Vulnerabilities > CVE-2013-4587 - Improper Input Validation vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.

Vulnerable Configurations

Part Description Count
OS
Linux
1725
OS
Opensuse
3

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-113.NASL
    descriptionThe Linux kernel was updated to fix various bugs and security issues : - mm/page-writeback.c: do not count anon pages as dirtyable memory (reclaim stalls). - mm/page-writeback.c: fix dirty_balance_reserve subtraction from dirtyable memory (reclaim stalls). - compat_sys_recvmmsg X32 fix (bnc#860993 CVE-2014-0038). - hwmon: (coretemp) Fix truncated name of alarm attributes - net: fib: fib6_add: fix potential NULL pointer dereference (bnc#854173 CVE-2013-6431). - keys: fix race with concurrent install_user_keyrings() (bnc#808358)(CVE-2013-1792). - KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368) (bnc#853052 CVE-2013-6368). - wireless: radiotap: fix parsing buffer overrun (bnc#854634 CVE-2013-7027). - KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376) (bnc#853053 CVE-2013-6376). - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (bnc#853051 CVE-2013-6367). - KVM: Improve create VCPU parameter (CVE-2013-4587) (bnc#853050 CVE-2013-4587). - staging: ozwpan: prevent overflow in oz_cdev_write() (bnc#849023 CVE-2013-4513). - perf/x86: Fix offcore_rsp valid mask for SNB/IVB (bnc#825006). - perf/x86: Add Intel IvyBridge event scheduling constraints (bnc#825006). - libertas: potential oops in debugfs (bnc#852559 CVE-2013-6378). - aacraid: prevent invalid pointer dereference (bnc#852373 CVE-2013-6380). - staging: wlags49_h2: buffer overflow setting station name (bnc#849029 CVE-2013-4514). - net: flow_dissector: fail on evil iph->ihl (bnc#848079 CVE-2013-4348). - Staging: bcm: info leak in ioctl (bnc#849034 CVE-2013-4515). - Refresh patches.fixes/net-rework-recvmsg-handler-msg_name-and-ms g_namelen-logic.patch. - ipv6: remove max_addresses check from ipv6_create_tempaddr (bnc#805226, CVE-2013-0343). - net: rework recvmsg handler msg_name and msg_namelen logic (bnc#854722). - crypto: ansi_cprng - Fix off by one error in non-block size request (bnc#840226). - x6: Fix reserve_initrd so that acpi_initrd_override is reached (bnc#831836). - Refresh other Xen patches. - aacraid: missing capable() check in compat ioctl (bnc#852558). - patches.fixes/gpio-ich-fix-ichx_gpio_check_available-ret urn.patch: Update upstream reference - perf/ftrace: Fix paranoid level for enabling function tracer (bnc#849362). - xhci: fix NULL pointer dereference on ring_doorbell_for_active_rings (bnc#848255). - xhci: Fix oops happening after address device timeout (bnc#848255). - xhci: Ensure a command structure points to the correct trb on the command ring (bnc#848255). - patches.arch/iommu-vt-d-remove-stack-trace-from-broken-i rq-remapping-warning.patch: Update upstream reference. - Allow NFSv4 username mapping to work properly (bnc#838024). - Refresh btrfs attribute publishing patchset to match openSUSE-13.1 No user-visible changes, but uses kobj_sysfs_ops and better kobject lifetime management. - Fix a few incorrectly checked [io_]remap_pfn_range() calls (bnc#849021, CVE-2013-4511). - drm/radeon: don
    last seen2020-06-05
    modified2014-06-13
    plugin id75251
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75251
    titleopenSUSE Security Update : kernel (openSUSE-SU-2014:0204-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2014-113.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(75251);
      script_version("1.10");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-0343", "CVE-2013-1792", "CVE-2013-4348", "CVE-2013-4511", "CVE-2013-4513", "CVE-2013-4514", "CVE-2013-4515", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6378", "CVE-2013-6380", "CVE-2013-6431", "CVE-2013-7027", "CVE-2014-0038");
    
      script_name(english:"openSUSE Security Update : kernel (openSUSE-SU-2014:0204-1)");
      script_summary(english:"Check for the openSUSE-2014-113 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Linux kernel was updated to fix various bugs and security issues :
    
      - mm/page-writeback.c: do not count anon pages as
        dirtyable memory (reclaim stalls).
    
      - mm/page-writeback.c: fix dirty_balance_reserve
        subtraction from dirtyable memory (reclaim stalls).
    
      - compat_sys_recvmmsg X32 fix (bnc#860993 CVE-2014-0038).
    
      - hwmon: (coretemp) Fix truncated name of alarm attributes
    
      - net: fib: fib6_add: fix potential NULL pointer
        dereference (bnc#854173 CVE-2013-6431).
    
      - keys: fix race with concurrent install_user_keyrings()
        (bnc#808358)(CVE-2013-1792).
    
      - KVM: x86: Convert vapic synchronization to _cached
        functions (CVE-2013-6368) (bnc#853052 CVE-2013-6368).
    
      - wireless: radiotap: fix parsing buffer overrun
        (bnc#854634 CVE-2013-7027).
    
      - KVM: x86: fix guest-initiated crash with x2apic
        (CVE-2013-6376) (bnc#853053 CVE-2013-6376).
    
      - KVM: x86: Fix potential divide by 0 in lapic
        (CVE-2013-6367) (bnc#853051 CVE-2013-6367).
    
      - KVM: Improve create VCPU parameter (CVE-2013-4587)
        (bnc#853050 CVE-2013-4587).
    
      - staging: ozwpan: prevent overflow in oz_cdev_write()
        (bnc#849023 CVE-2013-4513).
    
      - perf/x86: Fix offcore_rsp valid mask for SNB/IVB
        (bnc#825006).
    
      - perf/x86: Add Intel IvyBridge event scheduling
        constraints (bnc#825006).
    
      - libertas: potential oops in debugfs (bnc#852559
        CVE-2013-6378).
    
      - aacraid: prevent invalid pointer dereference (bnc#852373
        CVE-2013-6380).
    
      - staging: wlags49_h2: buffer overflow setting station
        name (bnc#849029 CVE-2013-4514).
    
      - net: flow_dissector: fail on evil iph->ihl (bnc#848079
        CVE-2013-4348).
    
      - Staging: bcm: info leak in ioctl (bnc#849034
        CVE-2013-4515).
    
      - Refresh
        patches.fixes/net-rework-recvmsg-handler-msg_name-and-ms
        g_namelen-logic.patch.
    
      - ipv6: remove max_addresses check from
        ipv6_create_tempaddr (bnc#805226, CVE-2013-0343).
    
      - net: rework recvmsg handler msg_name and msg_namelen
        logic (bnc#854722).
    
      - crypto: ansi_cprng - Fix off by one error in non-block
        size request (bnc#840226).
    
      - x6: Fix reserve_initrd so that acpi_initrd_override is
        reached (bnc#831836).
    
      - Refresh other Xen patches.
    
      - aacraid: missing capable() check in compat ioctl
        (bnc#852558).
    
      -
        patches.fixes/gpio-ich-fix-ichx_gpio_check_available-ret
        urn.patch: Update upstream reference
    
      - perf/ftrace: Fix paranoid level for enabling function
        tracer (bnc#849362).
    
      - xhci: fix NULL pointer dereference on
        ring_doorbell_for_active_rings (bnc#848255).
    
      - xhci: Fix oops happening after address device timeout
        (bnc#848255).
    
      - xhci: Ensure a command structure points to the correct
        trb on the command ring (bnc#848255).
    
      -
        patches.arch/iommu-vt-d-remove-stack-trace-from-broken-i
        rq-remapping-warning.patch: Update upstream reference.
    
      - Allow NFSv4 username mapping to work properly
        (bnc#838024).
    
      - Refresh btrfs attribute publishing patchset to match
        openSUSE-13.1 No user-visible changes, but uses
        kobj_sysfs_ops and better kobject lifetime management.
    
      - Fix a few incorrectly checked [io_]remap_pfn_range()
        calls (bnc#849021, CVE-2013-4511).
    
      - drm/radeon: don't set hpd, afmt interrupts when
        interrupts are disabled.
    
      -
        patches.fixes/cifs-fill-TRANS2_QUERY_FILE_INFO-ByteCount
        -fields.patch: Fix TRANS2_QUERY_FILE_INFO ByteCount
        fields (bnc#804950).
    
      - iommu: Remove stack trace from broken irq remapping
        warning (bnc#844513).
    
      - Disable patches related to bnc#840656
        patches.suse/btrfs-cleanup-don-t-check-the-same-thing-tw
        ice
        patches.suse/btrfs-0220-fix-for-patch-cleanup-don-t-chec
        k-the-same-thi.patch
    
      - btrfs: use feature attribute names to print better error
        messages.
    
      - btrfs: add ability to change features via sysfs.
    
      - btrfs: add publishing of unknown features in sysfs.
    
      - btrfs: publish per-super features to sysfs.
    
      - btrfs: add per-super attributes to sysfs.
    
      - btrfs: export supported featured to sysfs.
    
      - kobject: introduce kobj_completion.
    
      - btrfs: add ioctls to query/change feature bits online.
    
      - btrfs: use btrfs_commit_transaction when setting
        fslabel.
    
      - x86/iommu/vt-d: Expand interrupt remapping quirk to
        cover x58 chipset (bnc#844513).
    
      - NFSv4: Fix issues in nfs4_discover_server_trunking
        (bnc#811746).
    
      - iommu/vt-d: add quirk for broken interrupt remapping on
        55XX chipsets (bnc#844513)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=804950"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=805226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=808358"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=811746"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=825006"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=831836"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=838024"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=840226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=840656"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=844513"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=848079"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=848255"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=849021"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=849023"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=849029"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=849034"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=849362"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=852373"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=852558"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=852559"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=853050"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=853051"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=853052"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=853053"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=854173"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=854634"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=854722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=860993"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2014-02/msg00021.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel recvmmsg Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/02/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-base-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-base-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-debugsource-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-devel-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-devel-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-devel-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-source-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-source-vanilla-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-syms-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-base-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-base-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-debugsource-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-devel-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-devel-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-base-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-base-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-debugsource-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-devel-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-devel-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-base-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-base-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-debugsource-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-devel-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-devel-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-base-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-base-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-debugsource-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-devel-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-devel-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-base-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-base-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-debugsource-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-devel-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-devel-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-debugsource-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-devel-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-devel-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-base-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-base-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-debugsource-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-devel-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-devel-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-base-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-base-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-debugsource-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-devel-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-devel-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-base-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-base-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-debugsource-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-devel-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-devel-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-base-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-base-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-debugsource-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-devel-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-devel-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-base-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-base-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-debugsource-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-devel-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-devel-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-base-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-base-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-debugsource-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-devel-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-devel-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-debugsource-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-devel-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-devel-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-base-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-debugsource-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-devel-3.7.10-1.28.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-devel-debuginfo-3.7.10-1.28.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2117-1.NASL
    descriptionSaran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2013-4563) Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported a flaw in the Linux Kernel
    last seen2020-03-18
    modified2014-02-19
    plugin id72578
    published2014-02-19
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72578
    titleUbuntu 13.10 : linux vulnerabilities (USN-2117-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2117-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72578);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-4563", "CVE-2013-4579", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6382", "CVE-2013-6432", "CVE-2013-7263", "CVE-2013-7264", "CVE-2013-7265", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271", "CVE-2013-7281", "CVE-2014-1438", "CVE-2014-1446");
      script_xref(name:"USN", value:"2117-1");
    
      script_name(english:"Ubuntu 13.10 : linux vulnerabilities (USN-2117-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI)
    in the Linux kernel. A remote attacker could exploit this flaw to
    cause a denial of service (panic). (CVE-2013-4563)
    
    Mathy Vanhoef discovered an error in the the way the ath9k driver was
    handling the BSSID masking. A remote attacker could exploit this error
    to discover the original MAC address after a spoofing atack.
    (CVE-2013-4579)
    
    Andrew Honig reported a flaw in the Linux Kernel's
    kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM)
    subsystem. A local user could exploit this flaw to gain privileges on
    the host machine. (CVE-2013-4587)
    
    Andrew Honig reported a flaw in the apic_get_tmcct function of the
    Kernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS
    user could exploit this flaw to cause a denial of service or host OS
    system crash. (CVE-2013-6367)
    
    Andrew Honig reported an error in the Linux Kernel's Kernel Virtual
    Machine (KVM) VAPIC synchronization operation. A local user could
    exploit this flaw to gain privileges or cause a denial of service
    (system crash). (CVE-2013-6368)
    
    Lars Bull discovered a flaw in the recalculate_apic_map function of
    the Kernel Virtual Machine (KVM) subsystem in the Linux kernel. A
    guest OS user could exploit this flaw to cause a denial of service
    (host OS crash). (CVE-2013-6376)
    
    Nico Golde and Fabian Yamaguchi reported buffer underflow errors in
    the implementation of the XFS filesystem in the Linux kernel. A local
    user with CAP_SYS_ADMIN could exploit these flaw to cause a denial of
    service (memory corruption) or possibly other unspecified issues.
    (CVE-2013-6382)
    
    A flaw was discovered in the ipv4 ping_recvmsg function of the Linux
    kernel. A local user could exploit this flaw to cause a denial of
    service (NULL pointer dereference and system crash). (CVE-2013-6432)
    
    mpd reported an information leak in the recvfrom, recvmmsg, and
    recvmsg system calls in the Linux kernel. An unprivileged local user
    could exploit this flaw to obtain sensitive information from kernel
    stack memory. (CVE-2013-7263)
    
    mpb reported an information leak in the Layer Two Tunneling Protocol
    (l2tp) of the Linux kernel. A local user could exploit this flaw to
    obtain sensitive information from kernel stack memory. (CVE-2013-7264)
    
    mpb reported an information leak in the Phone Network protocol
    (phonet) in the Linux kernel. A local user could exploit this flaw to
    obtain sensitive information from kernel stack memory. (CVE-2013-7265)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with ISDN sockets in the Linux kernel. A
    local user could exploit this leak to obtain potentially sensitive
    information from kernel memory. (CVE-2013-7266)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with apple talk sockets in the Linux
    kernel. A local user could exploit this leak to obtain potentially
    sensitive information from kernel memory. (CVE-2013-7267)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with ipx protocol sockets in the Linux
    kernel. A local user could exploit this leak to obtain potentially
    sensitive information from kernel memory. (CVE-2013-7268)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with the netrom address family in the
    Linux kernel. A local user could exploit this leak to obtain
    potentially sensitive information from kernel memory. (CVE-2013-7269)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with packet address family sockets in
    the Linux kernel. A local user could exploit this leak to obtain
    potentially sensitive information from kernel memory. (CVE-2013-7270)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with x25 protocol sockets in the Linux
    kernel. A local user could exploit this leak to obtain potentially
    sensitive information from kernel memory. (CVE-2013-7271)
    
    mpb reported an information leak in the Low-Rate Wireless Personal
    Area Networks support (IEEE 802.15.4) in the Linux kernel. A local
    user could exploit this flaw to obtain sensitive information from
    kernel stack memory. (CVE-2013-7281)
    
    halfdog reported an error in the AMD K7 and K8 platform support in the
    Linux kernel. An unprivileged local user could exploit this flaw on
    AMD based systems to cause a denial of service (task kill) or possibly
    gain privileges via a crafted application. (CVE-2014-1438)
    
