Vulnerabilities > CVE-2013-3076 - Information Exposure vulnerability in Linux Kernel

047910
CVSS 4.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
NONE
Availability impact
NONE
local
low complexity
linux
CWE-200
nessus

Summary

The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1197.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A security flaw was found in the Linux kernel in drivers/tty/n_tty.c which allows local attackers (ones who are able to access pseudo terminals) to lock them up and block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ handler.i1/4^CVE-2018-18386i1/4%0 - The Linux kernel was found vulnerable to an integer overflow in the drivers/video/fbdev/uvesafb.c:uvesafb_setcmap() function. The vulnerability could result in local attackers being able to crash the kernel or potentially elevate privileges.i1/4^CVE-2018-13406i1/4%0 - The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.i1/4^CVE-2013-3237i1/4%0 - The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.i1/4^CVE-2013-3231i1/4%0 - The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.i1/4^CVE-2013-3076i1/4%0 - Integer overflow in the snd_compr_allocate_buffer function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.i1/4^CVE-2012-6703i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-04-09
    plugin id123883
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123883
    titleEulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1197)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123883);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");
    
      script_cve_id(
        "CVE-2012-6703",
        "CVE-2013-3076",
        "CVE-2013-3231",
        "CVE-2013-3237",
        "CVE-2018-13406",
        "CVE-2018-18386"
      );
      script_bugtraq_id(
        59390,
        59392,
        59398
      );
    
      script_name(english:"EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1197)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization installation on the remote host is affected by
    the following vulnerabilities :
    
      - A security flaw was found in the Linux kernel in
        drivers/tty/n_tty.c which allows local attackers (ones
        who are able to access pseudo terminals) to lock them
        up and block further usage of any pseudo terminal
        devices due to an EXTPROC versus ICANON confusion in
        TIOCINQ handler.i1/4^CVE-2018-18386i1/4%0
    
      - The Linux kernel was found vulnerable to an integer
        overflow in the
        drivers/video/fbdev/uvesafb.c:uvesafb_setcmap()
        function. The vulnerability could result in local
        attackers being able to crash the kernel or potentially
        elevate privileges.i1/4^CVE-2018-13406i1/4%0
    
      - The vsock_stream_sendmsg function in
        net/vmw_vsock/af_vsock.c in the Linux kernel before
        3.9-rc7 does not initialize a certain length variable,
        which allows local users to obtain sensitive
        information from kernel stack memory via a crafted
        recvmsg or recvfrom system call.i1/4^CVE-2013-3237i1/4%0
    
      - The llc_ui_recvmsg function in net/llc/af_llc.c in the
        Linux kernel before 3.9-rc7 does not initialize a
        certain length variable, which allows local users to
        obtain sensitive information from kernel stack memory
        via a crafted recvmsg or recvfrom system
        call.i1/4^CVE-2013-3231i1/4%0
    
      - The crypto API in the Linux kernel through 3.9-rc8 does
        not initialize certain length variables, which allows
        local users to obtain sensitive information from kernel
        stack memory via a crafted recvmsg or recvfrom system
        call, related to the hash_recvmsg function in
        crypto/algif_hash.c and the skcipher_recvmsg function
        in crypto/algif_skcipher.c.i1/4^CVE-2013-3076i1/4%0
    
