OOM) condition and, potentially, crash the
    system. (CVE-2013-4483, Moderate)
    
    * It was found that the Xen hypervisor implementation did not
    correctly check privileges of hypercall attempts made by HVM guests,
    allowing hypercalls to be invoked from protection rings 1 and 2 in
    addition to ring 0. A local attacker in an HVM guest able to execute
    code on privilege levels 1 and 2 could potentially use this flaw to
    further escalate their privileges in that guest. Note: Xen HVM guests
    running unmodified versions of Red Hat Enterprise Linux and Microsoft
    Windows are not affected by this issue because they are known to only
    use protection rings 0 (kernel) and 3 (userspace). (CVE-2013-4554,
    Moderate)
    
    * A flaw was found in the way the Linux kernel's Adaptec RAID
    controller (aacraid) checked permissions of compat IOCTLs. A local
    attacker could use this flaw to bypass intended security restrictions.
    (CVE-2013-6383, Moderate)
    
    * It was found that, under specific circumstances, a combination of
    write operations to write-combined memory and locked CPU instructions
    may cause a core hang on certain AMD CPUs (for more information, refer
    to AMD CPU erratum 793 linked in the References section). A privileged
    user in a guest running under the Xen hypervisor could use this flaw
    to cause a denial of service on the host system. This update adds a
    workaround to the Xen hypervisor implementation, which mitigates the
    AMD CPU issue. Note: this issue only affects AMD Family 16h Models
    00h-0Fh Processors. Non-AMD CPUs are not vulnerable. (CVE-2013-6885,
    Moderate)
    
    * It was found that certain protocol handlers in the Linux kernel's
    networking implementation could set the addr_len value without
    initializing the associated data structure. A local, unprivileged user
    could use this flaw to leak kernel stack memory to user space using
    the recvmsg, recvfrom, and recvmmsg system calls. (CVE-2013-7263, Low)
    
    * A flaw was found in the way the get_dumpable() function return value
    was interpreted in the ptrace subsystem of the Linux kernel. When
    'fs.suid_dumpable' was set to 2, a local, unprivileged local user
    could use this flaw to bypass intended ptrace restrictions and obtain
    potentially sensitive information. (CVE-2013-2929, Low)
    
    Red Hat would like to thank Vladimir Davydov of Parallels for
    reporting CVE-2013-4483 and the Xen project for reporting
    CVE-2013-4554 and CVE-2013-6885. Upstream acknowledges Jan Beulich as
    the original reporter of CVE-2013-4554 and CVE-2013-6885.
    
    This update also fixes several bugs and adds one enhancement.
    Documentation for these changes will be available shortly from the
    Technical Notes document linked to in the References section.
    
    All kernel users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues and add this
    enhancement. The system must be rebooted for this update to take
    effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2014-March/020199.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?29e2a6db"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-6381");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/03/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-5", reference:"kernel-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-debug-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-debug-devel-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-devel-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-doc-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-headers-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-xen-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"kernel-xen-devel-2.6.18-371.6.1.el5")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-1971.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id79876
    published2014-12-15
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79876
    titleCentOS 7 : kernel (CESA-2014:1971)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:1971 and 
    # CentOS Errata and Security Advisory 2014:1971 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79876);
      script_version("1.12");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2013-2929", "CVE-2014-1739", "CVE-2014-3181", "CVE-2014-3182", "CVE-2014-3184", "CVE-2014-3185", "CVE-2014-3186", "CVE-2014-3631", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-4027", "CVE-2014-4652", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-4656", "CVE-2014-5045", "CVE-2014-6410");
      script_bugtraq_id(64111, 68048, 68159, 68162, 68163, 68170, 68862, 69763, 69768, 69770, 69779, 69781, 69799, 70095, 70766, 70768, 70883);
      script_xref(name:"RHSA", value:"2014:1971");
    
      script_name(english:"CentOS 7 : kernel (CESA-2014:1971)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix multiple security issues and several
    bugs are now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * A flaw was found in the way the Linux kernel's SCTP implementation
    handled malformed or duplicate Address Configuration Change Chunks
    (ASCONF). A remote attacker could use either of these flaws to crash
    the system. (CVE-2014-3673, CVE-2014-3687, Important)
    
    * A flaw was found in the way the Linux kernel's SCTP implementation
    handled the association's output queue. A remote attacker could send
    specially crafted packets that would cause the system to use an
    excessive amount of memory, leading to a denial of service.
    (CVE-2014-3688, Important)
    
    * Two flaws were found in the way the Apple Magic Mouse/Trackpad
    multi-touch driver and the Minibox PicoLCD driver handled invalid HID
    reports. An attacker with physical access to the system could use
    these flaws to crash the system or, potentially, escalate their
    privileges on the system. (CVE-2014-3181, CVE-2014-3186, Moderate)
    
    * A memory corruption flaw was found in the way the USB ConnectTech
    WhiteHEAT serial driver processed completion commands sent via USB
    Request Blocks buffers. An attacker with physical access to the system
    could use this flaw to crash the system or, potentially, escalate
    their privileges on the system. (CVE-2014-3185, Moderate)
    
    * A flaw was found in the way the Linux kernel's keys subsystem
    handled the termination condition in the associative array garbage
    collection functionality. A local, unprivileged user could use this
    flaw to crash the system. (CVE-2014-3631, Moderate)
    
    * Multiple flaws were found in the way the Linux kernel's ALSA
    implementation handled user controls. A local, privileged user could
    use either of these flaws to crash the system. (CVE-2014-4654,
    CVE-2014-4655, CVE-2014-4656, Moderate)
    
    * A flaw was found in the way the Linux kernel's VFS subsystem handled
    reference counting when performing unmount operations on symbolic
    links. A local, unprivileged user could use this flaw to exhaust all
    available memory on the system or, potentially, trigger a
    use-after-free error, resulting in a system crash or privilege
    escalation. (CVE-2014-5045, Moderate)
    
    * A flaw was found in the way the get_dumpable() function return value
    was interpreted in the ptrace subsystem of the Linux kernel. When
    'fs.suid_dumpable' was set to 2, a local, unprivileged local user
    could use this flaw to bypass intended ptrace restrictions and obtain
    potentially sensitive information. (CVE-2013-2929, Low)
    
    * A stack overflow flaw caused by infinite recursion was found in the
    way the Linux kernel's UDF file system implementation processed
    indirect ICBs. An attacker with physical access to the system could
    use a specially crafted UDF image to crash the system. (CVE-2014-6410,
    Low)
    