    An information leak was discovered in the Linux kernel's hamradio YAM
    driver for AX.25 packet radio. A local user with the CAP_NET_ADMIN
    capability could exploit this flaw to obtain sensitive information
    from kernel memory. (CVE-2014-1446).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2117-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected linux-image-3.11-generic and / or
    linux-image-3.11-generic-lpae packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:13.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/02/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/19");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(13\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 13.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-4563", "CVE-2013-4579", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6382", "CVE-2013-6432", "CVE-2013-7263", "CVE-2013-7264", "CVE-2013-7265", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271", "CVE-2013-7281", "CVE-2014-1438", "CVE-2014-1446");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2117-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"13.10", pkgname:"linux-image-3.11.0-17-generic", pkgver:"3.11.0-17.31")) flag++;
    if (ubuntu_check(osver:"13.10", pkgname:"linux-image-3.11.0-17-generic-lpae", pkgver:"3.11.0-17.31")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.11-generic / linux-image-3.11-generic-lpae");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2014-0189-1.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) CVE-2013-4592: Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101) CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) CVE-2013-6376: The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (bnc#853053) CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) CVE-2013-4514: Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029) CVE-2013-4515: The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034) CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) CVE-2013-6380: The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373) CVE-2013-7027: The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634) CVE-2013-6463: Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722) CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) CVE-2013-2146: arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (bnc#825006) CVE-2013-2930: The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (bnc#849362) Also the following non-security bugs have been fixed : - kernel: correct tlb flush on page table upgrade (bnc#847660, LTC#99268). - kernel: fix floating-point-control register save and restore (bnc#847660, LTC#99000). kernel: correct handling of asce-type exceptions (bnc#851879, LTC#100293). watchdog: Get rid of MODULE_ALIAS_MISCDEV statements (bnc#827767). - random: fix accounting race condition with lockless irq entropy_count update (bnc#789359). - blktrace: Send BLK_TN_PROCESS events to all running traces (bnc#838623). - printk: forcibly flush nmi ringbuffer if oops is in progress (bnc#849675). - Introduce KABI exception for cpuidle_state->disable via #ifndef __GENKSYMS__ - Honor state disabling in the cpuidle ladder governor (bnc#845378). - cpuidle: add a sysfs entry to disable specific C state for debug purpose (bnc#845378). - net: Do not enable tx-nocache-copy by default (bnc#845378). - mm: reschedule to avoid RCU stall triggering during boot of large machines (bnc#820434,bnc#852153). rtc-cmos: Add an alarm disable quirk (bnc#805740). tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973, LTC#97595). tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973, LTC#97595). sched: Avoid throttle_cfs_rq() racing with period_timer stopping (bnc#848336). - sched/balancing: Periodically decay max cost of idle balance (bnc#849256). - sched: Consider max cost of idle balance per sched domain (bnc#849256). - sched: Reduce overestimating rq->avg_idle (bnc#849256). - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining (bnc#848336). - sched: Fix hrtimer_cancel()/rq->lock deadlock (bnc#848336). - sched: Fix race on toggling cfs_bandwidth_used (bnc#848336). - sched: Guarantee new group-entities always have weight (bnc#848336). - sched: Use jump labels to reduce overhead when bandwidth control is inactive (bnc#848336). sched: Fix several races in CFS_BANDWIDTH (bnc#848336). futex: fix handling of read-only-mapped hugepages (VM Functionality). - futex: move user address verification up to common code (bnc#851603). - futexes: Clean up various details (bnc#851603). - futexes: Increase hash table size for better performance (bnc#851603). - futexes: Document multiprocessor ordering guarantees (bnc#851603). - futexes: Avoid taking the hb->lock if there is nothing to wake up (bnc#851603). - futexes: Fix futex_hashsize initialization (bnc#851603). mutex: Make more scalable by doing fewer atomic operations (bnc#849256). powerpc: Fix memory hotplug with sparse vmemmap (bnc#827527). - powerpc: Add System RAM to /proc/iomem (bnc#827527). - powerpc/mm: Mark Memory Resources as busy (bnc#827527). - powerpc: Fix fatal SLB miss when restoring PPR (bnc#853465). - powerpc: Make function that parses RTAS error logs global (bnc#852761). - powerpc/pseries: Parse and handle EPOW interrupts (bnc#852761). - powerpc/rtas_flash: Fix validate_flash buffer overflow issue (bnc#847842). powerpc/rtas_flash: Fix bad memory access (bnc#847842). x86: Update UV3 hub revision ID (bnc#846298 fate#314987). - x86: Remove some noise from boot log when starting cpus (bnc#770541). - x86/microcode/amd: Tone down printk(), do not treat a missing firmware file as an error (bnc#843654). - x86/dumpstack: Fix printk_address for direct addresses (bnc#845621). x86/PCI: reduce severity of host bridge window conflict warnings (bnc#858534). ipv6: fix race condition regarding dst->expires and dst->from (bnc#843185). - netback: bump tx queue length (bnc#849404). - xfrm: invalidate dst on policy insertion/deletion (bnc#842239). xfrm: prevent ipcomp scratch buffer race condition (bnc#842239). tcp: bind() fix autoselection to share ports (bnc#823618). - tcp: bind() use stronger condition for bind_conflict (bnc#823618). - tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). macvlan: introduce IFF_MACVLAN flag and helper function (bnc#846984). - macvlan: introduce macvlan_dev_real_dev() helper function (bnc#846984). macvlan: disable LRO on lower device instead of macvlan (bnc#846984). fs: Avoid softlockup in shrink_dcache_for_umount_subtree (bnc#834473). - blkdev_max_block: make private to fs/buffer.c (bnc#820338). storage: SMI Corporation usb key added to READ_CAPACITY_10 quirk (bnc#850324). autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race (bnc#851314). - autofs4: catatonic_mode vs. notify_daemon race (bnc#851314). - autofs4: close the races around autofs4_notify_daemon() (bnc#851314). - autofs4: deal with autofs4_write/autofs4_write races (bnc#851314). - autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless mount (bnc#851314). - autofs4: fix deal with autofs4_write races (bnc#851314). autofs4: use simple_empty() for empty directory check (bnc#851314). dlm: set zero linger time on sctp socket (bnc#787843). - SUNRPC: Fix a data corruption issue when retransmitting RPC calls (no bugzilla yet - netapp confirms problem and fix). - nfs: Change NFSv4 to not recover locks after they are lost (bnc#828236). nfs: Adapt readdirplus to application usage patterns (bnc#834708). xfs: Account log unmount transaction correctly (bnc#849950). - xfs: improve ioend error handling (bnc#846036). - xfs: reduce ioend latency (bnc#846036). - xfs: use per-filesystem I/O completion workqueues (bnc#846036). xfs: Hide additional entries in struct xfs_mount (bnc#846036 bnc#848544). Btrfs: do not BUG_ON() if we get an error walking backrefs (FATE#312888). vfs: avoid
    last seen2020-06-05
    modified2015-05-20
    plugin id83609
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83609
    titleSUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2014:0189-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2014:0189-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83609);
      script_version("2.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-2146", "CVE-2013-2930", "CVE-2013-4345", "CVE-2013-4483", "CVE-2013-4511", "CVE-2013-4514", "CVE-2013-4515", "CVE-2013-4587", "CVE-2013-4592", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6378", "CVE-2013-6380", "CVE-2013-6383", "CVE-2013-6463", "CVE-2013-7027");
      script_bugtraq_id(60324, 62740, 63445, 63509, 63512, 63518, 63790, 63886, 63887, 63888, 64013, 64270, 64291, 64318, 64319, 64328, 64669, 64739, 64741, 64742, 64743, 64744, 64746);
    
      script_name(english:"SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2014:0189-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to
    3.0.101 and also includes various other bug and security fixes.
    
    A new feature was added :
    
      - supported.conf: marked net/netfilter/xt_set as supported
        (bnc#851066)(fate#313309)
    
    The following security bugs have been fixed :
    
    CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu
    function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux
    kernel through 3.12.5 allows local users to gain privileges via a
    large id value. (bnc#853050)
    
    CVE-2013-4592: Memory leak in the __kvm_set_memory_region
    function in virt/kvm/kvm_main.c in the Linux kernel before
    3.9 allows local users to cause a denial of service (memory
    consumption) by leveraging certain device access to trigger
    movement of memory slots. (bnc#851101)
    
    CVE-2013-6367: The apic_get_tmcct function in
    arch/x86/kvm/lapic.c in the KVM subsystem in the Linux
    kernel through 3.12.5 allows guest OS users to cause a
    denial of service (divide-by-zero error and host OS crash)
    via crafted modifications of the TMICT value. (bnc#853051)
    
    CVE-2013-6368: The KVM subsystem in the Linux kernel through
    3.12.5 allows local users to gain privileges or cause a
    denial of service (system crash) via a VAPIC synchronization
    operation involving a page-end address. (bnc#853052)
    
    CVE-2013-6376: The recalculate_apic_map function in
    arch/x86/kvm/lapic.c in the KVM subsystem in the Linux
    kernel through 3.12.5 allows guest OS users to cause a
    denial of service (host OS crash) via a crafted ICR write
    operation in x2apic mode. (bnc#853053)
    
    CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in
    the Linux kernel before 3.10 does not properly manage a
    reference count, which allows local users to cause a denial
    of service (memory consumption or system crash) via a
    crafted application. (bnc#848321)
    
    CVE-2013-4511: Multiple integer overflows in Alchemy LCD
    frame-buffer drivers in the Linux kernel before 3.12 allow
    local users to create a read-write memory mapping for the
    entirety of kernel memory, and consequently gain privileges,
    via crafted mmap operations, related to the (1)
    au1100fb_fb_mmap function in drivers/video/au1100fb.c and
    the (2) au1200fb_fb_mmap function in
    drivers/video/au1200fb.c. (bnc#849021)
    
    CVE-2013-4514: Multiple buffer overflows in
    drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel
    before 3.12 allow local users to cause a denial of service
    or possibly have unspecified other impact by leveraging the
    CAP_NET_ADMIN capability and providing a long station-name
    string, related to the (1) wvlan_uil_put_info and (2)
    wvlan_set_station_nickname functions. (bnc#849029)
    
    CVE-2013-4515: The bcm_char_ioctl function in
    drivers/staging/bcm/Bcmchar.c in the Linux kernel before
    3.12 does not initialize a certain data structure, which
    allows local users to obtain sensitive information from
    kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl
    call. (bnc#849034)
    
    CVE-2013-6378: The lbs_debugfs_write function in
    drivers/net/wireless/libertas/debugfs.c in the Linux kernel
    through 3.12.1 allows local users to cause a denial of
    service (OOPS) by leveraging root privileges for a
    zero-length write operation. (bnc#852559)
    
    CVE-2013-6380: The aac_send_raw_srb function in
    drivers/scsi/aacraid/commctrl.c in the Linux kernel through
    3.12.1 does not properly validate a certain size value,
    which allows local users to cause a denial of service
    (invalid pointer dereference) or possibly have unspecified
    other impact via an FSACTL_SEND_RAW_SRB ioctl call that
    triggers a crafted SRB command. (bnc#852373)
    
    CVE-2013-7027: The ieee80211_radiotap_iterator_init function
    in net/wireless/radiotap.c in the Linux kernel before 3.11.7
    does not check whether a frame contains any data outside of
    the header, which might allow attackers to cause a denial of
    service (buffer over-read) via a crafted header.
    (bnc#854634)
    
    CVE-2013-6463: Linux kernel built with the networking
    support(CONFIG_NET) is vulnerable to an information leakage
    flaw in the socket layer. It could occur while doing
    recvmsg(2), recvfrom(2) socket calls. It occurs due to
    improperly initialised msg_name & msg_namelen message header
    parameters. (bnc#854722)
    
    CVE-2013-6383: The aac_compat_ioctl function in
    drivers/scsi/aacraid/linit.c in the Linux kernel before
    3.11.8 does not require the CAP_SYS_RAWIO capability, which
    allows local users to bypass intended access restrictions
    via a crafted ioctl call. (bnc#852558)
    
    CVE-2013-4345: Off-by-one error in the get_prng_bytes
    function in crypto/ansi_cprng.c in the Linux kernel through
    3.11.4 makes it easier for context-dependent attackers to
    defeat cryptographic protection mechanisms via multiple
    requests for small amounts of data, leading to improper
    management of the state of the consumed data. (bnc#840226)
    
    CVE-2013-2146: arch/x86/kernel/cpu/perf_event_intel.c in the
    Linux kernel before 3.8.9, when the Performance Events
    Subsystem is enabled, specifies an incorrect bitmask, which
    allows local users to cause a denial of service (general
    protection fault and system crash) by attempting to set a
    reserved bit. (bnc#825006)
    
    CVE-2013-2930: The perf_trace_event_perm function in
    kernel/trace/trace_event_perf.c in the Linux kernel before
    3.12.2 does not properly restrict access to the perf
    subsystem, which allows local users to enable function
    tracing via a crafted application. (bnc#849362)
    
    Also the following non-security bugs have been fixed :
    
      - kernel: correct tlb flush on page table upgrade
        (bnc#847660, LTC#99268).
    
      - kernel: fix floating-point-control register save and
        restore (bnc#847660, LTC#99000). kernel: correct
        handling of asce-type exceptions (bnc#851879,
        LTC#100293).
    
        watchdog: Get rid of MODULE_ALIAS_MISCDEV statements
        (bnc#827767).
    
      - random: fix accounting race condition with lockless irq
        entropy_count update (bnc#789359).
    
      - blktrace: Send BLK_TN_PROCESS events to all running
        traces (bnc#838623).
    
      - printk: forcibly flush nmi ringbuffer if oops is in
        progress (bnc#849675).
    
      - Introduce KABI exception for cpuidle_state->disable via
        #ifndef __GENKSYMS__
    
      - Honor state disabling in the cpuidle ladder governor
        (bnc#845378).
    
      - cpuidle: add a sysfs entry to disable specific C state
        for debug purpose (bnc#845378).
    
      - net: Do not enable tx-nocache-copy by default
        (bnc#845378).
    
      - mm: reschedule to avoid RCU stall triggering during boot
        of large machines (bnc#820434,bnc#852153). rtc-cmos: Add
        an alarm disable quirk (bnc#805740).
    
        tty/hvc_iucv: Disconnect IUCV connection when lowering
        DTR (bnc#839973, LTC#97595).
    
        tty/hvc_console: Add DTR/RTS callback to handle HUPCL
        control (bnc#839973, LTC#97595).
    
        sched: Avoid throttle_cfs_rq() racing with period_timer
        stopping (bnc#848336).
    