      - Integer overflow in the snd_compr_allocate_buffer
        function in sound/core/compress_offload.c in the ALSA
        subsystem in the Linux kernel before
        3.6-rc6-next-20120917 allows local users to cause a
        denial of service (insufficient memory allocation) or
        possibly have unspecified other impact via a crafted
        SNDRV_COMPRESS_SET_PARAMS ioctl
        call.i1/4^CVE-2012-6703i1/4%0
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1197
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4c458cdd");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/04/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/09");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.3");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "2.5.3") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.3");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-3.10.0-514.44.5.10_117",
            "kernel-devel-3.10.0-514.44.5.10_117",
            "kernel-headers-3.10.0-514.44.5.10_117",
            "kernel-tools-3.10.0-514.44.5.10_117",
            "kernel-tools-libs-3.10.0-514.44.5.10_117",
            "kernel-tools-libs-devel-3.10.0-514.44.5.10_117"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-130604.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 2 kernel has been updated to Linux kernel 3.0.80 which fixes various bugs and security issues. The following security issues have been fixed : - Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed again by updating accessed/modified time on the pty devices in resolution of 8 seconds, so that idle time detection can still work. (CVE-2013-0160) - The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3222) - The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3223) - The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3224) - The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3225) - The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3227) - The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3228) - The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3229) - The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3231) - The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3232) - The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3234) - net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3235) - The crypto API in the Linux kernel did not initialize certain length variables, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. (CVE-2013-3076) - The scm_set_cred function in include/net/scm.h in the Linux kernel used incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application. (CVE-2013-1979) - A kernel information leak via tkill/tgkill was fixed. The following bugs have been fixed : - reiserfs: fix spurious multiple-fill in reiserfs_readdir_dentry. (bnc#822722) - libfc: do not exch_done() on invalid sequence ptr. (bnc#810722) - netfilter: ip6t_LOG: fix logging of packet mark. (bnc#821930) - hyperv: use 3.4 as LIC version string. (bnc#822431) - virtio_net: introduce VIRTIO_NET_HDR_F_DATA_VALID. (bnc#819655) - xen/netback: do not disconnect frontend when seeing oversize packet. - xen/netfront: reduce gso_max_size to account for max TCP header. - xen/netfront: fix kABI after
    last seen2020-06-05
    modified2013-06-18
    plugin id66912
    published2013-06-18
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66912
    titleSuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 7811 / 7813 / 7814)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1204.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A security flaw was found in the Linux kernel in drivers/tty/n_tty.c which allows local attackers (ones who are able to access pseudo terminals) to lock them up and block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ handler.i1/4^CVE-2018-18386i1/4%0 - The Linux kernel was found vulnerable to an integer overflow in the drivers/video/fbdev/uvesafb.c:uvesafb_setcmap() function. The vulnerability could result in local attackers being able to crash the kernel or potentially elevate privileges.i1/4^CVE-2018-13406i1/4%0 - The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.i1/4^CVE-2013-3237i1/4%0 - The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.i1/4^CVE-2013-3231i1/4%0 - The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.i1/4^CVE-2013-3076i1/4%0 - Integer overflow in the snd_compr_allocate_buffer function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.i1/4^CVE-2012-6703i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-04-09
    plugin id123890
    published2019-04-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123890
    titleEulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1204)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1028.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel
    last seen2020-05-06
    modified2019-02-15
    plugin id122201
    published2019-02-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122201
    titleEulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1028)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-6999.NASL
    descriptionUpdate to latest upstream stable release, Linux v3.8.11. A variety of fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-05-04
    plugin id66310
    published2013-05-04
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66310
    titleFedora 17 : kernel-3.8.11-100.fc17 (2013-6999)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-6537.NASL
    descriptionFixes a large number of network related information leak CVEs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-04-29
    plugin id66248
    published2013-04-29
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66248