    * An information leak flaw in the way the Linux kernel handled media
    device enumerate entities IOCTL requests could allow a local user able
    to access the /dev/media0 device file to leak kernel memory bytes.
    (CVE-2014-1739, Low)
    
    * An out-of-bounds read flaw in the Logitech Unifying receiver driver
    could allow an attacker with physical access to the system to crash
    the system or, potentially, escalate their privileges on the system.
    (CVE-2014-3182, Low)
    
    * Multiple out-of-bounds write flaws were found in the way the Cherry
    Cymotion keyboard driver, KYE/Genius device drivers, Logitech device
    drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote
    control driver, and Sunplus wireless desktop driver handled invalid
    HID reports. An attacker with physical access to the system could use
    either of these flaws to write data past an allocated memory buffer.
    (CVE-2014-3184, Low)
    
    * An information leak flaw was found in the RAM Disks Memory Copy
    (rd_mcp) back end driver of the iSCSI Target subsystem could allow a
    privileged user to leak the contents of kernel memory to an iSCSI
    initiator remote client. (CVE-2014-4027, Low)
    
    * An information leak flaw in the Linux kernel's ALSA implementation
    could allow a local, privileged user to leak kernel memory to user
    space. (CVE-2014-4652, Low)"
      );
      # https://lists.centos.org/pipermail/centos-announce/2014-December/020820.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0a91b585"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3673");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/12/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-abi-whitelists-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-debug-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-devel-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-doc-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-headers-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"perf-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-perf-3.10.0-123.13.1.el7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140312_KERNEL_ON_SL5_X.NASL
    description* A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel
    last seen2020-03-18
    modified2014-03-14
    plugin id73012
    published2014-03-14
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73012
    titleScientific Linux Security Update : kernel on SL5.x i386/x86_64 (20140312)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(73012);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-2929", "CVE-2013-4483", "CVE-2013-4554", "CVE-2013-6381", "CVE-2013-6383", "CVE-2013-6885", "CVE-2013-7263", "CVE-2013-7265");
    
      script_name(english:"Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20140312)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "* A buffer overflow flaw was found in the way the qeth_snmp_command()
    function in the Linux kernel's QETH network device driver
    implementation handled SNMP IOCTL requests with an out-of-bounds
    length. A local, unprivileged user could use this flaw to crash the
    system or, potentially, escalate their privileges on the system.
    (CVE-2013-6381, Important)
    
    * A flaw was found in the way the ipc_rcu_putref() function in the
    Linux kernel's IPC implementation handled reference counter
    decrementing. A local, unprivileged user could use this flaw to
    trigger an Out of Memory (OOM) condition and, potentially, crash the
    system. (CVE-2013-4483, Moderate)
    
    * It was found that the Xen hypervisor implementation did not
    correctly check privileges of hypercall attempts made by HVM guests,
    allowing hypercalls to be invoked from protection rings 1 and 2 in
    addition to ring 0. A local attacker in an HVM guest able to execute
    code on privilege levels 1 and 2 could potentially use this flaw to
    further escalate their privileges in that guest. Note: Xen HVM guests
    running unmodified versions of Scientific Linux and Microsoft Windows
    are not affected by this issue because they are known to only use
    protection rings 0 (kernel) and 3 (userspace). (CVE-2013-4554,
    Moderate)
    
    * A flaw was found in the way the Linux kernel's Adaptec RAID
    controller (aacraid) checked permissions of compat IOCTLs. A local
    attacker could use this flaw to bypass intended security restrictions.
    (CVE-2013-6383, Moderate)
    
    A privileged user in a guest running under the Xen hypervisor could
    use this flaw to cause a denial of service on the host system. This
    update adds a workaround to the Xen hypervisor implementation, which
    mitigates the AMD CPU issue. Note: this issue only affects AMD Family
    16h Models 00h-0Fh Processors. Non-AMD CPUs are not vulnerable.
    (CVE-2013-6885, Moderate)
    
    * It was found that certain protocol handlers in the Linux kernel's
    networking implementation could set the addr_len value without
    initializing the associated data structure. A local, unprivileged user
    could use this flaw to leak kernel stack memory to user space using
    the recvmsg, recvfrom, and recvmmsg system calls. (CVE-2013-7263, Low)
    
    * A flaw was found in the way the get_dumpable() function return value
    was interpreted in the ptrace subsystem of the Linux kernel. When
    'fs.suid_dumpable' was set to 2, a local, unprivileged local user
    could use this flaw to bypass intended ptrace restrictions and obtain
    potentially sensitive information. (CVE-2013-2929, Low)
    
    The system must be rebooted for this update to take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1403&L=scientific-linux-errata&T=0&P=822
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f00d3331"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/03/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL5", reference:"kernel-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-debuginfo-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-debug-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-debug-debuginfo-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-debug-devel-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-debuginfo-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-debuginfo-common-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-devel-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-doc-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-headers-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-xen-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-xen-debuginfo-2.6.18-371.6.1.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kernel-xen-devel-2.6.18-371.6.1.el5")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-3034.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id74101
    published2014-05-20
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74101
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3034)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from Oracle Linux
    # Security Advisory ELSA-2014-3034.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74101);
      script_version("1.20");
      script_cvs_date("Date: 2019/09/30 10:58:19");
    
      script_cve_id("CVE-2013-2929", "CVE-2013-4587", "CVE-2013-6383", "CVE-2013-6885", "CVE-2013-7263", "CVE-2013-7265", "CVE-2013-7266", "CVE-2014-0038", "CVE-2014-0049", "CVE-2014-0055", "CVE-2014-0069", "CVE-2014-0077", "CVE-2014-0101", "CVE-2014-0196", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2851");
      script_bugtraq_id(63983, 64328, 64743, 65255, 65909, 66095, 67199, 67282);
    