      - sched/balancing: Periodically decay max cost of idle
        balance (bnc#849256).
    
      - sched: Consider max cost of idle balance per sched
        domain (bnc#849256).
    
      - sched: Reduce overestimating rq->avg_idle (bnc#849256).
    
      - sched: Fix cfs_bandwidth misuse of
        hrtimer_expires_remaining (bnc#848336).
    
      - sched: Fix hrtimer_cancel()/rq->lock deadlock
        (bnc#848336).
    
      - sched: Fix race on toggling cfs_bandwidth_used
        (bnc#848336).
    
      - sched: Guarantee new group-entities always have weight
        (bnc#848336).
    
      - sched: Use jump labels to reduce overhead when bandwidth
        control is inactive (bnc#848336). sched: Fix several
        races in CFS_BANDWIDTH (bnc#848336).
    
        futex: fix handling of read-only-mapped hugepages (VM
        Functionality).
    
      - futex: move user address verification up to common code
        (bnc#851603).
    
      - futexes: Clean up various details (bnc#851603).
    
      - futexes: Increase hash table size for better performance
        (bnc#851603).
    
      - futexes: Document multiprocessor ordering guarantees
        (bnc#851603).
    
      - futexes: Avoid taking the hb->lock if there is nothing
        to wake up (bnc#851603).
    
      - futexes: Fix futex_hashsize initialization (bnc#851603).
        mutex: Make more scalable by doing fewer atomic
        operations (bnc#849256).
    
        powerpc: Fix memory hotplug with sparse vmemmap
        (bnc#827527).
    
      - powerpc: Add System RAM to /proc/iomem (bnc#827527).
    
      - powerpc/mm: Mark Memory Resources as busy (bnc#827527).
    
      - powerpc: Fix fatal SLB miss when restoring PPR
        (bnc#853465).
    
      - powerpc: Make function that parses RTAS error logs
        global (bnc#852761).
    
      - powerpc/pseries: Parse and handle EPOW interrupts
        (bnc#852761).
    
      - powerpc/rtas_flash: Fix validate_flash buffer overflow
        issue (bnc#847842). powerpc/rtas_flash: Fix bad memory
        access (bnc#847842).
    
        x86: Update UV3 hub revision ID (bnc#846298
        fate#314987).
    
      - x86: Remove some noise from boot log when starting cpus
        (bnc#770541).
    
      - x86/microcode/amd: Tone down printk(), do not treat a
        missing firmware file as an error (bnc#843654).
    
      - x86/dumpstack: Fix printk_address for direct addresses
        (bnc#845621). x86/PCI: reduce severity of host bridge
        window conflict warnings (bnc#858534).
    
        ipv6: fix race condition regarding dst->expires and
        dst->from (bnc#843185).
    
      - netback: bump tx queue length (bnc#849404).
    
      - xfrm: invalidate dst on policy insertion/deletion
        (bnc#842239). xfrm: prevent ipcomp scratch buffer race
        condition (bnc#842239).
    
        tcp: bind() fix autoselection to share ports
        (bnc#823618).
    
      - tcp: bind() use stronger condition for bind_conflict
        (bnc#823618).
    
      - tcp: ipv6: bind() use stronger condition for
        bind_conflict (bnc#823618). kabi: protect bind_conflict
        callback in struct inet_connection_sock_af_ops
        (bnc#823618).
    
        macvlan: introduce IFF_MACVLAN flag and helper function
        (bnc#846984).
    
      - macvlan: introduce macvlan_dev_real_dev() helper
        function (bnc#846984). macvlan: disable LRO on lower
        device instead of macvlan (bnc#846984).
    
        fs: Avoid softlockup in shrink_dcache_for_umount_subtree
        (bnc#834473).
    
      - blkdev_max_block: make private to fs/buffer.c
        (bnc#820338). storage: SMI Corporation usb key added to
        READ_CAPACITY_10 quirk (bnc#850324).
    
        autofs4: autofs4_wait() vs. autofs4_catatonic_mode()
        race (bnc#851314).
    
      - autofs4: catatonic_mode vs. notify_daemon race
        (bnc#851314).
    
      - autofs4: close the races around autofs4_notify_daemon()
        (bnc#851314).
    
      - autofs4: deal with autofs4_write/autofs4_write races
        (bnc#851314).
    
      - autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless
        mount (bnc#851314).
    
      - autofs4: fix deal with autofs4_write races (bnc#851314).
        autofs4: use simple_empty() for empty directory check
        (bnc#851314).
    
        dlm: set zero linger time on sctp socket (bnc#787843).
    
      - SUNRPC: Fix a data corruption issue when retransmitting
        RPC calls (no bugzilla yet - netapp confirms problem and
        fix).
    
      - nfs: Change NFSv4 to not recover locks after they are
        lost (bnc#828236). nfs: Adapt readdirplus to application
        usage patterns (bnc#834708).
    
        xfs: Account log unmount transaction correctly
        (bnc#849950).
    
      - xfs: improve ioend error handling (bnc#846036).
    
      - xfs: reduce ioend latency (bnc#846036).
    
      - xfs: use per-filesystem I/O completion workqueues
        (bnc#846036). xfs: Hide additional entries in struct
        xfs_mount (bnc#846036 bnc#848544).
    
        Btrfs: do not BUG_ON() if we get an error walking
        backrefs (FATE#312888).
    
        vfs: avoid 'attempt to access beyond end of device'
        warnings (bnc#820338).
    
      - vfs: fix O_DIRECT read past end of block device
        (bnc#820338).
    
      - cifs: Improve performance of browsing directories with
        several files (bnc#810323). cifs: Ensure cifs
        directories do not show up as files (bnc#826602).
    
        dm-multipath: abort all requests when failing a path
        (bnc#798050).
    
      - scsi: Add 'eh_deadline' to limit SCSI EH runtime
        (bnc#798050).
    
      - scsi: Allow error handling timeout to be specified
        (bnc#798050).
    
      - scsi: Fixup compilation warning (bnc#798050).
    
      - scsi: Retry failfast commands after EH (bnc#798050).
    
      - scsi: Warn on invalid command completion (bnc#798050).
    
      - advansys: Remove 'last_reset' references (bnc#798050).
    
      - cleanup setting task state in scsi_error_handler()
        (bnc#798050).
    
      - dc395: Move 'last_reset' into internal host structure
        (bnc#798050).
    
      - dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050).
    
      - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset
        (bnc#798050).
    
      - scsi: kABI fixes (bnc#798050).
    
      - scsi: remove check for 'resetting' (bnc#798050).
        tmscsim: Move 'last_reset' into host structure
        (bnc#798050).
    
        SCSI & usb-storage: add try_rc_10_first flag
        (bnc#853428).
    
      - iscsi_target: race condition on shutdown (bnc#850072).
    
      - libfcoe: Make fcoe_sysfs optional / fix fnic NULL
        exception (bnc#837206).
    
      - lpfc 8.3.42: Fixed issue of task management commands
        having a fixed timeout (bnc#856481).
    
      - advansys: Remove 'last_reset' references (bnc#856481).
    
      - dc395: Move 'last_reset' into internal host structure
        (bnc#856481).
    
      - Add 'eh_deadline' to limit SCSI EH runtime (bnc#856481).
    
      - remove check for 'resetting' (bnc#856481). tmscsim: Move
        'last_reset' into host structure (bnc#856481).
    
        scsi_dh_rdac: Add new IBM 1813 product id to rdac
        devlist (bnc#846654).
    
        md: Change handling of save_raid_disk and metadata
        update during recovery (bnc#849364).
    
        dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#856481).
    
        dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset
        (bnc#856481).
    
        crypto: unload of aes_s390 module causes kernel panic
        (bnc#847660, LTC#98706).
    
      - crypto: Fix aes-xts parameter corruption (bnc#854546,
        LTC#100718). crypto: gf128mul - fix call to memset()
        (obvious fix).
    
        X.509: Fix certificate gathering (bnc#805114).
    
        pcifront: Deal with toolstack missing
        'XenbusStateClosing' state.
    
      - xencons: generalize use of add_preferred_console()
        (bnc#733022, bnc#852652).
    
      - netxen: fix off by one bug in netxen_release_tx_buffer()
        (bnc#845729).
    
      - xen: xen_spin_kick fixed crash/lock release
        (bnc#807434)(bnc#848652). xen: fixed USB passthrough
        issue (bnc#852624).
    
        igb: Fix get_fw_version function for all parts
        (bnc#848317).
    
      - igb: Refactor of init_nvm_params (bnc#848317).
    
      - r8169: check ALDPS bit and disable it if enabled for the
        8168g (bnc#845352).
    
      - qeth: request length checking in snmp ioctl (bnc#847660,
        LTC#99511). bnx2x: remove false warning regarding
        interrupt number (bnc#769035).
    
        usb: Fix xHCI host issues on remote wakeup (bnc#846989).
    
      - xhci: Limit the spurious wakeup fix only to HP machines
        (bnc#833097).
    
      - Intel xhci: refactor EHCI/xHCI port switching
        (bnc#840116).
    
      - xhci-hub.c: preserved kABI (bnc#840116). xhci: Refactor
        port status into a new function (bnc#840116).
    
        HID: multitouch: Add support for NextWindow 0340
        touchscreen (bnc#849855).
    
      - HID: multitouch: Add support for Qaunta 3027 touchscreen
        (bnc#854516).
    
      - HID: multitouch: add support for Atmel 212c touchscreen
        (bnc#793727).
    
      - HID: multitouch: partial support of win8 devices
        (bnc#854516,bnc#793727,bnc#849855). HID: hid-multitouch:
        add support for the IDEACOM 6650 chip
        (bnc#854516,bnc#793727,bnc#849855).
    
        ALSA: hda - Fix inconsistent mic-mute LED (bnc#848864).
    
        ALSA: hda - load EQ params into IDT codec on HP bNB13
        systems (bnc#850493).
    
        lpfc: correct some issues with txcomplq processing
        (bnc#818064).
    
        lpfc: correct an issue with rrq processing (bnc#818064).
    
        block: factor out vector mergeable decision to a helper
        function (bnc#769644).
    
        block: modify __bio_add_page check to accept pages that
        do not start a new segment (bnc#769644).
    
        sd: avoid deadlocks when running under multipath
        (bnc#818545).
    
      - sd: fix crash when UA received on DIF enabled device
        (bnc#841445). sg: fix blk_get_queue usage (bnc#834808).
    
        lpfc: Do not free original IOCB whenever ABTS fails
        (bnc#806988).
    
      - lpfc: Fix kernel warning on spinlock usage (bnc#806988).
        lpfc: Fixed system panic due to midlayer abort
        (bnc#806988).
    
        qla2xxx: Add module parameter to override the default
        request queue size (bnc#826756).
    
        qla2xxx: Module parameter 'ql2xasynclogin' (bnc#825896).
    
        Pragmatic workaround for realtime class abuse induced
        latency issues.
    
        Provide realtime priority kthread and workqueue boot
        options (bnc#836718).
    
        mlx4: allocate just enough pages instead of always 4
        pages (bnc#835186 bnc#835074).
    
      - mlx4: allow order-0 memory allocations in RX path
        (bnc#835186 bnc#835074).
    
      - net/mlx4: use one page fragment per incoming frame
        (bnc#835186 bnc#835074). bna: do not register
        ndo_set_rx_mode callback (bnc#847261).
    
        PCI: pciehp: Retrieve link speed after link is trained
        (bnc#820102).
    
      - PCI: Separate pci_bus_read_dev_vendor_id from
        pci_scan_device (bnc#820102).
    
      - PCI: pciehp: replace unconditional sleep with config
        space access check (bnc#820102).
    
      - PCI: pciehp: make check_link_active more helpful
        (bnc#820102).
    
      - PCI: pciehp: Add pcie_wait_link_not_active()
        (bnc#820102).
    
      - PCI: pciehp: Add Disable/enable link functions
        (bnc#820102).
    
      - PCI: pciehp: Disable/enable link during slot power
        off/on (bnc#820102). PCI: fix truncation of resource
        size to 32 bits (bnc#843419).
    
        hv: handle more than just WS2008 in KVP negotiation
        (bnc#850640).
    
        mei: ME hardware reset needs to be synchronized
        (bnc#821619).
    
        kabi: Restore struct irq_desc::timer_rand_state.
    
        fs3270: unloading module does not remove device
        (bnc#851879, LTC#100284).
    
        cio: add message for timeouts on internal I/O
        (bnc#837739,LTC#97047).
    
        isci: Fix a race condition in the SSP task management
        path (bnc#826978).
    
        ptp: dynamic allocation of PHC char devices
        (bnc#851290).
    
        efifb: prevent null-deref when iterating dmi_list
        (bnc#848055).
    
        dm-mpath: Fixup race condition in activate_path()
        (bnc#708296).
    
      - dm-mpath: do not detach stale hardware handler
        (bnc#708296). dm-multipath: Improve logging
        (bnc#708296).
    
        scsi_dh: invoke callback if ->activate is not present
        (bnc#708296).
    
      - scsi_dh: return individual errors in scsi_dh_activate()
        (bnc#708296).
    
      - scsi_dh_alua: Decode EMC Clariion extended inquiry
        (bnc#708296).
    
      - scsi_dh_alua: Decode HP EVA array identifier
        (bnc#708296).
    
      - scsi_dh_alua: Evaluate state for all port groups
        (bnc#708296).
    
      - scsi_dh_alua: Fix missing close brace in
        alua_check_sense (bnc#843642).
    
      - scsi_dh_alua: Make stpg synchronous (bnc#708296).
    
      - scsi_dh_alua: Pass buffer as function argument
        (bnc#708296).
    
      - scsi_dh_alua: Re-evaluate port group states after STPG
        (bnc#708296).
    
      - scsi_dh_alua: Recheck state on transitioning
        (bnc#708296).
    
      - scsi_dh_alua: Rework rtpg workqueue (bnc#708296).
    
      - scsi_dh_alua: Use separate alua_port_group structure
        (bnc#708296).
    
      - scsi_dh_alua: Allow get_alua_data() to return NULL
        (bnc#839407).
    
      - scsi_dh_alua: asynchronous RTPG (bnc#708296).
    
      - scsi_dh_alua: correctly terminate target port strings
        (bnc#708296).
    
      - scsi_dh_alua: defer I/O while workqueue item is pending
        (bnc#708296).
    
      - scsi_dh_alua: Do not attach to RAID or enclosure devices
        (bnc#819979).
    
      - scsi_dh_alua: Do not attach to well-known LUNs
        (bnc#821980).
    
      - scsi_dh_alua: fine-grained locking in alua_rtpg_work()
        (bnc#708296).
    
      - scsi_dh_alua: invalid state information for 'optimized'
        paths (bnc#843445).
    