    titleFedora 18 : kernel-3.8.8-203.fc18 (2013-6537)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2669.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-0160 vladz reported a timing leak with the /dev/ptmx character device. A local user could use this to determine sensitive information such as password length. - CVE-2013-1796 Andrew Honig of Google reported an issue in the KVM subsystem. A user in a guest operating system could corrupt kernel memory, resulting in a denial of service. - CVE-2013-1929 Oded Horovitz and Brad Spengler reported an issue in the device driver for Broadcom Tigon3 based gigabit Ethernet. Users with the ability to attach untrusted devices can create an overflow condition, resulting in a denial of service or elevated privileges. - CVE-2013-1979 Andy Lutomirski reported an issue in the socket level control message processing subsystem. Local users may be able to gain eleveated privileges. - CVE-2013-2015 Theodore Ts
    last seen2020-03-17
    modified2013-05-17
    plugin id66486
    published2013-05-17
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66486
    titleDebian DSA-2669-1 : linux - privilege escalation/denial of service/information leak
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-130702.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to 3.0.82 and to fix various bugs and security issues. The following security issues have been fixed : - The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. (CVE-2013-1774) - Timing side channel on attacks were possible on /dev/ptmx that could allow local attackers to predict keypresses like e.g. passwords. This has been fixed again by updating accessed/modified time on the pty devices in resolution of 8 seconds, so that idle time detection can still work. (CVE-2013-0160) - The vcc_recvmsg function in net/atm/common.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3222) - The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3223) - The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel did not properly initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3224) - The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3225) - The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3227) - The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3228) - The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3229) - The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel did not initialize a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3231) - The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3232) - The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3234) - net/tipc/socket.c in the Linux kernel did not initialize a certain data structure and a certain length variable, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (CVE-2013-3235) - The crypto API in the Linux kernel did not initialize certain length variables, which allowed local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c. (CVE-2013-3076) - The scm_set_cred function in include/net/scm.h in the Linux kernel used incorrect uid and gid values during credentials passing, which allowed local users to gain privileges via a crafted application. (CVE-2013-1979) - A kernel information leak via tkill/tgkill was fixed. The following non-security bugs have been fixed : S/390 : - af_iucv: Missing man page (bnc#825037, LTC#94825). - iucv: fix kernel panic at reboot (bnc#825037, LTC#93803). - kernel: lost IPIs on CPU hotplug (bnc#825037, LTC#94784). - dasd: Add missing descriptions for dasd timeout messages (bnc#825037, LTC#94762). - dasd: Fix hanging device after resume with internal error 13 (bnc#825037, LTC#94554). - cio: Suppress 2nd path verification during resume (bnc#825037, LTC#94554). - vmcp: Missing man page (bnc#825037, LTC#94453). - kernel: 3215 console crash (bnc#825037, LTC#94302). - netiucv: Hold rtnl between name allocation and device registration. (bnc#824159) - s390/ftrace: fix mcount adjustment (bnc#809895). HyperV : - Drivers: hv: Fix a bug in get_vp_index(). - hyperv: Fix a compiler warning in netvsc_send(). - Tools: hv: Fix a checkpatch warning. - tools: hv: skip iso9660 mounts in hv_vss_daemon. - tools: hv: use FIFREEZE/FITHAW in hv_vss_daemon. - tools: hv: use getmntent in hv_vss_daemon. - Tools: hv: Fix a checkpatch warning. - tools: hv: fix checks for origin of netlink message in hv_vss_daemon. - Tools: hv: fix warnings in hv_vss_daemon. - x86, hyperv: Handle Xen emulation of Hyper-V more gracefully. - hyperv: Fix a kernel warning from netvsc_linkstatus_callback(). - Drivers: hv: balloon: make local functions static. - tools: hv: daemon should check type of received Netlink msg. - tools: hv: daemon setsockopt should use options macros. - tools: hv: daemon should subscribe only to CN_KVP_IDX group. - driver: hv: remove cast for kmalloc return value. - hyperv: use 3.4 as LIC version string (bnc#822431). BTRFS : - btrfs: flush delayed inodes if we are short on space. (bnc#801427) - btrfs: rework shrink_delalloc. (bnc#801427) - btrfs: fix our overcommit math. (bnc#801427) - btrfs: delay block group item insertion. (bnc#801427) - btrfs: remove bytes argument from do_chunk_alloc. (bnc#801427) - btrfs: run delayed refs first when out of space. (bnc#801427) - btrfs: do not commit instead of overcommitting. (bnc#801427) - btrfs: do not take inode delalloc mutex if we are a free space inode. (bnc#801427) - btrfs: fix chunk allocation error handling. (bnc#801427) - btrfs: remove extent mapping if we fail to add chunk. (bnc#801427) - btrfs: do not overcommit if we do not have enough space for global rsv. (bnc#801427) - btrfs: rework the overcommit logic to be based on the total size. (bnc#801427) - btrfs: steal from global reserve if we are cleaning up orphans. (bnc#801427) - btrfs: clear chunk_alloc flag on retryable failure. (bnc#801427) - btrfs: use reserved space for creating a snapshot. (bnc#801427) - btrfs: cleanup to make the function btrfs_delalloc_reserve_metadata