      script_name(english:"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3034)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote Oracle Linux host is missing a security update for
    the Unbreakable Enterprise kernel package(s)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-May/004134.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected unbreakable enterprise kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel recvmmsg Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-35.el6uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-provider-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-2929", "CVE-2013-4587", "CVE-2013-6383", "CVE-2013-6885", "CVE-2013-7263", "CVE-2013-7265", "CVE-2013-7266", "CVE-2014-0038", "CVE-2014-0049", "CVE-2014-0055", "CVE-2014-0069", "CVE-2014-0077", "CVE-2014-0101", "CVE-2014-0196", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2851");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2014-3034");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "3.8";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_check(release:"EL6", cpu:"x86_64", reference:"dtrace-modules-3.8.13-35.el6uek-0.4.3-4.el6")) flag++;
    if (rpm_check(release:"EL6", cpu:"x86_64", reference:"dtrace-modules-headers-0.4.3-4.el6")) flag++;
    if (rpm_check(release:"EL6", cpu:"x86_64", reference:"dtrace-modules-provider-headers-0.4.3-4.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-3.8.13-35.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-3.8.13-35.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-devel-3.8.13-35.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-devel-3.8.13-35.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-doc-3.8.13-35.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-firmware-3.8.13-35.el6uek")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2129-1.NASL
    descriptionAn information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. (CVE-2013-0160) Vasily Kulikov reported a flaw in the Linux kernel
    last seen2020-03-18
    modified2014-03-06
    plugin id72858
    published2014-03-06
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72858
    titleUbuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2129-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2129-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72858);
      script_version("1.10");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-0160", "CVE-2013-2929", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6380", "CVE-2013-6382", "CVE-2013-7027", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271", "CVE-2014-1444", "CVE-2014-1445", "CVE-2014-1446", "CVE-2014-1874");
      script_bugtraq_id(57176, 63887, 63889, 64013, 64111, 64270, 64328, 64739, 64741, 64742, 64743, 64744, 64746, 64952, 64953, 64954, 65459);
      script_xref(name:"USN", value:"2129-1");
    
      script_name(english:"Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2129-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An information leak was discovered in the Linux kernel when inotify is
    used to monitor the /dev/ptmx device. A local user could exploit this
    flaw to discover keystroke timing and potentially discover sensitive
    information like password length. (CVE-2013-0160)
    
    Vasily Kulikov reported a flaw in the Linux kernel's implementation of
    ptrace. An unprivileged local user could exploit this flaw to obtain
    sensitive information from kernel memory. (CVE-2013-2929)
    
    Andrew Honig reported a flaw in the Linux Kernel's
    kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM)
    subsystem. A local user could exploit this flaw to gain privileges on
    the host machine. (CVE-2013-4587)
    
    Andrew Honig reported a flaw in the apic_get_tmcct function of the
    Kernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS
    user could exploit this flaw to cause a denial of service or host OS
    system crash. (CVE-2013-6367)
    
    Nico Golde and Fabian Yamaguchi reported a flaw in the driver for
    Adaptec AACRAID scsi raid devices in the Linux kernel. A local user
    could use this flaw to cause a denial of service or possibly other
    unspecified impact. (CVE-2013-6380)
    
    Nico Golde and Fabian Yamaguchi reported buffer underflow errors in
    the implementation of the XFS filesystem in the Linux kernel. A local
    user with CAP_SYS_ADMIN could exploit these flaw to cause a denial of
    service (memory corruption) or possibly other unspecified issues.
    (CVE-2013-6382)
    
    Evan Huus reported a buffer overflow in the Linux kernel's radiotap
    header parsing. A remote attacker could cause a denial of service
    (buffer over- read) via a specially crafted header. (CVE-2013-7027)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with ISDN sockets in the Linux kernel. A
    local user could exploit this leak to obtain potentially sensitive
    information from kernel memory. (CVE-2013-7266)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with apple talk sockets in the Linux
    kernel. A local user could exploit this leak to obtain potentially
    sensitive information from kernel memory. (CVE-2013-7267)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with ipx protocol sockets in the Linux
    kernel. A local user could exploit this leak to obtain potentially
    sensitive information from kernel memory. (CVE-2013-7268)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with the netrom address family in the
    Linux kernel. A local user could exploit this leak to obtain
    potentially sensitive information from kernel memory. (CVE-2013-7269)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with packet address family sockets in
    the Linux kernel. A local user could exploit this leak to obtain
    potentially sensitive information from kernel memory. (CVE-2013-7270)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with x25 protocol sockets in the Linux
    kernel. A local user could exploit this leak to obtain potentially
    sensitive information from kernel memory. (CVE-2013-7271)
    
    An information leak was discovered in the Linux kernel's SIOCWANDEV
    ioctl call. A local user with the CAP_NET_ADMIN capability could
    exploit this flaw to obtain potentially sensitive information from
    kernel memory. (CVE-2014-1444)
    
    An information leak was discovered in the wanxl ioctl function the
    Linux kernel. A local user could exploit this flaw to obtain
    potentially sensitive information from kernel memory. (CVE-2014-1445)
    
    An information leak was discovered in the Linux kernel's hamradio YAM
    driver for AX.25 packet radio. A local user with the CAP_NET_ADMIN
    capability could exploit this flaw to obtain sensitive information
    from kernel memory. (CVE-2014-1446)
    
    Matthew Thode reported a denial of service vulnerability in the Linux
    kernel when SELinux support is enabled. A local user with the
    CAP_MAC_ADMIN capability (and the SELinux mac_admin permission if
    running in enforcing mode) could exploit this flaw to cause a denial
    of service (kernel crash). (CVE-2014-1874).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2129-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected linux-image-2.6-ec2 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/03/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-0160", "CVE-2013-2929", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6380", "CVE-2013-6382", "CVE-2013-7027", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271", "CVE-2014-1444", "CVE-2014-1445", "CVE-2014-1446", "CVE-2014-1874");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2129-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-362-ec2", pkgver:"2.6.32-362.75")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-ec2");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0285.NASL
    descriptionUpdated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id72975
    published2014-03-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72975
    titleRHEL 5 : kernel (RHSA-2014:0285)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:0285. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72975);
      script_version("1.12");
      script_cvs_date("Date: 2019/10/24 15:35:38");
    
      script_cve_id("CVE-2013-2929", "CVE-2013-4483", "CVE-2013-4554", "CVE-2013-6381", "CVE-2013-6383", "CVE-2013-6885", "CVE-2013-7263");
      script_bugtraq_id(63445, 63888, 63890, 63931, 63983, 64111, 64686);
      script_xref(name:"RHSA", value:"2014:0285");
    
      script_name(english:"RHEL 5 : kernel (RHSA-2014:0285)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix multiple security issues, several
    bugs, and add one enhancement are now available for Red Hat Enterprise
    Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    Important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * A buffer overflow flaw was found in the way the qeth_snmp_command()
    function in the Linux kernel's QETH network device driver
    implementation handled SNMP IOCTL requests with an out-of-bounds
    length. A local, unprivileged user could use this flaw to crash the
    system or, potentially, escalate their privileges on the system.
    (CVE-2013-6381, Important)
    