      - scsi_dh_alua: move RTPG to workqueue (bnc#708296).
    
      - scsi_dh_alua: move 'expiry' into PG structure
        (bnc#708296).
    
      - scsi_dh_alua: move some sense code handling into generic
        code (bnc#813245).
    
      - scsi_dh_alua: multipath failover fails with error 15
        (bnc#825696).
    
      - scsi_dh_alua: parse target device id (bnc#708296).
    
      - scsi_dh_alua: protect accesses to struct alua_port_group
        (bnc#708296).
    
      - scsi_dh_alua: put sense buffer on stack (bnc#708296).
    
      - scsi_dh_alua: reattaching device handler fails with
        'Error 15' (bnc#843429).
    
      - scsi_dh_alua: remove locking when checking state
        (bnc#708296).
    
      - scsi_dh_alua: remove stale variable (bnc#708296).
    
      - scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296).
    
      - scsi_dh_alua: retry command on 'mode parameter changed'
        sense code (bnc#843645).
    
      - scsi_dh_alua: simplify alua_check_sense() (bnc#843642).
    
      - scsi_dh_alua: simplify state update (bnc#708296).
    
      - scsi_dh_alua: use delayed_work (bnc#708296).
    
      - scsi_dh_alua: use flag for RTPG extended header
        (bnc#708296).
    
      - scsi_dh_alua: use local buffer for VPD inquiry
        (bnc#708296).
    
      - scsi_dh_alua: use spin_lock_irqsave for port group
        (bnc#708296).
    
      - scsi_dh_alua: defer I/O while workqueue item is pending
        (bnc#708296).
    
      - scsi_dh_alua: Rework rtpg workqueue (bnc#708296).
    
      - scsi_dh_alua: use delayed_work (bnc#708296).
    
      - scsi_dh_alua: move 'expiry' into PG structure
        (bnc#708296).
    
      - scsi_dh: invoke callback if ->activate is not present
        (bnc#708296).
    
      - scsi_dh_alua: correctly terminate target port strings
        (bnc#708296).
    
      - scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296).
    
      - scsi_dh_alua: protect accesses to struct alua_port_group
        (bnc#708296).
    
      - scsi_dh_alua: fine-grained locking in alua_rtpg_work()
        (bnc#708296).
    
      - scsi_dh_alua: use spin_lock_irqsave for port group
        (bnc#708296).
    
      - scsi_dh_alua: remove locking when checking state
        (bnc#708296).
    
      - scsi_dh_alua: remove stale variable (bnc#708296).
    
      - scsi_dh: return individual errors in scsi_dh_activate()
        (bnc#708296). scsi_dh_alua: fixup misplaced brace in
        alua_initialize() (bnc#858831).
    
        drm/i915: add I915_PARAM_HAS_VEBOX to i915_getparam
        (bnc#831103,FATE#316109).
    
      - drm/i915: add I915_EXEC_VEBOX to
        i915_gem_do_execbuffer() (bnc#831103,FATE#316109).
    
      - drm/i915: add VEBOX into debugfs
        (bnc#831103,FATE#316109).
    
      - drm/i915: Enable vebox interrupts
        (bnc#831103,FATE#316109).
    
      - drm/i915: vebox interrupt get/put
        (bnc#831103,FATE#316109).
    
      - drm/i915: consolidate interrupt naming scheme
        (bnc#831103,FATE#316109).
    
      - drm/i915: Convert irq_refounct to struct
        (bnc#831103,FATE#316109).
    
      - drm/i915: make PM interrupt writes non-destructive
        (bnc#831103,FATE#316109).
    
      - drm/i915: Add PM regs to pre/post install
        (bnc#831103,FATE#316109).
    
      - drm/i915: Create an ivybridge_irq_preinstall
        (bnc#831103,FATE#316109).
    
      - drm/i915: Create a more generic pm handler for hsw+
        (bnc#831103,FATE#316109).
    
      - drm/i915: Vebox ringbuffer init
        (bnc#831103,FATE#316109).
    
      - drm/i915: add HAS_VEBOX (bnc#831103,FATE#316109).
    
      - drm/i915: Rename ring flush functions
        (bnc#831103,FATE#316109).
    
      - drm/i915: Add VECS semaphore bits
        (bnc#831103,FATE#316109).
    
      - drm/i915: Introduce VECS: the 4th ring
        (bnc#831103,FATE#316109).
    
      - drm/i915: Semaphore MBOX update generalization
        (bnc#831103,FATE#316109).
    
      - drm/i915: Comments for semaphore clarification
        (bnc#831103,FATE#316109).
    
      - drm/i915: fix gen4 digital port hotplug definitions
        (bnc#850103).
    
      - drm/mgag200: Bug fix: Modified pll algorithm for EH
        project (bnc#841654). drm: do not add inferred modes for
        monitors that do not support them (bnc #849809).
    
        s390/cio: dont abort verification after missing irq
        (bnc#837739,LTC#97047).
    
      - s390/cio: skip broken paths (bnc#837739,LTC#97047).
    
      - s390/cio: export vpm via sysfs (bnc#837739,LTC#97047).
    
      - s390/cio: handle unknown pgroup state
        (bnc#837739,LTC#97047).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://download.novell.com/patch/finder/?keywords=155ef3b4e3ba6228ccaef2cbc31bebd9
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?508af80c"
      );
      # http://download.novell.com/patch/finder/?keywords=5bc4480468b77bc708f1a53315eda1a5
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?41c59b1d"
      );
      # http://download.novell.com/patch/finder/?keywords=5bf653f731ed3521053f5341cf36caed
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?81371f29"
      );
      # http://download.novell.com/patch/finder/?keywords=80a0fe93ee599f6907148b6d57bc4386
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f2c10cd3"
      );
      # http://download.novell.com/patch/finder/?keywords=84ede2844b021edeba8226469dc99257
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4fd89842"
      );
      # http://download.novell.com/patch/finder/?keywords=8fce986182f7f5e181facfac1db4aae3
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?90e9ccc2"
      );
      # http://download.novell.com/patch/finder/?keywords=a863e6ada238d9cd2f9e9150d31fefff
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?09a3fa7e"
      );
      # http://download.novell.com/patch/finder/?keywords=b711e9a5616f248e3074a4b6c9570dc5
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?4a374681"
      );
      # http://download.novell.com/patch/finder/?keywords=d80e8135e5fe036068f832766fc4cfb9
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fe789f30"
      );
      # http://download.novell.com/patch/finder/?keywords=ff3893b2e58671834b0dfa8fb9b43401
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2c79cf66"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2146.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-2930.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4345.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4483.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4511.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4514.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4515.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4587.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4592.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6367.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6368.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6376.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6378.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6380.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6383.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6463.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-7027.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/708296"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/733022"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/769035"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/769644"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/770541"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/787843"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/789359"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/793727"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/798050"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/805114"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/805740"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/806988"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/807434"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/810323"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/813245"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/818064"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/818545"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/819979"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/820102"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/820338"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/820434"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/821619"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/821980"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/823618"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/825006"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/825696"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/825896"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/826602"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/826756"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/826978"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/827527"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/827767"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/828236"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/831103"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/833097"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/834473"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/834708"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/834808"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/835074"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/835186"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/836718"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/837206"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/837739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/838623"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/839407"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/839973"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/840116"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/840226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/841445"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/841654"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/842239"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/843185"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/843419"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/843429"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/843445"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/843642"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/843645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/843654"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/845352"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/845378"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/845621"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/845729"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/846036"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/846298"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/846654"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/846984"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/846989"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/847261"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/847660"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/847842"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/848055"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/848317"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/848321"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/848335"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/848336"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/848544"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/848652"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/848864"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849021"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849029"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849034"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849256"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849362"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849364"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849404"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849675"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849809"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849855"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/849950"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/850072"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/850103"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/850324"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/850493"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/850640"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/851066"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/851101"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/851290"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/851314"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/851603"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/851879"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/852153"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/852373"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/852558"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/852559"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/852624"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/852652"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/852761"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/853050"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/853051"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/853052"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/853053"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/853428"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/853465"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/854516"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/854546"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/854634"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/854722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/856307"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/856481"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/858534"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/858831"
      );
      # https://www.suse.com/support/update/announcement/2014/suse-su-20140189-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b0cc1610"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 11 SP3 for VMware :
    
    zypper in -t patch slessp3-kernel-8823 slessp3-kernel-8827
    
    SUSE Linux Enterprise Server 11 SP3 :
    
    zypper in -t patch slessp3-kernel-8823 slessp3-kernel-8824
    slessp3-kernel-8825 slessp3-kernel-8826 slessp3-kernel-8827
    
    SUSE Linux Enterprise High Availability Extension 11 SP3 :
    
    zypper in -t patch slehasp3-kernel-8823 slehasp3-kernel-8824
    slehasp3-kernel-8825 slehasp3-kernel-8826 slehasp3-kernel-8827
    
    SUSE Linux Enterprise Desktop 11 SP3 :
    
    zypper in -t patch sledsp3-kernel-8823 sledsp3-kernel-8827
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:xen-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/02/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = eregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^(SLED11|SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED11 / SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! ereg(pattern:"^3$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3", os_ver + " SP" + sp);
    if (os_ver == "SLED11" && (! ereg(pattern:"^3$", string:sp))) audit(AUDIT_OS_NOT, "SLED11 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-ec2-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-ec2-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-ec2-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-xen-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"xen-kmp-default-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-pae-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-pae-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-pae-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"xen-kmp-pae-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"s390x", reference:"kernel-default-man-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-default-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-default-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-default-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-source-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-syms-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-trace-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-trace-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-trace-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-ec2-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-ec2-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-ec2-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-xen-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-xen-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"xen-kmp-default-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-pae-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-pae-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"xen-kmp-pae-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-default-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-default-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-default-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-default-extra-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-source-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-syms-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-trace-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-xen-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-xen-extra-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"xen-kmp-default-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-pae-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-pae-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-pae-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"kernel-pae-extra-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"xen-kmp-pae-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-default-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-default-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-default-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-default-extra-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-source-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-syms-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-trace-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-xen-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-xen-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-xen-extra-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"xen-kmp-default-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-pae-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-pae-base-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"kernel-pae-extra-3.0.101-0.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"xen-kmp-pae-4.2.3_08_3.0.101_0.15-0.7.22")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-3034.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id74101
    published2014-05-20
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74101
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3034)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from Oracle Linux
    # Security Advisory ELSA-2014-3034.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74101);
      script_version("1.20");
      script_cvs_date("Date: 2019/09/30 10:58:19");
    
      script_cve_id("CVE-2013-2929", "CVE-2013-4587", "CVE-2013-6383", "CVE-2013-6885", "CVE-2013-7263", "CVE-2013-7265", "CVE-2013-7266", "CVE-2014-0038", "CVE-2014-0049", "CVE-2014-0055", "CVE-2014-0069", "CVE-2014-0077", "CVE-2014-0101", "CVE-2014-0196", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2851");
      script_bugtraq_id(63983, 64328, 64743, 65255, 65909, 66095, 67199, 67282);
    
      script_name(english:"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3034)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote Oracle Linux host is missing a security update for
    the Unbreakable Enterprise kernel package(s)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-May/004134.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected unbreakable enterprise kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel recvmmsg Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-35.el6uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-provider-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-2929", "CVE-2013-4587", "CVE-2013-6383", "CVE-2013-6885", "CVE-2013-7263", "CVE-2013-7265", "CVE-2013-7266", "CVE-2014-0038", "CVE-2014-0049", "CVE-2014-0055", "CVE-2014-0069", "CVE-2014-0077", "CVE-2014-0101", "CVE-2014-0196", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2851");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2014-3034");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "3.8";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_check(release:"EL6", cpu:"x86_64", reference:"dtrace-modules-3.8.13-35.el6uek-0.4.3-4.el6")) flag++;
    if (rpm_check(release:"EL6", cpu:"x86_64", reference:"dtrace-modules-headers-0.4.3-4.el6")) flag++;
    if (rpm_check(release:"EL6", cpu:"x86_64", reference:"dtrace-modules-provider-headers-0.4.3-4.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-3.8.13-35.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-3.8.13-35.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-devel-3.8.13-35.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-devel-3.8.13-35.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-doc-3.8.13-35.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-firmware-3.8.13-35.el6uek")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2113-1.NASL
    descriptionSaran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2013-4563) Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported a flaw in the Linux Kernel
    last seen2020-03-18
    modified2014-02-19
    plugin id72576
    published2014-02-19
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72576
    titleUbuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2113-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2113-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72576);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-4563", "CVE-2013-4579", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6382", "CVE-2013-6432", "CVE-2013-7263", "CVE-2013-7264", "CVE-2013-7265", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271", "CVE-2013-7281", "CVE-2014-1438", "CVE-2014-1446");
      script_xref(name:"USN", value:"2113-1");
    
      script_name(english:"Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2113-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI)
    in the Linux kernel. A remote attacker could exploit this flaw to
    cause a denial of service (panic). (CVE-2013-4563)
    
    Mathy Vanhoef discovered an error in the the way the ath9k driver was
    handling the BSSID masking. A remote attacker could exploit this error
    to discover the original MAC address after a spoofing atack.
    (CVE-2013-4579)
    
    Andrew Honig reported a flaw in the Linux Kernel's
    kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM)
    subsystem. A local user could exploit this flaw to gain privileges on
    the host machine. (CVE-2013-4587)
    
    Andrew Honig reported a flaw in the apic_get_tmcct function of the
    Kernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS
    user could exploit this flaw to cause a denial of service or host OS
    system crash. (CVE-2013-6367)
    
    Andrew Honig reported an error in the Linux Kernel's Kernel Virtual
    Machine (KVM) VAPIC synchronization operation. A local user could
    exploit this flaw to gain privileges or cause a denial of service
    (system crash). (CVE-2013-6368)
    
    Lars Bull discovered a flaw in the recalculate_apic_map function of
    the Kernel Virtual Machine (KVM) subsystem in the Linux kernel. A
    guest OS user could exploit this flaw to cause a denial of service
    (host OS crash). (CVE-2013-6376)
    
    Nico Golde and Fabian Yamaguchi reported buffer underflow errors in
    the implementation of the XFS filesystem in the Linux kernel. A local
    user with CAP_SYS_ADMIN could exploit these flaw to cause a denial of
    service (memory corruption) or possibly other unspecified issues.
    (CVE-2013-6382)
    