more logic. (bnc#801427) - btrfs: fix space leak when we fail to reserve metadata space. (bnc#801427) - btrfs: fix space accounting for unlink and rename. (bnc#801427) - btrfs: allocate new chunks if the space is not enough for global rsv. (bnc#801427) - btrfs: various abort cleanups. (bnc#812526 / bnc#801427) - btrfs: simplify unlink reservations (bnc#801427). XFS : - xfs: Move allocation stack switch up to xfs_bmapi. (bnc#815356) - xfs: introduce XFS_BMAPI_STACK_SWITCH. (bnc#815356) - xfs: zero allocation_args on the kernel stack. (bnc#815356) - xfs: fix debug_object WARN at xfs_alloc_vextent(). (bnc#815356) - xfs: do not defer metadata allocation to the workqueue. (bnc#815356) - xfs: introduce an allocation workqueue. (bnc#815356) - xfs: fix race while discarding buffers [V4] (bnc#815356 (comment 36)). - xfs: Serialize file-extending direct IO. (bnc#818371) - xfs: Do not allocate new buffers on every call to _xfs_buf_find. (bnc#763968) - xfs: fix buffer lookup race on allocation failure (bnc#763968). ALSA : - Fix VT1708 jack detection on SLEPOS machines. (bnc#813922) - ALSA: hda - Avoid choose same converter for unused pins. (bnc#826186) - ALSA: hda - Cache the MUX selection for generic HDMI. (bnc#826186) - ALSA: hda - Haswell converter power state D0 verify. (bnc#826186) - ALSA: hda - Do not take unresponsive D3 transition too serious. (bnc#823597) - ALSA: hda - Introduce bit flags to snd_hda_codec_read/write(). (bnc#823597) - ALSA: hda - Check CORB overflow. (bnc#823597) - ALSA: hda - Check validity of CORB/RIRB WP reads. (bnc#823597) - ALSA: hda - Fix system panic when DMA > 40 bits for Nvidia audio controllers. (bnc#818465) - ALSA: hda - Add hint for suppressing lower cap for IDT codecs. (bnc#812332) - ALSA: hda - Enable mic-mute LED on more HP laptops (bnc#821859). Direct Rendering Manager (DRM) : - drm/i915: Add wait_for in init_ring_common. (bnc#813604) - drm/i915: Mark the ringbuffers as being in the GTT domain. (bnc#813604) - drm/edid: Do not print messages regarding stereo or csync by default. (bnc#821235) - drm/i915: force full modeset if the connector is in DPMS OFF mode. (bnc#809975) - drm/i915/sdvo: Use &amp;intel_sdvo->ddc instead of intel_sdvo->i2c for DDC. (bnc#808855) - drm/mm: fix dump table BUG. (bnc#808837) - drm/i915: Clear the stolen fb before enabling (bnc#808015). XEN : - xen/netback: Update references. (bnc#823342) - xen: Check for insane amounts of requests on the ring. - Update Xen patches to 3.0.82. - netback: do not disconnect frontend when seeing oversize packet. - netfront: reduce gso_max_size to account for max TCP header. - netfront: fix kABI after
    last seen2020-06-05
    modified2013-07-18
    plugin id68954
    published2013-07-18
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/68954
    titleSuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 7991 / 7992 / 7994)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0829.NASL
    descriptionUpdated kernel-rt packages that fix several security issues and multiple bugs are now available for Red Hat Enterprise MRG 2.3. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Security fixes : * It was found that the kernel-rt update RHBA-2012:0044 introduced an integer conversion issue in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76660
    published2014-07-22
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76660
    titleRHEL 6 : MRG (RHSA-2013:0829)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1878-1.NASL
    descriptionAn information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. (CVE-2013-0160) A flaw was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id66902
    published2013-06-16
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66902
    titleUbuntu 12.04 LTS : linux vulnerabilities (USN-1878-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1880-1.NASL
    descriptionAn information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. (CVE-2013-0160) An information leak was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id66903
    published2013-06-16
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66903
    titleUbuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-1880-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1837-1.NASL
    descriptionAn information leak was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id66590
    published2013-05-25
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66590
    titleUbuntu 13.04 : linux vulnerabilities (USN-1837-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1881-1.NASL
    descriptionAn information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. (CVE-2013-0160) An information leak was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id66904
    published2013-06-16
    reporterUbuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66904
    titleUbuntu 12.10 : linux vulnerabilities (USN-1881-1)

Redhat

rpms
  • kernel-rt-0:3.6.11.2-rt33.39.el6rt
  • kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt
  • kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt
  • kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt
  • kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt
  • kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt
  • kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt
  • kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt
  • kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt
  • kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt
  • kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt
  • kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt
  • kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt
  • kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt
  • kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt
  • mrg-rt-release-0:3.6.11.2-rt33.39.el6rt