    * A flaw was found in the way the ipc_rcu_putref() function in the
    Linux kernel's IPC implementation handled reference counter
    decrementing. A local, unprivileged user could use this flaw to
    trigger an Out of Memory (OOM) condition and, potentially, crash the
    system. (CVE-2013-4483, Moderate)
    
    * It was found that the Xen hypervisor implementation did not
    correctly check privileges of hypercall attempts made by HVM guests,
    allowing hypercalls to be invoked from protection rings 1 and 2 in
    addition to ring 0. A local attacker in an HVM guest able to execute
    code on privilege levels 1 and 2 could potentially use this flaw to
    further escalate their privileges in that guest. Note: Xen HVM guests
    running unmodified versions of Red Hat Enterprise Linux and Microsoft
    Windows are not affected by this issue because they are known to only
    use protection rings 0 (kernel) and 3 (userspace). (CVE-2013-4554,
    Moderate)
    
    * A flaw was found in the way the Linux kernel's Adaptec RAID
    controller (aacraid) checked permissions of compat IOCTLs. A local
    attacker could use this flaw to bypass intended security restrictions.
    (CVE-2013-6383, Moderate)
    
    * It was found that, under specific circumstances, a combination of
    write operations to write-combined memory and locked CPU instructions
    may cause a core hang on certain AMD CPUs (for more information, refer
    to AMD CPU erratum 793 linked in the References section). A privileged
    user in a guest running under the Xen hypervisor could use this flaw
    to cause a denial of service on the host system. This update adds a
    workaround to the Xen hypervisor implementation, which mitigates the
    AMD CPU issue. Note: this issue only affects AMD Family 16h Models
    00h-0Fh Processors. Non-AMD CPUs are not vulnerable. (CVE-2013-6885,
    Moderate)
    
    * It was found that certain protocol handlers in the Linux kernel's
    networking implementation could set the addr_len value without
    initializing the associated data structure. A local, unprivileged user
    could use this flaw to leak kernel stack memory to user space using
    the recvmsg, recvfrom, and recvmmsg system calls. (CVE-2013-7263, Low)
    
    * A flaw was found in the way the get_dumpable() function return value
    was interpreted in the ptrace subsystem of the Linux kernel. When
    'fs.suid_dumpable' was set to 2, a local, unprivileged local user
    could use this flaw to bypass intended ptrace restrictions and obtain
    potentially sensitive information. (CVE-2013-2929, Low)
    
    Red Hat would like to thank Vladimir Davydov of Parallels for
    reporting CVE-2013-4483 and the Xen project for reporting
    CVE-2013-4554 and CVE-2013-6885. Upstream acknowledges Jan Beulich as
    the original reporter of CVE-2013-4554 and CVE-2013-6885.
    
    This update also fixes several bugs and adds one enhancement.
    Documentation for these changes will be available shortly from the
    Technical Notes document linked to in the References section.
    
    All kernel users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues and add this
    enhancement. The system must be rebooted for this update to take
    effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf"
      );
      # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c6b506c4"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2014:0285"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-6383"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-2929"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-6381"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-7263"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4554"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-6885"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4483"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/03/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2014:0285";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-debuginfo-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-devel-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-debuginfo-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-debuginfo-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-debuginfo-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-devel-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-devel-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-devel-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debuginfo-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debuginfo-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debuginfo-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debuginfo-common-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debuginfo-common-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debuginfo-common-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-devel-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-devel-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-devel-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", reference:"kernel-doc-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"kernel-headers-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-headers-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-headers-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-debuginfo-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-devel-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-debuginfo-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-debuginfo-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-devel-2.6.18-371.6.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-devel-2.6.18-371.6.1.el5")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc");
      }
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20141209_KERNEL_ON_SL7_X.NASL
    description* A flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2014-12-15
    plugin id80014
    published2014-12-15
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80014
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20141209)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(80014);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25");
    
      script_cve_id("CVE-2013-2929", "CVE-2014-1739", "CVE-2014-3181", "CVE-2014-3182", "CVE-2014-3184", "CVE-2014-3185", "CVE-2014-3186", "CVE-2014-3631", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-4027", "CVE-2014-4652", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-4656", "CVE-2014-5045", "CVE-2014-6410");
    
      script_name(english:"Scientific Linux Security Update : kernel on SL7.x x86_64 (20141209)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "* A flaw was found in the way the Linux kernel's SCTP implementation
    handled the association's output queue. A remote attacker could send
    specially crafted packets that would cause the system to use an
    excessive amount of memory, leading to a denial of service.
    (CVE-2014-3688, Important)
    
    * Two flaws were found in the way the Apple Magic Mouse/Trackpad
    multi- touch driver and the Minibox PicoLCD driver handled invalid HID
    reports. An attacker with physical access to the system could use
    these flaws to crash the system or, potentially, escalate their
    privileges on the system. (CVE-2014-3181, CVE-2014-3186, Moderate)
    
    * A memory corruption flaw was found in the way the USB ConnectTech
    WhiteHEAT serial driver processed completion commands sent via USB
    Request Blocks buffers. An attacker with physical access to the system
    could use this flaw to crash the system or, potentially, escalate
    their privileges on the system. (CVE-2014-3185, Moderate)
    
    * A flaw was found in the way the Linux kernel's keys subsystem
    handled the termination condition in the associative array garbage
    collection functionality. A local, unprivileged user could use this
    flaw to crash the system. (CVE-2014-3631, Moderate)
    
    * Multiple flaws were found in the way the Linux kernel's ALSA
    implementation handled user controls. A local, privileged user could
    use either of these flaws to crash the system. (CVE-2014-4654,
    CVE-2014-4655, CVE-2014-4656, Moderate)
    
    * A flaw was found in the way the Linux kernel's VFS subsystem handled
    reference counting when performing unmount operations on symbolic
    links. A local, unprivileged user could use this flaw to exhaust all
    available memory on the system or, potentially, trigger a
    use-after-free error, resulting in a system crash or privilege
    escalation. (CVE-2014-5045, Moderate)
    
    * A flaw was found in the way the get_dumpable() function return value
    was interpreted in the ptrace subsystem of the Linux kernel. When
    'fs.suid_dumpable' was set to 2, a local, unprivileged local user
    could use this flaw to bypass intended ptrace restrictions and obtain
    potentially sensitive information. (CVE-2013-2929, Low)
    
    * A stack overflow flaw caused by infinite recursion was found in the
    way the Linux kernel's UDF file system implementation processed
    indirect ICBs. An attacker with physical access to the system could
    use a specially crafted UDF image to crash the system. (CVE-2014-6410,
    Low)
    