    A flaw was discovered in the ipv4 ping_recvmsg function of the Linux
    kernel. A local user could exploit this flaw to cause a denial of
    service (NULL pointer dereference and system crash). (CVE-2013-6432)
    
    mpd reported an information leak in the recvfrom, recvmmsg, and
    recvmsg system calls in the Linux kernel. An unprivileged local user
    could exploit this flaw to obtain sensitive information from kernel
    stack memory. (CVE-2013-7263)
    
    mpb reported an information leak in the Layer Two Tunneling Protocol
    (l2tp) of the Linux kernel. A local user could exploit this flaw to
    obtain sensitive information from kernel stack memory. (CVE-2013-7264)
    
    mpb reported an information leak in the Phone Network protocol
    (phonet) in the Linux kernel. A local user could exploit this flaw to
    obtain sensitive information from kernel stack memory. (CVE-2013-7265)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with ISDN sockets in the Linux kernel. A
    local user could exploit this leak to obtain potentially sensitive
    information from kernel memory. (CVE-2013-7266)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with apple talk sockets in the Linux
    kernel. A local user could exploit this leak to obtain potentially
    sensitive information from kernel memory. (CVE-2013-7267)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with ipx protocol sockets in the Linux
    kernel. A local user could exploit this leak to obtain potentially
    sensitive information from kernel memory. (CVE-2013-7268)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with the netrom address family in the
    Linux kernel. A local user could exploit this leak to obtain
    potentially sensitive information from kernel memory. (CVE-2013-7269)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with packet address family sockets in
    the Linux kernel. A local user could exploit this leak to obtain
    potentially sensitive information from kernel memory. (CVE-2013-7270)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with x25 protocol sockets in the Linux
    kernel. A local user could exploit this leak to obtain potentially
    sensitive information from kernel memory. (CVE-2013-7271)
    
    mpb reported an information leak in the Low-Rate Wireless Personal
    Area Networks support (IEEE 802.15.4) in the Linux kernel. A local
    user could exploit this flaw to obtain sensitive information from
    kernel stack memory. (CVE-2013-7281)
    
    halfdog reported an error in the AMD K7 and K8 platform support in the
    Linux kernel. An unprivileged local user could exploit this flaw on
    AMD based systems to cause a denial of service (task kill) or possibly
    gain privileges via a crafted application. (CVE-2014-1438)
    
    An information leak was discovered in the Linux kernel's hamradio YAM
    driver for AX.25 packet radio. A local user with the CAP_NET_ADMIN
    capability could exploit this flaw to obtain sensitive information
    from kernel memory. (CVE-2014-1446).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2113-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected linux-image-3.11-generic and / or
    linux-image-3.11-generic-lpae packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/02/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/19");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-4563", "CVE-2013-4579", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6382", "CVE-2013-6432", "CVE-2013-7263", "CVE-2013-7264", "CVE-2013-7265", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271", "CVE-2013-7281", "CVE-2014-1438", "CVE-2014-1446");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2113-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.11.0-17-generic", pkgver:"3.11.0-17.31~precise1")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.11.0-17-generic-lpae", pkgver:"3.11.0-17.31~precise1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.11-generic / linux-image-3.11-generic-lpae");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2129-1.NASL
    descriptionAn information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. (CVE-2013-0160) Vasily Kulikov reported a flaw in the Linux kernel
    last seen2020-03-18
    modified2014-03-06
    plugin id72858
    published2014-03-06
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72858
    titleUbuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2129-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2129-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72858);
      script_version("1.10");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-0160", "CVE-2013-2929", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6380", "CVE-2013-6382", "CVE-2013-7027", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271", "CVE-2014-1444", "CVE-2014-1445", "CVE-2014-1446", "CVE-2014-1874");
      script_bugtraq_id(57176, 63887, 63889, 64013, 64111, 64270, 64328, 64739, 64741, 64742, 64743, 64744, 64746, 64952, 64953, 64954, 65459);
      script_xref(name:"USN", value:"2129-1");
    
      script_name(english:"Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2129-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An information leak was discovered in the Linux kernel when inotify is
    used to monitor the /dev/ptmx device. A local user could exploit this
    flaw to discover keystroke timing and potentially discover sensitive
    information like password length. (CVE-2013-0160)
    
    Vasily Kulikov reported a flaw in the Linux kernel's implementation of
    ptrace. An unprivileged local user could exploit this flaw to obtain
    sensitive information from kernel memory. (CVE-2013-2929)
    
    Andrew Honig reported a flaw in the Linux Kernel's
    kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM)
    subsystem. A local user could exploit this flaw to gain privileges on
    the host machine. (CVE-2013-4587)
    
    Andrew Honig reported a flaw in the apic_get_tmcct function of the
    Kernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS
    user could exploit this flaw to cause a denial of service or host OS
    system crash. (CVE-2013-6367)
    
    Nico Golde and Fabian Yamaguchi reported a flaw in the driver for
    Adaptec AACRAID scsi raid devices in the Linux kernel. A local user
    could use this flaw to cause a denial of service or possibly other
    unspecified impact. (CVE-2013-6380)
    
    Nico Golde and Fabian Yamaguchi reported buffer underflow errors in
    the implementation of the XFS filesystem in the Linux kernel. A local
    user with CAP_SYS_ADMIN could exploit these flaw to cause a denial of
    service (memory corruption) or possibly other unspecified issues.
    (CVE-2013-6382)
    
    Evan Huus reported a buffer overflow in the Linux kernel's radiotap
    header parsing. A remote attacker could cause a denial of service
    (buffer over- read) via a specially crafted header. (CVE-2013-7027)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with ISDN sockets in the Linux kernel. A
    local user could exploit this leak to obtain potentially sensitive
    information from kernel memory. (CVE-2013-7266)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with apple talk sockets in the Linux
    kernel. A local user could exploit this leak to obtain potentially
    sensitive information from kernel memory. (CVE-2013-7267)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with ipx protocol sockets in the Linux
    kernel. A local user could exploit this leak to obtain potentially
    sensitive information from kernel memory. (CVE-2013-7268)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with the netrom address family in the
    Linux kernel. A local user could exploit this leak to obtain
    potentially sensitive information from kernel memory. (CVE-2013-7269)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with packet address family sockets in
    the Linux kernel. A local user could exploit this leak to obtain
    potentially sensitive information from kernel memory. (CVE-2013-7270)
    
    An information leak was discovered in the recvfrom, recvmmsg, and
    recvmsg systemcalls when used with x25 protocol sockets in the Linux
    kernel. A local user could exploit this leak to obtain potentially
    sensitive information from kernel memory. (CVE-2013-7271)
    
    An information leak was discovered in the Linux kernel's SIOCWANDEV
    ioctl call. A local user with the CAP_NET_ADMIN capability could
    exploit this flaw to obtain potentially sensitive information from
    kernel memory. (CVE-2014-1444)
    
    An information leak was discovered in the wanxl ioctl function the
    Linux kernel. A local user could exploit this flaw to obtain
    potentially sensitive information from kernel memory. (CVE-2014-1445)
    
    An information leak was discovered in the Linux kernel's hamradio YAM
    driver for AX.25 packet radio. A local user with the CAP_NET_ADMIN
    capability could exploit this flaw to obtain sensitive information
    from kernel memory. (CVE-2014-1446)
    
    Matthew Thode reported a denial of service vulnerability in the Linux
    kernel when SELinux support is enabled. A local user with the
    CAP_MAC_ADMIN capability (and the SELinux mac_admin permission if
    running in enforcing mode) could exploit this flaw to cause a denial
    of service (kernel crash). (CVE-2014-1874).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2129-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected linux-image-2.6-ec2 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-2.6-ec2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/03/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-0160", "CVE-2013-2929", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6380", "CVE-2013-6382", "CVE-2013-7027", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271", "CVE-2014-1444", "CVE-2014-1445", "CVE-2014-1446", "CVE-2014-1874");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2129-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"linux-image-2.6.32-362-ec2", pkgver:"2.6.32-362.75")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-2.6-ec2");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1475.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation.(CVE-2013-4348) - The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network.(CVE-2013-4350) - net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet.(CVE-2013-4387) - The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.(CVE-2013-4470) - Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c.(CVE-2013-4511) - The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline.(CVE-2013-4563) - The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations.(CVE-2013-4579) - Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value.(CVE-2013-4587) - The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.(CVE-2013-6367) - The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.(CVE-2013-6368) - The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode.(CVE-2013-6376) - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation.(CVE-2013-6378) - The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command.(CVE-2013-6380) - Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c.(CVE-2013-6382) - The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call.(CVE-2013-6383) - The fib6_add function in net/ipv6/ip6_fib.c in the Linux kernel before 3.11.5 does not properly implement error-code encoding, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for an IPv6 SIOCADDRT ioctl call.(CVE-2013-6431) - The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted mmap operations, a different vulnerability than CVE-2013-4511.(CVE-2013-6763) - Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted application that uses shmctl IPC_RMID operations in conjunction with other shm system calls.(CVE-2013-7026) - The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header.(CVE-2013-7027) - The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.(CVE-2013-7263) - The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7264) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id124799
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124799
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1475)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124799);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/17");
    
      script_cve_id(
        "CVE-2013-4348",
        "CVE-2013-4350",
        "CVE-2013-4387",
        "CVE-2013-4470",
        "CVE-2013-4511",
        "CVE-2013-4563",
        "CVE-2013-4579",
        "CVE-2013-4587",
        "CVE-2013-6367",
        "CVE-2013-6368",
        "CVE-2013-6376",
        "CVE-2013-6378",
        "CVE-2013-6380",
        "CVE-2013-6382",
        "CVE-2013-6383",
        "CVE-2013-6431",
        "CVE-2013-6763",
        "CVE-2013-7026",
        "CVE-2013-7027",
        "CVE-2013-7263",
        "CVE-2013-7264"
      );
      script_bugtraq_id(
        62405,
        62696,
        63359,
        63512,
        63536,
        63702,
        63707,
        63743,
        63886,
        63887,
        63888,
        63889,
        64013,
        64137,
        64270,
        64291,
        64312,
        64319,
        64328,
        64685,
        64686
      );
    
      script_name(english:"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1475)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization installation on the remote host is affected by
    the following vulnerabilities :
    
      - The skb_flow_dissect function in
        net/core/flow_dissector.c in the Linux kernel through
        3.12 allows remote attackers to cause a denial of
        service (infinite loop) via a small value in the IHL
        field of a packet with IPIP
        encapsulation.(CVE-2013-4348)
    
      - The IPv6 SCTP implementation in net/sctp/ipv6.c in the
        Linux kernel through 3.11.1 uses data structures and
        function calls that do not trigger an intended
        configuration of IPsec encryption, which allows remote
        attackers to obtain sensitive information by sniffing
        the network.(CVE-2013-4350)
    
      - net/ipv6/ip6_output.c in the Linux kernel through
        3.11.4 does not properly determine the need for UDP
        Fragmentation Offload (UFO) processing of small packets
        after the UFO queueing of a large packet, which allows
        remote attackers to cause a denial of service (memory
        corruption and system crash) or possibly have
        unspecified other impact via network traffic that
        triggers a large response packet.(CVE-2013-4387)
    
      - The Linux kernel before 3.12, when UDP Fragmentation
        Offload (UFO) is enabled, does not properly initialize
        certain data structures, which allows local users to
        cause a denial of service (memory corruption and system
        crash) or possibly gain privileges via a crafted
        application that uses the UDP_CORK option in a
        setsockopt system call and sends both short and long
        packets, related to the ip_ufo_append_data function in
        net/ipv4/ip_output.c and the ip6_ufo_append_data
        function in net/ipv6/ip6_output.c.(CVE-2013-4470)
    
      - Multiple integer overflows in Alchemy LCD frame-buffer
        drivers in the Linux kernel before 3.12 allow local
        users to create a read-write memory mapping for the
        entirety of kernel memory, and consequently gain
        privileges, via crafted mmap operations, related to the
        (1) au1100fb_fb_mmap function in
        drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap
        function in drivers/video/au1200fb.c.(CVE-2013-4511)
    
      - The udp6_ufo_fragment function in
        net/ipv6/udp_offload.c in the Linux kernel through
        3.12, when UDP Fragmentation Offload (UFO) is enabled,
        does not properly perform a certain size comparison
        before inserting a fragment header, which allows remote
        attackers to cause a denial of service (panic) via a
        large IPv6 UDP packet, as demonstrated by use of the
        Token Bucket Filter (TBF) queueing
        discipline.(CVE-2013-4563)
    
      - The ath9k_htc_set_bssid_mask function in
        drivers/net/wireless/ath/ath9k/htc_drv_main.c in the
        Linux kernel through 3.12 uses a BSSID masking approach
        to determine the set of MAC addresses on which a Wi-Fi
        device is listening, which allows remote attackers to
        discover the original MAC address after spoofing by
        sending a series of packets to MAC addresses with
        certain bit manipulations.(CVE-2013-4579)
    
      - Array index error in the kvm_vm_ioctl_create_vcpu
        function in virt/kvm/kvm_main.c in the KVM subsystem in
        the Linux kernel through 3.12.5 allows local users to
        gain privileges via a large id value.(CVE-2013-4587)
    
      - The apic_get_tmcct function in arch/x86/kvm/lapic.c in
        the KVM subsystem in the Linux kernel through 3.12.5
        allows guest OS users to cause a denial of service
        (divide-by-zero error and host OS crash) via crafted
        modifications of the TMICT value.(CVE-2013-6367)
    
      - The KVM subsystem in the Linux kernel through 3.12.5
        allows local users to gain privileges or cause a denial
        of service (system crash) via a VAPIC synchronization
        operation involving a page-end address.(CVE-2013-6368)
    
      - The recalculate_apic_map function in
        arch/x86/kvm/lapic.c in the KVM subsystem in the Linux
        kernel through 3.12.5 allows guest OS users to cause a
        denial of service (host OS crash) via a crafted ICR
        write operation in x2apic mode.(CVE-2013-6376)
    
      - The lbs_debugfs_write function in
        drivers/net/wireless/libertas/debugfs.c in the Linux
        kernel through 3.12.1 allows local users to cause a
        denial of service (OOPS) by leveraging root privileges
        for a zero-length write operation.(CVE-2013-6378)
    
      - The aac_send_raw_srb function in
        drivers/scsi/aacraid/commctrl.c in the Linux kernel
        through 3.12.1 does not properly validate a certain
        size value, which allows local users to cause a denial
        of service (invalid pointer dereference) or possibly
        have unspecified other impact via an
        FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted
        SRB command.(CVE-2013-6380)
    
      - Multiple buffer underflows in the XFS implementation in
        the Linux kernel through 3.12.1 allow local users to
        cause a denial of service (memory corruption) or
        possibly have unspecified other impact by leveraging
        the CAP_SYS_ADMIN capability for a (1)
        XFS_IOC_ATTRLIST_BY_HANDLE or (2)
        XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted
        length value, related to the xfs_attrlist_by_handle
        function in fs/xfs/xfs_ioctl.c and the
        xfs_compat_attrlist_by_handle function in
        fs/xfs/xfs_ioctl32.c.(CVE-2013-6382)
    
      - The aac_compat_ioctl function in
        drivers/scsi/aacraid/linit.c in the Linux kernel before
        3.11.8 does not require the CAP_SYS_RAWIO capability,
        which allows local users to bypass intended access
        restrictions via a crafted ioctl call.(CVE-2013-6383)
    