    * An information leak flaw in the way the Linux kernel handled media
    device enumerate entities IOCTL requests could allow a local user able
    to access the /dev/media0 device file to leak kernel memory bytes.
    (CVE-2014-1739, Low)
    
    * An out-of-bounds read flaw in the Logitech Unifying receiver driver
    could allow an attacker with physical access to the system to crash
    the system or, potentially, escalate their privileges on the system.
    (CVE-2014-3182, Low)
    
    * Multiple out-of-bounds write flaws were found in the way the Cherry
    Cymotion keyboard driver, KYE/Genius device drivers, Logitech device
    drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote
    control driver, and Sunplus wireless desktop driver handled invalid
    HID reports. An attacker with physical access to the system could use
    either of these flaws to write data past an allocated memory buffer.
    (CVE-2014-3184, Low)
    
    * An information leak flaw was found in the RAM Disks Memory Copy
    (rd_mcp) back end driver of the iSCSI Target subsystem could allow a
    privileged user to leak the contents of kernel memory to an iSCSI
    initiator remote client. (CVE-2014-4027, Low)
    
    * An information leak flaw in the Linux kernel's ALSA implementation
    could allow a local, privileged user to leak kernel memory to user
    space. (CVE-2014-4652, Low)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1412&L=scientific-linux-errata&T=0&P=1701
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7d96b923"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/12/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/12/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"SL7", reference:"kernel-abi-whitelists-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"SL7", reference:"kernel-doc-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-debuginfo-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-debuginfo-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-3.10.0-123.13.1.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-debuginfo-3.10.0-123.13.1.el7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1535.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel, through 4.13.11, allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16645i1/4%0 - It was found that due to excessive files_lock locking, a soft lockup could be triggered in the Linux kernel when performing asynchronous I/O operations. A local, unprivileged user could use this flaw to crash the system.(CVE-2014-8172i1/4%0 - A flaw was discovered in the kernel
    last seen2020-03-19
    modified2019-05-14
    plugin id124988
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124988
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1535)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2128-1.NASL
    descriptionAn information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. (CVE-2013-0160) Vasily Kulikov reported a flaw in the Linux kernel
    last seen2020-03-18
    modified2014-03-06
    plugin id72857
    published2014-03-06
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72857
    titleUbuntu 10.04 LTS : linux vulnerabilities (USN-2128-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0159.NASL
    descriptionFrom Red Hat Security Advisory 2014:0159 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id72469
    published2014-02-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72469
    titleOracle Linux 6 : kernel (ELSA-2014-0159)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0100.NASL
    descriptionUpdated kernel-rt packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise MRG 2.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76672
    published2014-07-22
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76672
    titleRHEL 6 : MRG (RHSA-2014:0100)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1473.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation.(CVE-2013-1059) - The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature.(CVE-2013-2140) - The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.(CVE-2013-2164) - Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.(CVE-2013-2888) - drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.(CVE-2013-2889) - drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.(CVE-2013-2892) - A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When
    last seen2020-06-01
    modified2020-06-02
    plugin id124797
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124797
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1473)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2112-1.NASL
    descriptionVasily Kulikov reported a flaw in the Linux kernel
    last seen2020-03-18
    modified2014-02-19
    plugin id72575
    published2014-02-19
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72575
    titleUbuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2112-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0159.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id72437
    published2014-02-12
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72437
    titleCentOS 6 : kernel (CESA-2014:0159)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2075-1.NASL
    descriptionVasily Kulikov reported a flaw in the Linux kernel
    last seen2020-03-18
    modified2014-01-05
    plugin id71799
    published2014-01-05
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71799
    titleUbuntu 13.10 : linux vulnerabilities (USN-2075-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1971.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id79848
    published2014-12-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79848
    titleRHEL 7 : kernel (RHSA-2014:1971)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-3011.NASL
    descriptionDescription of changes: [3.8.13-26.1.1.el6uek] - inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions (Hannes Frederic Sowa) [18247287] {CVE-2013-7263} {CVE-2013-7265} - inet: prevent leakage of uninitialized memory to user in recv syscalls (Hannes Frederic Sowa) [18238377] {CVE-2013-7263} {CVE-2013-7265} - exec/ptrace: fix get_dumpable() incorrect tests (Kees Cook) [18238348] {CVE-2013-2929}
    last seen2020-06-01
    modified2020-06-02
    plugin id72535
    published2014-02-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72535
    titleOracle Linux 6 : unbreakable enterprise kernel (ELSA-2014-3011)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140211_KERNEL_ON_SL6_X.NASL
    description* A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel
    last seen2020-03-18
    modified2014-02-13
    plugin id72475
    published2014-02-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72475
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20140211)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0057.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id99163
    published2017-04-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99163
    titleOracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0285-1.NASL
    descriptionFrom Red Hat Security Advisory 2014:0285 : Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id73006
    published2014-03-14
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73006
    titleOracle Linux 5 : kernel (ELSA-2014-0285-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2070-1.NASL
    descriptionVasily Kulikov reported a flaw in the Linux kernel
    last seen2020-03-18
    modified2014-01-05
    plugin id71796
    published2014-01-05
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/71796
    titleUbuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2070-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2111-1.NASL
    descriptionVasily Kulikov reported a flaw in the Linux kernel
    last seen2020-03-18
    modified2014-02-19
    plugin id72574
    published2014-02-19
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72574
    titleUbuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2111-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2114-1.NASL
    descriptionVasily Kulikov reported a flaw in the Linux kernel
    last seen2020-03-18
    modified2014-02-19
    plugin id72577
    published2014-02-19
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72577
    titleUbuntu 12.10 : linux vulnerabilities (USN-2114-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0481-1.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 2 LTSS kernel has been updated to fix security issues on kernels on the x86_64 architecture. The following security bugs have been fixed : - CVE-2012-4398: The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application (bnc#779488). - CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c (bnc#835839). - CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (bnc#835839). - CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (bnc#835839). - CVE-2013-2929: The Linux kernel before 3.12.2 did not properly use the get_dumpable function, which allowed local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h (bnc#847652). - CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c (bnc#857643). - CVE-2014-0131: Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allowed attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation (bnc#867723). - CVE-2014-0181: The Netlink implementation in the Linux kernel through 3.14.1 did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051). - CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 did not properly count the addition of routes, which allowed remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets (bnc#867531). - CVE-2014-3181: Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event (bnc#896382). - CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might have allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). - CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). - CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report (bnc#896392). - CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages (bnc#892782). - CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192). - CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). - CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). - CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346). - CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter (bnc#902349). - CVE-2014-3688: The SCTP implementation in the Linux kernel before 3.17.4 allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an associations output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351). - CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors did not ensure that the value in the CR4 control register remains the same after a VM entry, which allowed host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU (bnc#902232). - CVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run (bnc#883948). - CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allowed local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (bnc#887082). - CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allowed local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry (bnc#892490). - CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allowed local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry (bnc#892490). - CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (bnc#904013). - CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (bnc#905100). - CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313 (bnc#905312). - CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which made it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value (bnc#909078). - CVE-2014-8369: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allowed guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601 (bnc#902675). - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 did not properly maintain the semantics of rename_lock, which allowed local users to cause a denial of service (deadlock and system hang) via a crafted application (bnc#903640). - CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets (bnc#904700). - CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image (bnc#912654). - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD (bnc#912705). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id83696
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83696
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2015:0481-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-291.NASL
    descriptionMultiple vulnerabilities has been found and corrected in the Linux kernel : The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h (CVE-2013-2929). The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application (CVE-2013-2930). Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c (CVE-2013-4511). Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging root privileges for a write operation (CVE-2013-4512). Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions (CVE-2013-4514). The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call (CVE-2013-4515). Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots (CVE-2013-4592). The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation (CVE-2013-6378). The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command (CVE-2013-6380). Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size (CVE-2013-6381). The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call (CVE-2013-6383). The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted mmap operations, a different vulnerability than CVE-2013-4511 (CVE-2013-6763). The updated packages provides a solution for these security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id71511
    published2013-12-18
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71511
    titleMandriva Linux Security Advisory : kernel (MDVSA-2013:291)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-3010.NASL
    descriptionDescription of changes: [2.6.32-400.34.3.el6uek] - inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions (Hannes Frederic Sowa) [18247290] {CVE-2013-7263} {CVE-2013-7265} [2.6.32-400.34.2.el6uek] - exec/ptrace: fix get_dumpable() incorrect tests (Kees Cook) [18239033] {CVE-2013-2929} {CVE-2013-2929} - inet: prevent leakage of uninitialized memory to user in recv syscalls (Hannes Frederic Sowa) [18239036] {CVE-2013-7263} {CVE-2013-7265}
    last seen2020-06-01
    modified2020-06-02
    plugin id72534
    published2014-02-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72534
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3010)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2109-1.NASL
    descriptionVasily Kulikov reported a flaw in the Linux kernel
    last seen2020-03-18
    modified2014-02-19
    plugin id72573
    published2014-02-19
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72573
    titleUbuntu 12.04 LTS : linux vulnerabilities (USN-2109-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0290.NASL
    descriptionThe remote Oracle Linux host is missing a security update for one or more kernel-related packages.
    last seen2020-06-01
    modified2020-06-02
    plugin id81800
    published2015-03-13
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81800
    titleOracle Linux 7 : kernel (ELSA-2015-0290)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0285.NASL
    descriptionFrom Red Hat Security Advisory 2014:0285 : Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id73007
    published2014-03-14
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73007
    titleOracle Linux 5 : kernel (ELSA-2014-0285)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2906.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-0343 George Kargiotakis reported an issue in the temporary address handling of the IPv6 privacy extensions. Users on the same LAN can cause a denial of service or obtain access to sensitive information by sending router advertisement messages that cause temporary address generation to be disabled. - CVE-2013-2147 Dan Carpenter reported issues in the cpqarray driver for Compaq Smart2 Controllers and the cciss driver for HP Smart Array controllers allowing users to gain access to sensitive kernel memory. - CVE-2013-2889 Kees Cook discovered missing input sanitization in the HID driver for Zeroplus game pads that could lead to a local denial of service. - CVE-2013-2893 Kees Cook discovered that missing input sanitization in the HID driver for various Logitech force feedback devices could lead to a local denial of service. - CVE-2013-2929 Vasily Kulikov discovered that a flaw in the get_dumpable() function of the ptrace subsytsem could lead to information disclosure. Only systems with the fs.suid_dumpable sysctl set to a non-default value of
    last seen2020-03-17
    modified2014-04-27
    plugin id73713
    published2014-04-27
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73713
    titleDebian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2014-0287-1.NASL
    descriptionThis is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update to fix a lot of security issues and non-security bugs. The following security bugs have been fixed : CVE-2011-3593: A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames. (bnc#735347) CVE-2012-1601: The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. (bnc#754898) CVE-2012-2137: Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function. (bnc#767612) CVE-2012-2372: The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interfaces own IP address, as demonstrated by rds-ping. (bnc#767610) CVE-2012-2745: The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call. (bnc#770695) CVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083. (bnc#769896) CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. (bnc#774523) CVE-2012-3430: The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. (bnc#773383) CVE-2012-3511: Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call. (bnc#776885) CVE-2012-4444: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. (bnc#789831) CVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#786013) CVE-2012-4565: The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats. (bnc#787576) CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. (bnc#809889) CVE-2012-6538: The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. (bnc#809889) CVE-2012-6539: The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809891) CVE-2012-6540: The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809892) CVE-2012-6541: The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809893) CVE-2012-6542: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. (bnc#809894) CVE-2012-6544: The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. (bnc#809898) CVE-2012-6545: The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. (bnc#809899) CVE-2012-6546: The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809900) CVE-2012-6547: The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809901) CVE-2012-6548: The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (bnc#809902) CVE-2012-6549: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (bnc#809903) CVE-2013-0160: The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. (bnc#797175) CVE-2013-0216: The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. (bnc#800280)(XSA-39) CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third-party information. (bnc#801178)(XSA-43) CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. (bnc#802642) CVE-2013-0310: The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call. (bnc#804653) CVE-2013-0343: The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages. (bnc#805226) CVE-2013-0349: The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call. (bnc#805227) CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. (bnc#804154) CVE-2013-0914: The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. (bnc#808827) CVE-2013-1767: Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. (bnc#806138) CVE-2013-1773: Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. (bnc#806977) CVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. (bnc#806976) CVE-2013-1792: Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads. (bnc#808358) CVE-2013-1796: The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. (bnc#806980) CVE-2013-1797: Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. (bnc#806980) CVE-2013-1798: The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. (bnc#806980) CVE-2013-1827: net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. (bnc#811354) CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. (bnc#813735) CVE-2013-1943: The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guests physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c. (bnc#828012) CVE-2013-2015: The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test. (bnc#817377) CVE-2013-2141: The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. (bnc#823267) CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. (bnc#823260) CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. (bnc#824295) CVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. (bnc#827750) CVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. (bnc#827749) CVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. (bnc#828119) CVE-2013-2634: net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#810473) CVE-2013-2851: Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. (bnc#822575) CVE-2013-2852: Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. (bnc#822579) CVE-2013-2888: Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID. (bnc#835839) CVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839) CVE-2013-2892: drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839) CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. (bnc#835839) CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. (bnc#835839) CVE-2013-2929: The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. (bnc#847652) CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3235: net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) CVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. (bnc#847672) CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) CVE-2013-4588: Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function. (bnc#851095) CVE-2013-4591: Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a getxattr system call for the system.nfs4_acl extended attribute of a pathname on an NFSv4 filesystem. (bnc#851103) CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) CVE-2014-1444: The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869) CVE-2014-1445: The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. (bnc#858870) CVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. (bnc#858872) Also the following non-security bugs have been fixed : - x86: Clear HPET configuration registers on startup (bnc#748896). - sched: fix divide by zero in task_utime() (bnc#761774). - sched: Fix pick_next_highest_task_rt() for cgroups (bnc#760596). - mm: hugetlbfs: Close race during teardown of hugetlbfs shared page tables. - mm: hugetlbfs: Correctly detect if page tables have just been shared. (Fix bad PMD message displayed while using hugetlbfs (bnc#762366)). - cpumask: Partition_sched_domains takes array of cpumask_var_t (bnc#812364). - cpumask: Simplify sched_rt.c (bnc#812364). - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). - memcg: fix init_section_page_cgroup pfn alignment (bnc#835481). - tty: fix up atime/mtime mess, take three (bnc#797175). - tty: fix atime/mtime regression (bnc#815745). - ptrace: ptrace_resume() should not wake up !TASK_TRACED thread (bnc#804154). - kbuild: Fix gcc -x syntax (bnc#773831). - ftrace: Disable function tracing during suspend/resume and hibernation, again (bnc#768668). proc: fix pagemap_read() error case (bnc#787573). net: Upgrade device features irrespective of mask (bnc#715250). - tcp: bind() fix autoselection to share ports (bnc#823618). - tcp: bind() use stronger condition for bind_conflict (bnc#823618). - tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). - netfilter: use RCU safe kfree for conntrack extensions (bnc#827416). - netfilter: prevent race condition breaking net reference counting (bnc#835094). - netfilter: send ICMPv6 message on fragment reassembly timeout (bnc#773577). - netfilter: fix sending ICMPv6 on netfilter reassembly timeout (bnc#773577). - tcp_cubic: limit delayed_ack ratio to prevent divide error (bnc#810045). bonding: in balance-rr mode, set curr_active_slave only if it is up (bnc#789648). scsi: Add
    last seen2020-06-05
    modified2015-05-20
    plugin id83611
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83611
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2014:0287-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-1971.NASL
    descriptionFrom Red Hat Security Advisory 2014:1971 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id79845
    published2014-12-10
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79845
    titleOracle Linux 7 : kernel (ELSA-2014-1971)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-140709.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed : - The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interfaces own IP address, as demonstrated by rds-ping. (bnc#767610). (CVE-2012-2372) - The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. (bnc#847652). (CVE-2013-2929) - Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device. (bnc#846404). (CVE-2013-4299) - The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. (bnc#851426). (CVE-2013-4579) - Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. (bnc#852553). (CVE-2013-6382) - The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. (bnc#869563). (CVE-2013-7339) - The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors. (bnc#870173). (CVE-2014-0055) - drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. (bnc#870576). (CVE-2014-0077) - The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. (bnc#866102). (CVE-2014-0101) - Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. (bnc#867723). (CVE-2014-0131) - The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced. (bnc#872540). (CVE-2014-0155) - The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869). (CVE-2014-1444) - The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. (bnc#858870). (CVE-2014-1445) - The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. (bnc#858872). (CVE-2014-1446) - The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context. (bnc#863335). (CVE-2014-1874) - The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. (bnc#867531). (CVE-2014-2309) - net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. (bnc#868653). (CVE-2014-2523) - The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. (bnc#871561). (CVE-2014-2678) - Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. (bnc#873374). (CVE-2014-2851) - The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings. (bnc#876102). (CVE-2014-3122) - The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced. (bnc#877257). (CVE-2014-3144) - The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. (bnc#877257). (CVE-2014-3145) - kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. (bnc#880484). (CVE-2014-3917) - arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number. (CVE-2014-4508) -. (bnc#883724) - Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795). (CVE-2014-4652) - sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795). (CVE-2014-4653) - The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call. (bnc#883795). (CVE-2014-4654) - The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. (bnc#883795). (CVE-2014-4655) - Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function. (bnc#883795). (CVE-2014-4656) - The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls. (bnc#885725). (CVE-2014-4699) Also the following non-security bugs have been fixed : - kernel: avoid page table walk on user space access (bnc#878407, LTC#110316). - spinlock: fix system hang with spin_retry <= 0 (bnc#874145, LTC#110189). - x86/UV: Set n_lshift based on GAM_GR_CONFIG MMR for UV3. (bnc#876176) - x86: Enable multiple CPUs in crash kernel. (bnc#846690) - x86/mce: Fix CMCI preemption bugs. (bnc#786450) - x86, CMCI: Add proper detection of end of CMCI storms. (bnc#786450) - futex: revert back to the explicit waiter counting code. (bnc#851603) - futex: avoid race between requeue and wake. (bnc#851603) - intel-iommu: fix off-by-one in pagetable freeing. (bnc#874577) - ia64: Change default PSR.ac from
    last seen2020-06-05
    modified2014-07-17
    plugin id76557
    published2014-07-17
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/76557
    titleSuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9488 / 9491 / 9493)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0159.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id72454
    published2014-02-12
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72454
    titleRHEL 6 : kernel (RHSA-2014:0159)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-3009.NASL
    descriptionDescription of changes: [2.6.39-400.214.3.el6uek] - inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions (Hannes Frederic Sowa) [18247289] {CVE-2013-7263} {CVE-2013-7265} [2.6.39-400.214.2.el6uek] - inet: prevent leakage of uninitialized memory to user in recv syscalls (Hannes Frederic Sowa) [18238382] {CVE-2013-7263} {CVE-2013-7265} - exec/ptrace: fix get_dumpable() incorrect tests (Kees Cook) [18238353] {CVE-2013-2929}
    last seen2020-06-01
    modified2020-06-02
    plugin id72533
    published2014-02-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72533
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3009)