      - The fib6_add function in net/ipv6/ip6_fib.c in the
        Linux kernel before 3.11.5 does not properly implement
        error-code encoding, which allows local users to cause
        a denial of service (NULL pointer dereference and
        system crash) by leveraging the CAP_NET_ADMIN
        capability for an IPv6 SIOCADDRT ioctl
        call.(CVE-2013-6431)
    
      - The uio_mmap_physical function in drivers/uio/uio.c in
        the Linux kernel before 3.12 does not validate the size
        of a memory block, which allows local users to cause a
        denial of service (memory corruption) or possibly gain
        privileges via crafted mmap operations, a different
        vulnerability than CVE-2013-4511.(CVE-2013-6763)
    
      - Multiple race conditions in ipc/shm.c in the Linux
        kernel before 3.12.2 allow local users to cause a
        denial of service (use-after-free and system crash) or
        possibly have unspecified other impact via a crafted
        application that uses shmctl IPC_RMID operations in
        conjunction with other shm system calls.(CVE-2013-7026)
    
      - The ieee80211_radiotap_iterator_init function in
        net/wireless/radiotap.c in the Linux kernel before
        3.11.7 does not check whether a frame contains any data
        outside of the header, which might allow attackers to
        cause a denial of service (buffer over-read) via a
        crafted header.(CVE-2013-7027)
    
      - The Linux kernel before 3.12.4 updates certain length
        values before ensuring that associated data structures
        have been initialized, which allows local users to
        obtain sensitive information from kernel stack memory
        via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system
        call, related to net/ipv4/ping.c, net/ipv4/raw.c,
        net/ipv4/udp.c, net/ipv6/raw.c, and
        net/ipv6/udp.c.(CVE-2013-7263)
    
      - The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in
        the Linux kernel before 3.12.4 updates a certain length
        value before ensuring that an associated data structure
        has been initialized, which allows local users to
        obtain sensitive information from kernel stack memory
        via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system
        call.(CVE-2013-7264)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1475
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?83a4c385");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/13");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-3.10.0-862.14.1.6_42",
            "kernel-devel-3.10.0-862.14.1.6_42",
            "kernel-headers-3.10.0-862.14.1.6_42",
            "kernel-tools-3.10.0-862.14.1.6_42",
            "kernel-tools-libs-3.10.0-862.14.1.6_42",
            "kernel-tools-libs-devel-3.10.0-862.14.1.6_42",
            "perf-3.10.0-862.14.1.6_42",
            "python-perf-3.10.0-862.14.1.6_42"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-23653.NASL
    descriptionThe 3.12.5 kernel contains support for new devices, and a number of bug fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-12-23
    plugin id71598
    published2013-12-23
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71598
    titleFedora 19 : kernel-3.12.5-200.fc19 (2013-23653)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2013-23653.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(71598);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-7263", "CVE-2013-7264", "CVE-2013-7265");
      script_bugtraq_id(64270, 64291, 64319, 64328);
      script_xref(name:"FEDORA", value:"2013-23653");
    
      script_name(english:"Fedora 19 : kernel-3.12.5-200.fc19 (2013-23653)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The 3.12.5 kernel contains support for new devices, and a number of
    bug fixes across the tree.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1030986"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1032207"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1032210"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1033106"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1035875"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1039845"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124751.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?58f2f9f4"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2013/12/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC19", reference:"kernel-3.12.5-200.fc19")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-140116.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : - Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050). (CVE-2013-4587) - The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052). (CVE-2013-6368) - The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051). (CVE-2013-6367) - Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101). (CVE-2013-4592) - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559). (CVE-2013-6378) - Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029). (CVE-2013-4514) - The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034). (CVE-2013-4515) - The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634). (CVE-2013-7027) - The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321). (CVE-2013-4483) - Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021). (CVE-2013-4511) - The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373). (CVE-2013-6380) - Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name &amp; msg_namelen message header parameters. (bnc#854722). (CVE-2013-6463) - The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558). (CVE-2013-6383) - Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226). (CVE-2013-4345) Also the following non-security bugs have been fixed : - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops. (bnc#823618) - printk: forcibly flush nmi ringbuffer if oops is in progress. (bnc#849675) - blktrace: Send BLK_TN_PROCESS events to all running traces. (bnc#838623) - x86/dumpstack: Fix printk_address for direct addresses. (bnc#845621) - futex: fix handling of read-only-mapped hugepages (VM Functionality). - random: fix accounting race condition with lockless irq entropy_count update. (bnc#789359) - Provide realtime priority kthread and workqueue boot options. (bnc#836718) - sched: Fix several races in CFS_BANDWIDTH. (bnc#848336) - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining. (bnc#848336) - sched: Fix hrtimer_cancel()/rq->lock deadlock. (bnc#848336) - sched: Fix race on toggling cfs_bandwidth_used. (bnc#848336) - sched: Fix buglet in return_cfs_rq_runtime(). - sched: Guarantee new group-entities always have weight. (bnc#848336) - sched: Use jump labels to reduce overhead when bandwidth control is inactive. (bnc#848336) - watchdog: Get rid of MODULE_ALIAS_MISCDEV statements. (bnc#827767) - tcp: bind() fix autoselection to share ports. (bnc#823618) - tcp: bind() use stronger condition for bind_conflict. (bnc#823618) - tcp: ipv6: bind() use stronger condition for bind_conflict. (bnc#823618) - macvlan: disable LRO on lower device instead of macvlan. (bnc#846984) - macvlan: introduce IFF_MACVLAN flag and helper function. (bnc#846984) - macvlan: introduce macvlan_dev_real_dev() helper function. (bnc#846984) - xen: netback: bump tx queue length. (bnc#849404) - xen: xen_spin_kick fixed crash/lock release (bnc#807434)(bnc#848652). - xen: fixed USB passthrough issue. (bnc#852624) - netxen: fix off by one bug in netxen_release_tx_buffer(). (bnc#845729) - xfrm: invalidate dst on policy insertion/deletion. (bnc#842239) - xfrm: prevent ipcomp scratch buffer race condition. (bnc#842239) - crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). - crypto: gf128mul - fix call to memset() (obvious fix). - autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race. (bnc#851314) - autofs4: catatonic_mode vs. notify_daemon race. (bnc#851314) - autofs4: close the races around autofs4_notify_daemon(). (bnc#851314) - autofs4: deal with autofs4_write/autofs4_write races. (bnc#851314) - autofs4 - dont clear DCACHE_NEED_AUTOMOUNT on rootless mount. (bnc#851314) - autofs4 - fix deal with autofs4_write races. (bnc#851314) - autofs4 - use simple_empty() for empty directory check. (bnc#851314) - blkdev_max_block: make private to fs/buffer.c. (bnc#820338) - Avoid softlockup in shrink_dcache_for_umount_subtree. (bnc#834473) - dlm: set zero linger time on sctp socket. (bnc#787843) - SUNRPC: Fix a data corruption issue when retransmitting RPC calls. (bnc#855037) - nfs: Change NFSv4 to not recover locks after they are lost. (bnc#828236) - nfs: Adapt readdirplus to application usage patterns. (bnc#834708) - xfs: Account log unmount transaction correctly. (bnc#849950) - xfs: improve ioend error handling. (bnc#846036) - xfs: reduce ioend latency. (bnc#846036) - xfs: use per-filesystem I/O completion workqueues. (bnc#846036) - xfs: Hide additional entries in struct xfs_mount. (bnc#846036 / bnc#848544) - vfs: avoid
    last seen2020-06-05
    modified2014-01-28
    plugin id72163
    published2014-01-28
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72163
    titleSuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 8779 / 8791 / 8792)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(72163);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-4345", "CVE-2013-4483", "CVE-2013-4511", "CVE-2013-4514", "CVE-2013-4515", "CVE-2013-4587", "CVE-2013-4592", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6378", "CVE-2013-6380", "CVE-2013-6383", "CVE-2013-7027", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271");
    
      script_name(english:"SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 8779 / 8791 / 8792)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to
    3.0.101 and also includes various other bug and security fixes.
    
    A new feature was added :
    
      - supported.conf: marked net/netfilter/xt_set as supported
        (bnc#851066)(fate#313309) The following security bugs
        have been fixed :
    
      - Array index error in the kvm_vm_ioctl_create_vcpu
        function in virt/kvm/kvm_main.c in the KVM subsystem in
        the Linux kernel through 3.12.5 allows local users to
        gain privileges via a large id value. (bnc#853050).
        (CVE-2013-4587)
    
      - The KVM subsystem in the Linux kernel through 3.12.5
        allows local users to gain privileges or cause a denial
        of service (system crash) via a VAPIC synchronization
        operation involving a page-end address. (bnc#853052).
        (CVE-2013-6368)
    
      - The apic_get_tmcct function in arch/x86/kvm/lapic.c in
        the KVM subsystem in the Linux kernel through 3.12.5
        allows guest OS users to cause a denial of service
        (divide-by-zero error and host OS crash) via crafted
        modifications of the TMICT value. (bnc#853051).
        (CVE-2013-6367)
    
      - Memory leak in the __kvm_set_memory_region function in
        virt/kvm/kvm_main.c in the Linux kernel before 3.9
        allows local users to cause a denial of service (memory
        consumption) by leveraging certain device access to
        trigger movement of memory slots. (bnc#851101).
        (CVE-2013-4592)
    
      - The lbs_debugfs_write function in
        drivers/net/wireless/libertas/debugfs.c in the Linux
        kernel through 3.12.1 allows local users to cause a
        denial of service (OOPS) by leveraging root privileges
        for a zero-length write operation. (bnc#852559).
        (CVE-2013-6378)
    
      - Multiple buffer overflows in
        drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel
        before 3.12 allow local users to cause a denial of
        service or possibly have unspecified other impact by
        leveraging the CAP_NET_ADMIN capability and providing a
        long station-name string, related to the (1)
        wvlan_uil_put_info and (2) wvlan_set_station_nickname
        functions. (bnc#849029). (CVE-2013-4514)
    
      - The bcm_char_ioctl function in
        drivers/staging/bcm/Bcmchar.c in the Linux kernel before
        3.12 does not initialize a certain data structure, which
        allows local users to obtain sensitive information from
        kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO
        ioctl call. (bnc#849034). (CVE-2013-4515)
    
      - The ieee80211_radiotap_iterator_init function in
        net/wireless/radiotap.c in the Linux kernel before
        3.11.7 does not check whether a frame contains any data
        outside of the header, which might allow attackers to
        cause a denial of service (buffer over-read) via a
        crafted header. (bnc#854634). (CVE-2013-7027)
    
      - The ipc_rcu_putref function in ipc/util.c in the Linux
        kernel before 3.10 does not properly manage a reference
        count, which allows local users to cause a denial of
        service (memory consumption or system crash) via a
        crafted application. (bnc#848321). (CVE-2013-4483)
    
      - Multiple integer overflows in Alchemy LCD frame-buffer
        drivers in the Linux kernel before 3.12 allow local
        users to create a read-write memory mapping for the
        entirety of kernel memory, and consequently gain
        privileges, via crafted mmap operations, related to the
        (1) au1100fb_fb_mmap function in
        drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap
        function in drivers/video/au1200fb.c. (bnc#849021).
        (CVE-2013-4511)
    
      - The aac_send_raw_srb function in
        drivers/scsi/aacraid/commctrl.c in the Linux kernel
        through 3.12.1 does not properly validate a certain size
        value, which allows local users to cause a denial of
        service (invalid pointer dereference) or possibly have
        unspecified other impact via an FSACTL_SEND_RAW_SRB
        ioctl call that triggers a crafted SRB command.
        (bnc#852373). (CVE-2013-6380)
    
      - Linux kernel built with the networking
        support(CONFIG_NET) is vulnerable to an information
        leakage flaw in the socket layer. It could occur while
        doing recvmsg(2), recvfrom(2) socket calls. It occurs
        due to improperly initialised msg_name &amp; msg_namelen
        message header parameters. (bnc#854722). (CVE-2013-6463)
    
      - The aac_compat_ioctl function in
        drivers/scsi/aacraid/linit.c in the Linux kernel before
        3.11.8 does not require the CAP_SYS_RAWIO capability,
        which allows local users to bypass intended access
        restrictions via a crafted ioctl call. (bnc#852558).
        (CVE-2013-6383)
    
      - Off-by-one error in the get_prng_bytes function in
        crypto/ansi_cprng.c in the Linux kernel through 3.11.4
        makes it easier for context-dependent attackers to
        defeat cryptographic protection mechanisms via multiple
        requests for small amounts of data, leading to improper
        management of the state of the consumed data.
        (bnc#840226). (CVE-2013-4345)
    
    Also the following non-security bugs have been fixed :
    
      - kabi: protect bind_conflict callback in struct
        inet_connection_sock_af_ops. (bnc#823618)
    
      - printk: forcibly flush nmi ringbuffer if oops is in
        progress. (bnc#849675)
    
      - blktrace: Send BLK_TN_PROCESS events to all running
        traces. (bnc#838623)
    
      - x86/dumpstack: Fix printk_address for direct addresses.
        (bnc#845621)
    
      - futex: fix handling of read-only-mapped hugepages (VM
        Functionality).
    
      - random: fix accounting race condition with lockless irq
        entropy_count update. (bnc#789359)
    
      - Provide realtime priority kthread and workqueue boot
        options. (bnc#836718)
    
      - sched: Fix several races in CFS_BANDWIDTH. (bnc#848336)
    
      - sched: Fix cfs_bandwidth misuse of
        hrtimer_expires_remaining. (bnc#848336)
    
      - sched: Fix hrtimer_cancel()/rq->lock deadlock.
        (bnc#848336)
    
      - sched: Fix race on toggling cfs_bandwidth_used.
        (bnc#848336)
    
      - sched: Fix buglet in return_cfs_rq_runtime().
    
      - sched: Guarantee new group-entities always have weight.
        (bnc#848336)
    
      - sched: Use jump labels to reduce overhead when bandwidth
        control is inactive. (bnc#848336)
    
      - watchdog: Get rid of MODULE_ALIAS_MISCDEV statements.
        (bnc#827767)
    
      - tcp: bind() fix autoselection to share ports.
        (bnc#823618)
    
      - tcp: bind() use stronger condition for bind_conflict.
        (bnc#823618)
    
      - tcp: ipv6: bind() use stronger condition for
        bind_conflict. (bnc#823618)
    
      - macvlan: disable LRO on lower device instead of macvlan.
        (bnc#846984)
    
      - macvlan: introduce IFF_MACVLAN flag and helper function.
        (bnc#846984)
    
      - macvlan: introduce macvlan_dev_real_dev() helper
        function. (bnc#846984)
    
      - xen: netback: bump tx queue length. (bnc#849404)
    
      - xen: xen_spin_kick fixed crash/lock release
        (bnc#807434)(bnc#848652).
    