Redhat

advisories
  • rhsa
    idRHSA-2014:0100
  • rhsa
    idRHSA-2014:0159
  • rhsa
    idRHSA-2014:0285
  • rhsa
    idRHSA-2018:1252
rpms
  • kernel-rt-0:3.8.13-rt27.33.el6rt
  • kernel-rt-debug-0:3.8.13-rt27.33.el6rt
  • kernel-rt-debug-debuginfo-0:3.8.13-rt27.33.el6rt
  • kernel-rt-debug-devel-0:3.8.13-rt27.33.el6rt
  • kernel-rt-debuginfo-0:3.8.13-rt27.33.el6rt
  • kernel-rt-debuginfo-common-x86_64-0:3.8.13-rt27.33.el6rt
  • kernel-rt-devel-0:3.8.13-rt27.33.el6rt
  • kernel-rt-doc-0:3.8.13-rt27.33.el6rt
  • kernel-rt-firmware-0:3.8.13-rt27.33.el6rt
  • kernel-rt-trace-0:3.8.13-rt27.33.el6rt
  • kernel-rt-trace-debuginfo-0:3.8.13-rt27.33.el6rt
  • kernel-rt-trace-devel-0:3.8.13-rt27.33.el6rt
  • kernel-rt-vanilla-0:3.8.13-rt27.33.el6rt
  • kernel-rt-vanilla-debuginfo-0:3.8.13-rt27.33.el6rt
  • kernel-rt-vanilla-devel-0:3.8.13-rt27.33.el6rt
  • kernel-0:2.6.32-431.5.1.el6
  • kernel-abi-whitelists-0:2.6.32-431.5.1.el6
  • kernel-bootwrapper-0:2.6.32-431.5.1.el6
  • kernel-debug-0:2.6.32-431.5.1.el6
  • kernel-debug-debuginfo-0:2.6.32-431.5.1.el6
  • kernel-debug-devel-0:2.6.32-431.5.1.el6
  • kernel-debuginfo-0:2.6.32-431.5.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-431.5.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-431.5.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-431.5.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-431.5.1.el6
  • kernel-devel-0:2.6.32-431.5.1.el6
  • kernel-doc-0:2.6.32-431.5.1.el6
  • kernel-firmware-0:2.6.32-431.5.1.el6
  • kernel-headers-0:2.6.32-431.5.1.el6
  • kernel-kdump-0:2.6.32-431.5.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-431.5.1.el6
  • kernel-kdump-devel-0:2.6.32-431.5.1.el6
  • perf-0:2.6.32-431.5.1.el6
  • perf-debuginfo-0:2.6.32-431.5.1.el6
  • python-perf-0:2.6.32-431.5.1.el6
  • python-perf-debuginfo-0:2.6.32-431.5.1.el6
  • kernel-0:2.6.18-371.6.1.el5
  • kernel-PAE-0:2.6.18-371.6.1.el5
  • kernel-PAE-debuginfo-0:2.6.18-371.6.1.el5
  • kernel-PAE-devel-0:2.6.18-371.6.1.el5
  • kernel-debug-0:2.6.18-371.6.1.el5
  • kernel-debug-debuginfo-0:2.6.18-371.6.1.el5
  • kernel-debug-devel-0:2.6.18-371.6.1.el5
  • kernel-debuginfo-0:2.6.18-371.6.1.el5
  • kernel-debuginfo-common-0:2.6.18-371.6.1.el5
  • kernel-devel-0:2.6.18-371.6.1.el5
  • kernel-doc-0:2.6.18-371.6.1.el5
  • kernel-headers-0:2.6.18-371.6.1.el5
  • kernel-kdump-0:2.6.18-371.6.1.el5
  • kernel-kdump-debuginfo-0:2.6.18-371.6.1.el5
  • kernel-kdump-devel-0:2.6.18-371.6.1.el5
  • kernel-xen-0:2.6.18-371.6.1.el5
  • kernel-xen-debuginfo-0:2.6.18-371.6.1.el5
  • kernel-xen-devel-0:2.6.18-371.6.1.el5
  • kernel-0:3.10.0-123.13.1.el7
  • kernel-abi-whitelists-0:3.10.0-123.13.1.el7
  • kernel-bootwrapper-0:3.10.0-123.13.1.el7
  • kernel-debug-0:3.10.0-123.13.1.el7
  • kernel-debug-debuginfo-0:3.10.0-123.13.1.el7
  • kernel-debug-devel-0:3.10.0-123.13.1.el7
  • kernel-debuginfo-0:3.10.0-123.13.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-123.13.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-123.13.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-123.13.1.el7
  • kernel-devel-0:3.10.0-123.13.1.el7
  • kernel-doc-0:3.10.0-123.13.1.el7
  • kernel-headers-0:3.10.0-123.13.1.el7
  • kernel-kdump-0:3.10.0-123.13.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-123.13.1.el7
  • kernel-kdump-devel-0:3.10.0-123.13.1.el7
  • kernel-tools-0:3.10.0-123.13.1.el7
  • kernel-tools-debuginfo-0:3.10.0-123.13.1.el7
  • kernel-tools-libs-0:3.10.0-123.13.1.el7
  • kernel-tools-libs-devel-0:3.10.0-123.13.1.el7
  • perf-0:3.10.0-123.13.1.el7
  • perf-debuginfo-0:3.10.0-123.13.1.el7
  • python-perf-0:3.10.0-123.13.1.el7
  • python-perf-debuginfo-0:3.10.0-123.13.1.el7
  • kernel-0:2.6.18-348.39.1.el5
  • kernel-PAE-0:2.6.18-348.39.1.el5
  • kernel-PAE-debuginfo-0:2.6.18-348.39.1.el5
  • kernel-PAE-devel-0:2.6.18-348.39.1.el5
  • kernel-debug-0:2.6.18-348.39.1.el5
  • kernel-debug-debuginfo-0:2.6.18-348.39.1.el5
  • kernel-debug-devel-0:2.6.18-348.39.1.el5
  • kernel-debuginfo-0:2.6.18-348.39.1.el5
  • kernel-debuginfo-common-0:2.6.18-348.39.1.el5
  • kernel-devel-0:2.6.18-348.39.1.el5
  • kernel-doc-0:2.6.18-348.39.1.el5
  • kernel-headers-0:2.6.18-348.39.1.el5
  • kernel-xen-0:2.6.18-348.39.1.el5
  • kernel-xen-debuginfo-0:2.6.18-348.39.1.el5
  • kernel-xen-devel-0:2.6.18-348.39.1.el5