      - xen: fixed USB passthrough issue. (bnc#852624)
    
      - netxen: fix off by one bug in
        netxen_release_tx_buffer(). (bnc#845729)
    
      - xfrm: invalidate dst on policy insertion/deletion.
        (bnc#842239)
    
      - xfrm: prevent ipcomp scratch buffer race condition.
        (bnc#842239)
    
      - crypto: Fix aes-xts parameter corruption (bnc#854546,
        LTC#100718).
    
      - crypto: gf128mul - fix call to memset() (obvious fix).
    
      - autofs4: autofs4_wait() vs. autofs4_catatonic_mode()
        race. (bnc#851314)
    
      - autofs4: catatonic_mode vs. notify_daemon race.
        (bnc#851314)
    
      - autofs4: close the races around autofs4_notify_daemon().
        (bnc#851314)
    
      - autofs4: deal with autofs4_write/autofs4_write races.
        (bnc#851314)
    
      - autofs4 - dont clear DCACHE_NEED_AUTOMOUNT on rootless
        mount. (bnc#851314)
    
      - autofs4 - fix deal with autofs4_write races.
        (bnc#851314)
    
      - autofs4 - use simple_empty() for empty directory check.
        (bnc#851314)
    
      - blkdev_max_block: make private to fs/buffer.c.
        (bnc#820338)
    
      - Avoid softlockup in shrink_dcache_for_umount_subtree.
        (bnc#834473)
    
      - dlm: set zero linger time on sctp socket. (bnc#787843)
    
      - SUNRPC: Fix a data corruption issue when retransmitting
        RPC calls. (bnc#855037)
    
      - nfs: Change NFSv4 to not recover locks after they are
        lost. (bnc#828236)
    
      - nfs: Adapt readdirplus to application usage patterns.
        (bnc#834708)
    
      - xfs: Account log unmount transaction correctly.
        (bnc#849950)
    
      - xfs: improve ioend error handling. (bnc#846036)
    
      - xfs: reduce ioend latency. (bnc#846036)
    
      - xfs: use per-filesystem I/O completion workqueues.
        (bnc#846036)
    
      - xfs: Hide additional entries in struct xfs_mount.
        (bnc#846036 / bnc#848544)
    
      - vfs: avoid 'attempt to access beyond end of device'
        warnings. (bnc#820338)
    
      - vfs: fix O_DIRECT read past end of block device.
        (bnc#820338)
    
      - cifs: Improve performance of browsing directories with
        several files. (bnc#810323)
    
      - cifs: Ensure cifs directories do not show up as files.
        (bnc#826602)
    
      - sd: avoid deadlocks when running under multipath.
        (bnc#818545)
    
      - sd: fix crash when UA received on DIF enabled device.
        (bnc#841445)
    
      - sg: fix blk_get_queue usage. (bnc#834808)
    
      - block: factor out vector mergeable decision to a helper
        function. (bnc#769644)
    
      - block: modify __bio_add_page check to accept pages that
        do not start a new segment. (bnc#769644)
    
      - dm-multipath: abort all requests when failing a path.
        (bnc#798050)
    
      - scsi: Add 'eh_deadline' to limit SCSI EH runtime.
        (bnc#798050)
    
      - scsi: Allow error handling timeout to be specified.
        (bnc#798050)
    
      - scsi: Fixup compilation warning. (bnc#798050)
    
      - scsi: Retry failfast commands after EH. (bnc#798050)
    
      - scsi: Warn on invalid command completion. (bnc#798050)
    
      - scsi: kABI fixes. (bnc#798050)
    
      - scsi: remove check for 'resetting'. (bnc#798050)
    
      - advansys: Remove 'last_reset' references. (bnc#798050)
    
      - cleanup setting task state in scsi_error_handler().
        (bnc#798050)
    
      - dc395: Move 'last_reset' into internal host structure.
        (bnc#798050)
    
      - dpt_i2o: Remove DPTI_STATE_IOCTL. (bnc#798050)
    
      - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset.
        (bnc#798050)
    
      - tmscsim: Move 'last_reset' into host structure.
        (bnc#798050)
    
      - scsi_dh: invoke callback if ->activate is not present.
        (bnc#708296)
    
      - scsi_dh: return individual errors in scsi_dh_activate().
        (bnc#708296)
    
      - scsi_dh_alua: Decode EMC Clariion extended inquiry.
        (bnc#708296)
    
      - scsi_dh_alua: Decode HP EVA array identifier.
        (bnc#708296)
    
      - scsi_dh_alua: Evaluate state for all port groups.
        (bnc#708296)
    
      - scsi_dh_alua: Fix missing close brace in
        alua_check_sense. (bnc#843642)
    
      - scsi_dh_alua: Make stpg synchronous. (bnc#708296)
    
      - scsi_dh_alua: Pass buffer as function argument.
        (bnc#708296)
    
      - scsi_dh_alua: Re-evaluate port group states after STPG.
        (bnc#708296)
    
      - scsi_dh_alua: Recheck state on transitioning.
        (bnc#708296)
    
      - scsi_dh_alua: Rework rtpg workqueue. (bnc#708296)
    
      - scsi_dh_alua: Use separate alua_port_group structure.
        (bnc#708296)
    
      - scsi_dh_alua: Allow get_alua_data() to return NULL.
        (bnc#839407)
    
      - scsi_dh_alua: asynchronous RTPG. (bnc#708296)
    
      - scsi_dh_alua: correctly terminate target port strings.
        (bnc#708296)
    
      - scsi_dh_alua: defer I/O while workqueue item is pending.
        (bnc#708296)
    
      - scsi_dh_alua: Do not attach to RAID or enclosure
        devices. (bnc#819979)
    
      - scsi_dh_alua: Do not attach to well-known LUNs.
        (bnc#821980)
    
      - scsi_dh_alua: fine-grained locking in alua_rtpg_work().
        (bnc#708296)
    
      - scsi_dh_alua: invalid state information for 'optimized'
        paths. (bnc#843445)
    
      - scsi_dh_alua: move RTPG to workqueue. (bnc#708296)
    
      - scsi_dh_alua: move 'expiry' into PG structure.
        (bnc#708296)
    
      - scsi_dh_alua: move some sense code handling into generic
        code. (bnc#813245)
    
      - scsi_dh_alua: multipath failover fails with error 15.
        (bnc#825696)
    
      - scsi_dh_alua: parse target device id. (bnc#708296)
    
      - scsi_dh_alua: protect accesses to struct
        alua_port_group. (bnc#708296)
    
      - scsi_dh_alua: put sense buffer on stack. (bnc#708296)
    
      - scsi_dh_alua: reattaching device handler fails with
        'Error 15'. (bnc#843429)
    
      - scsi_dh_alua: remove locking when checking state.
        (bnc#708296)
    
      - scsi_dh_alua: remove stale variable. (bnc#708296)
    
      - scsi_dh_alua: retry RTPG on UNIT ATTENTION. (bnc#708296)
    
      - scsi_dh_alua: retry command on 'mode parameter changed'
        sense code. (bnc#843645)
    
      - scsi_dh_alua: simplify alua_check_sense(). (bnc#843642)
    
      - scsi_dh_alua: simplify state update. (bnc#708296)
    
      - scsi_dh_alua: use delayed_work. (bnc#708296)
    
      - scsi_dh_alua: use flag for RTPG extended header.
        (bnc#708296)
    
      - scsi_dh_alua: use local buffer for VPD inquiry.
        (bnc#708296)
    
      - scsi_dh_alua: use spin_lock_irqsave for port group.
        (bnc#708296)
    
      - lpfc: Do not free original IOCB whenever ABTS fails.
        (bnc#806988)
    
      - lpfc: Fix kernel warning on spinlock usage. (bnc#806988)
    
      - lpfc: Fixed system panic due to midlayer abort.
        (bnc#806988)
    
      - qla2xxx: Add module parameter to override the default
        request queue size. (bnc#826756)
    
      - qla2xxx: Module parameter 'ql2xasynclogin'. (bnc#825896)
    
      - bna: do not register ndo_set_rx_mode callback.
        (bnc#847261)
    
      - hv: handle more than just WS2008 in KVP negotiation.
        (bnc#850640)
    
      - drm: do not add inferred modes for monitors that do not
        support them. (bnc#849809)
    
      - pci/quirks: Modify reset method for Chelsio T4.
        (bnc#831168)
    
      - pci: fix truncation of resource size to 32 bits.
        (bnc#843419)
    
      - pci: pciehp: Retrieve link speed after link is trained.
        (bnc#820102)
    
      - pci: Separate pci_bus_read_dev_vendor_id from
        pci_scan_device. (bnc#820102)
    
      - pci: pciehp: replace unconditional sleep with config
        space access check. (bnc#820102)
    
      - pci: pciehp: make check_link_active more helpful.
        (bnc#820102)
    
      - pci: pciehp: Add pcie_wait_link_not_active().
        (bnc#820102)
    
      - pci: pciehp: Add Disable/enable link functions.
        (bnc#820102)
    
      - pci: pciehp: Disable/enable link during slot power
        off/on. (bnc#820102)
    
      - mlx4: allocate just enough pages instead of always 4
        pages. (bnc#835186 / bnc#835074)
    
      - mlx4: allow order-0 memory allocations in RX path.
        (bnc#835186 / bnc#835074)
    
      - net/mlx4: use one page fragment per incoming frame.
        (bnc#835186 / bnc#835074)
    
      - qeth: request length checking in snmp ioctl (bnc#849848,
        LTC#99511).
    
      - cio: add message for timeouts on internal I/O
        (bnc#837739,LTC#97047).
    
      - s390/cio: dont abort verification after missing irq
        (bnc#837739,LTC#97047).
    
      - s390/cio: skip broken paths (bnc#837739,LTC#97047).
    
      - s390/cio: export vpm via sysfs (bnc#837739,LTC#97047).
    
      - s390/cio: handle unknown pgroup state
        (bnc#837739,LTC#97047)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=708296"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=769644"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=787843"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=789359"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=798050"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=806988"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=807434"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=810323"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=813245"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=818545"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=819979"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=820102"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=820338"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=821980"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=823618"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=825696"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=825896"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=826602"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=826756"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=827767"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=828236"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=831168"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=834473"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=834708"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=834808"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=835074"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=835186"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=836718"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=837739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=838623"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=839407"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=840226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=841445"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=842239"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=843419"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=843429"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=843445"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=843642"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=843645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=845621"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=845729"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=846036"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=846984"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=847261"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=848321"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=848336"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=848544"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=848652"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=849021"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=849029"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=849034"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=849404"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=849675"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=849809"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=849848"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=849950"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=850640"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=851066"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=851101"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=851314"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=852373"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=852558"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=852559"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=852624"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=853050"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=853051"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=853052"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=854546"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=854634"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=854722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=855037"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4345.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4483.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4511.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4514.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4515.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4587.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-4592.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6367.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6368.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6378.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6380.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6383.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-6463.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-7027.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Apply SAT patch number 8779 / 8791 / 8792 as appropriate."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:xen-kmp-trace");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/01/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-base-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-devel-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-default-extra-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-base-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-pae-extra-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-source-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-syms-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-base-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-devel-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-trace-extra-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-base-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"kernel-xen-extra-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-default-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-pae-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-base-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-devel-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-default-extra-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-source-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-syms-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-base-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-devel-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-trace-extra-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"kernel-xen-extra-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-kmp-default-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
    if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-base-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-default-devel-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-source-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-syms-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-base-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, reference:"kernel-trace-devel-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-base-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-ec2-devel-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-base-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-base-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-default-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-pae-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"i586", reference:"xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"kernel-default-man-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-base-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-ec2-devel-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.7.15.1")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-kmp-default-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
    if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"xen-kmp-trace-4.1.6_04_3.0.101_0.7.15-0.5.12")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2128-1.NASL
    descriptionAn information leak was discovered in the Linux kernel when inotify is used to monitor the /dev/ptmx device. A local user could exploit this flaw to discover keystroke timing and potentially discover sensitive information like password length. (CVE-2013-0160) Vasily Kulikov reported a flaw in the Linux kernel
    last seen2020-03-18
    modified2014-03-06
    plugin id72857
    published2014-03-06
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72857
    titleUbuntu 10.04 LTS : linux vulnerabilities (USN-2128-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2136-1.NASL
    descriptionMathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported a flaw in the Linux Kernel
    last seen2020-03-18
    modified2014-03-10
    plugin id72899
    published2014-03-10
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72899
    titleUbuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2136-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2135-1.NASL
    descriptionMathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported a flaw in the Linux Kernel
    last seen2020-03-18
    modified2014-03-10
    plugin id72898
    published2014-03-10
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72898
    titleUbuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2135-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-140124.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : - Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050). (CVE-2013-4587) - Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101). (CVE-2013-4592) - The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051). (CVE-2013-6367) - The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052). (CVE-2013-6368) - The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (bnc#853053). (CVE-2013-6376) - The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321). (CVE-2013-4483) - Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021). (CVE-2013-4511) - Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029). (CVE-2013-4514) - The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034). (CVE-2013-4515) - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559). (CVE-2013-6378) - The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373). (CVE-2013-6380) - The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634). (CVE-2013-7027) - Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name &amp; msg_namelen message header parameters. (bnc#854722). (CVE-2013-6463) - The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558). (CVE-2013-6383) - Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226). (CVE-2013-4345) - arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (bnc#825006). (CVE-2013-2146) - The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (bnc#849362). (CVE-2013-2930) Also the following non-security bugs have been fixed : - kernel: correct tlb flush on page table upgrade (bnc#847660, LTC#99268). - kernel: fix floating-point-control register save and restore (bnc#847660, LTC#99000). - kernel: correct handling of asce-type exceptions (bnc#851879, LTC#100293). - watchdog: Get rid of MODULE_ALIAS_MISCDEV statements. (bnc#827767) - random: fix accounting race condition with lockless irq entropy_count update. (bnc#789359) - blktrace: Send BLK_TN_PROCESS events to all running traces. (bnc#838623) - printk: forcibly flush nmi ringbuffer if oops is in progress. (bnc#849675) - Introduce KABI exception for cpuidle_state->disable via #ifndef __GENKSYMS__ - Honor state disabling in the cpuidle ladder governor. (bnc#845378) - cpuidle: add a sysfs entry to disable specific C state for debug purpose. (bnc#845378) - net: Do not enable tx-nocache-copy by default. (bnc#845378) - mm: reschedule to avoid RCU stall triggering during boot of large machines. (bnc#820434,bnc#852153) - rtc-cmos: Add an alarm disable quirk. (bnc#805740) - tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973, LTC#97595). - tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973, LTC#97595). - sched: Avoid throttle_cfs_rq() racing with period_timer stopping. (bnc#848336) - sched/balancing: Periodically decay max cost of idle balance. (bnc#849256) - sched: Consider max cost of idle balance per sched domain. (bnc#849256) - sched: Reduce overestimating rq->avg_idle. (bnc#849256) - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining. (bnc#848336) - sched: Fix hrtimer_cancel()/rq->lock deadlock. (bnc#848336) - sched: Fix race on toggling cfs_bandwidth_used. (bnc#848336) - sched: Guarantee new group-entities always have weight. (bnc#848336) - sched: Use jump labels to reduce overhead when bandwidth control is inactive. (bnc#848336) - sched: Fix several races in CFS_BANDWIDTH. (bnc#848336) - futex: fix handling of read-only-mapped hugepages (VM Functionality). - futex: move user address verification up to common code. (bnc#851603) - futexes: Clean up various details. (bnc#851603) - futexes: Increase hash table size for better performance. (bnc#851603) - futexes: Document multiprocessor ordering guarantees. (bnc#851603) - futexes: Avoid taking the hb->lock if there is nothing to wake up. (bnc#851603) - futexes: Fix futex_hashsize initialization. (bnc#851603) - mutex: Make more scalable by doing fewer atomic operations. (bnc#849256) - powerpc: Fix memory hotplug with sparse vmemmap. (bnc#827527) - powerpc: Add System RAM to /proc/iomem. (bnc#827527) - powerpc/mm: Mark Memory Resources as busy. (bnc#827527) - powerpc: Fix fatal SLB miss when restoring PPR. (bnc#853465) - powerpc: Make function that parses RTAS error logs global. (bnc#852761) - powerpc/pseries: Parse and handle EPOW interrupts. (bnc#852761) - powerpc/rtas_flash: Fix validate_flash buffer overflow issue. (bnc#847842) - powerpc/rtas_flash: Fix bad memory access. (bnc#847842) - x86: Update UV3 hub revision ID (bnc#846298 fate#314987). - x86: Remove some noise from boot log when starting cpus. (bnc#770541) - x86/microcode/amd: Tone down printk(), do not treat a missing firmware file as an error. (bnc#843654) - x86/dumpstack: Fix printk_address for direct addresses. (bnc#845621) - x86/PCI: reduce severity of host bridge window conflict warnings. (bnc#858534) - ipv6: fix race condition regarding dst->expires and dst->from. (bnc#843185) - netback: bump tx queue length. (bnc#849404) - xfrm: invalidate dst on policy insertion/deletion. (bnc#842239) - xfrm: prevent ipcomp scratch buffer race condition. (bnc#842239) - tcp: bind() fix autoselection to share ports. (bnc#823618) - tcp: bind() use stronger condition for bind_conflict. (bnc#823618) - tcp: ipv6: bind() use stronger condition for bind_conflict. (bnc#823618) - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops. (bnc#823618) - macvlan: introduce IFF_MACVLAN flag and helper function. (bnc#846984) - macvlan: introduce macvlan_dev_real_dev() helper function. (bnc#846984) - macvlan: disable LRO on lower device instead of macvlan. (bnc#846984) - fs: Avoid softlockup in shrink_dcache_for_umount_subtree. (bnc#834473) - blkdev_max_block: make private to fs/buffer.c. (bnc#820338) - storage: SMI Corporation usb key added to READ_CAPACITY_10 quirk. (bnc#850324) - autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race. (bnc#851314) - autofs4: catatonic_mode vs. notify_daemon race. (bnc#851314) - autofs4: close the races around autofs4_notify_daemon(). (bnc#851314) - autofs4: deal with autofs4_write/autofs4_write races. (bnc#851314) - autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless mount. (bnc#851314) - autofs4: fix deal with autofs4_write races. (bnc#851314) - autofs4: use simple_empty() for empty directory check. (bnc#851314) - dlm: set zero linger time on sctp socket. (bnc#787843) - SUNRPC: Fix a data corruption issue when retransmitting RPC calls (no bugzilla yet - netapp confirms problem and fix). - nfs: Change NFSv4 to not recover locks after they are lost. (bnc#828236) - nfs: Adapt readdirplus to application usage patterns. (bnc#834708) - xfs: Account log unmount transaction correctly. (bnc#849950) - xfs: improve ioend error handling. (bnc#846036) - xfs: reduce ioend latency. (bnc#846036) - xfs: use per-filesystem I/O completion workqueues. (bnc#846036) - xfs: Hide additional entries in struct xfs_mount. (bnc#846036 / bnc#848544) - Btrfs: do not BUG_ON() if we get an error walking backrefs (FATE#312888). - vfs: avoid
    last seen2020-06-05
    modified2014-02-05
    plugin id72324
    published2014-02-05
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72324
    titleSuSE 11.3 Security Update : Linux kernel (SAT Patch Number 8826)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-114.NASL
    descriptionThe Linux Kernel was updated to version 3.11.10, fixing security issues and bugs : - floppy: bail out in open() if drive is not responding to block0 read (bnc#773058). - compat_sys_recvmmsg X32 fix (bnc#860993 CVE-2014-0038). - HID: usbhid: fix sis quirk (bnc#859804). - hwmon: (coretemp) Fix truncated name of alarm attributes - HID: usbhid: quirk for Synaptics Quad HD touchscreen (bnc#859804). - HID: usbhid: quirk for Synaptics HD touchscreen (bnc#859804). - HID: usbhid: merge the sis quirk (bnc#859804). - HID: hid-multitouch: add support for SiS panels (bnc#859804). - HID: usbhid: quirk for SiS Touchscreen (bnc#859804). - HID: usbhid: quirk for Synaptics Large Touchccreen (bnc#859804). - drivers: net: cpsw: fix dt probe for one port ethernet. - drivers: net: cpsw: fix for cpsw crash when build as modules. - dma: edma: Remove limits on number of slots. - dma: edma: Leave linked to Null slot instead of DUMMY slot. - dma: edma: Find missed events and issue them. - dma: edma: Write out and handle MAX_NR_SG at a given time. - dma: edma: Setup parameters to DMA MAX_NR_SG at a time. - ARM: edma: Add function to manually trigger an EDMA channel. - ARM: edma: Fix clearing of unused list for DT DMA resources. - ACPI: Add Toshiba NB100 to Vista _OSI blacklist. - ACPI: add missing win8 OSI comment to blacklist (bnc#856294). - ACPI: update win8 OSI blacklist. - ACPI: blacklist win8 OSI for buggy laptops. - ACPI: blacklist win8 OSI for ASUS Zenbook Prime UX31A (bnc#856294). - ACPI: Blacklist Win8 OSI for some HP laptop 2013 models (bnc#856294). - floppy: bail out in open() if drive is not responding to block0 read (bnc#773058). - ping: prevent NULL pointer dereference on write to msg_name (bnc#854175 CVE-2013-6432). - x86/dumpstack: Fix printk_address for direct addresses (bnc#845621). - Refresh patches.suse/stack-unwind. - Refresh patches.xen/xen-x86_64-dump-user-pgt. - KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368) (bnc#853052 CVE-2013-6368). - KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376) (bnc#853053 CVE-2013-6376). - Build the KOTD against openSUSE:13.1:Update - xencons: generalize use of add_preferred_console() (bnc#733022, bnc#852652). - Update Xen patches to 3.11.10. - Rename patches.xen/xen-pcpu-hotplug to patches.xen/xen-pcpu. - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (bnc#853051 CVE-2013-6367). - KVM: Improve create VCPU parameter (CVE-2013-4587) (bnc#853050 CVE-2013-4587). - ipv6: fix headroom calculation in udp6_ufo_fragment (bnc#848042 CVE-2013-4563). - net: rework recvmsg handler msg_name and msg_namelen logic (bnc#854722). - patches.drivers/gpio-ucb1400-add-module_alias.patch: Update upstream reference - patches.drivers/gpio-ucb1400-can-be-built-as-a-module.pa tch: Update upstream reference - Delete patches.suse/ida-remove-warning-dump-stack.patch. Already included in kernel 3.11 (WARN calls dump_stack.) - xhci: Limit the spurious wakeup fix only to HP machines (bnc#852931). - iscsi_target: race condition on shutdown (bnc#850072). - Linux 3.11.10. - Refresh patches.xen/xen3-patch-2.6.29. - Delete patches.suse/btrfs-relocate-csums-properly-with-prealloc -extents.patch. - patches.drivers/xhci-Fix-spurious-wakeups-after-S5-on-Ha swell.patch: (bnc#852931). - Build mei and mei_me as modules (bnc#852656) - Linux 3.11.9. - Linux 3.11.8 (CVE-2013-4511 bnc#846529 bnc#849021). - Delete patches.drivers/ALSA-hda-Add-a-fixup-for-ASUS-N76VZ. - Delete patches.fixes/Fix-a-few-incorrectly-checked-io_-remap_pf n_range-ca.patch. - Add USB PHY support (needed to get USB and Ethernet working on beagle and panda boards) Add CONFIG_PINCTRL_SINGLE=y to be able to use Device tree (at least for beagle and panda boards) Add ARM SoC sound support Add SPI bus support Add user-space access to I2C and SPI - patches.arch/iommu-vt-d-remove-stack-trace-from-broken-i rq-remapping-warning.patch: Fix forward porting, sorry. - iommu: Remove stack trace from broken irq remapping warning (bnc#844513). - gpio: ucb1400: Add MODULE_ALIAS. - Allow NFSv4 username mapping to work properly (bnc#838024). - nfs: check if gssd is running before attempting to use krb5i auth in SETCLIENTID call. - sunrpc: replace sunrpc_net->gssd_running flag with a more reliable check. - sunrpc: create a new dummy pipe for gssd to hold open. - Set CONFIG_GPIO_TWL4030 as built-in (instead of module) as a requirement to boot on SD card on beagleboard xM - armv6hl, armv7hl: Update config files. Set CONFIG_BATMAN_ADV_BLA=y as all other kernel configuration files have. - Update config files : - CONFIG_BATMAN_ADV_NC=y, because other BATMAN_ADV options are all enabled so why not this one. - CONFIG_GPIO_SCH=m, CONFIG_GPIO_PCH=m, because we support all other features of these pieces of hardware. - CONFIG_INTEL_POWERCLAMP=m, because this small driver might be useful in specific cases, and there
    last seen2020-06-05
    modified2014-06-13
    plugin id75252
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75252
    titleopenSUSE Security Update : kernel (openSUSE-SU-2014:0205-1)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0057.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id99163
    published2017-04-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99163
    titleOracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2138-1.NASL
    descriptionMathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported a flaw in the Linux Kernel
    last seen2020-03-18
    modified2014-03-10
    plugin id72901
    published2014-03-10
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72901
    titleUbuntu 12.10 : linux vulnerabilities (USN-2138-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2109-1.NASL
    descriptionVasily Kulikov reported a flaw in the Linux kernel
    last seen2020-03-18
    modified2014-02-19
    plugin id72573
    published2014-02-19
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72573
    titleUbuntu 12.04 LTS : linux vulnerabilities (USN-2109-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-001.NASL
    descriptionMultiple vulnerabilities has been found and corrected in the Linux kernel : The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address (CVE-2013-6368). The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value (CVE-2013-6367). Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c (CVE-2013-6382). Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value (CVE-2013-4587). The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call (CVE-2013-7266). The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call (CVE-2013-7267). The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call (CVE-2013-7268). The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call (CVE-2013-7269). The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call (CVE-2013-7270). The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call (CVE-2013-7271). The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c (CVE-2013-7263). The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call (CVE-2013-7264). The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call (CVE-2013-7265). The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call (CVE-2013-7281). The updated packages provides a solution for these security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id71936
    published2014-01-14
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71936
    titleMandriva Linux Security Advisory : kernel (MDVSA-2014:001)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2013-23445.NASL
    descriptionThe 3.12.5 kernel contains support for new devices, and a number of bug fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2013-12-23
    plugin id71593
    published2013-12-23
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71593
    titleFedora 20 : kernel-3.12.5-302.fc20 (2013-23445)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0004_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID. (CVE-2013-2888) - drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap- based out-of-bounds write) via a crafted device. (CVE-2013-2889) - drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap- based out-of-bounds write) via a crafted device. (CVE-2013-2892) - The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (CVE-2013-2930) - Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service (OOPS and system crash) via vectors involving powering on a virtual machine. (CVE-2013-4127) - The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. (CVE-2013-4162) - The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. (CVE-2013-4163) - Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call. (CVE-2013-4343) - The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation. (CVE-2013-4348) - The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network. (CVE-2013-4350) - net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet. (CVE-2013-4387) - The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline. (CVE-2013-4563) - The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. (CVE-2013-4579) - Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (CVE-2013-4587) - The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (CVE-2013-6367) - The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (CVE-2013-6368) - The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (CVE-2013-6376) - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (CVE-2013-6378) - The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (CVE-2013-6380) - Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. (CVE-2013-6382) - Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted application that uses shmctl IPC_RMID operations in conjunction with other shm system calls. (CVE-2013-7026) - The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (CVE-2013-7266) - The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (CVE-2013-7267) - The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (CVE-2013-7268) - The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (CVE-2013-7269) - The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (CVE-2013-7270) - The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (CVE-2013-7271) - Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancel_work_item data. (CVE-2014-0049) - The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors. (CVE-2014-0055) - The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. (CVE-2014-0069) - drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. (CVE-2014-0077) - Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service (use-after-free error) or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system with a heavy CPU load. (CVE-2014-0100) - A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system. (CVE-2014-0101) - The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands. (CVE-2014-0102) - Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. (CVE-2014-0131) - The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced. (CVE-2014-0155) - The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application. (CVE-2014-1438) - The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature. (CVE-2014-1690) - The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. (CVE-2014-2309) - net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. (CVE-2014-2523) - It was found that the try_to_unmap_cluster() function in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id127146
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127146
    titleNewStart CGSL MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0004)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2906.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-0343 George Kargiotakis reported an issue in the temporary address handling of the IPv6 privacy extensions. Users on the same LAN can cause a denial of service or obtain access to sensitive information by sending router advertisement messages that cause temporary address generation to be disabled. - CVE-2013-2147 Dan Carpenter reported issues in the cpqarray driver for Compaq Smart2 Controllers and the cciss driver for HP Smart Array controllers allowing users to gain access to sensitive kernel memory. - CVE-2013-2889 Kees Cook discovered missing input sanitization in the HID driver for Zeroplus game pads that could lead to a local denial of service. - CVE-2013-2893 Kees Cook discovered that missing input sanitization in the HID driver for various Logitech force feedback devices could lead to a local denial of service. - CVE-2013-2929 Vasily Kulikov discovered that a flaw in the get_dumpable() function of the ptrace subsytsem could lead to information disclosure. Only systems with the fs.suid_dumpable sysctl set to a non-default value of
    last seen2020-03-17
    modified2014-04-27
    plugin id73713
    published2014-04-27
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73713
    titleDebian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2014-0287-1.NASL
    descriptionThis is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update to fix a lot of security issues and non-security bugs. The following security bugs have been fixed : CVE-2011-3593: A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames. (bnc#735347) CVE-2012-1601: The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. (bnc#754898) CVE-2012-2137: Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function. (bnc#767612) CVE-2012-2372: The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interfaces own IP address, as demonstrated by rds-ping. (bnc#767610) CVE-2012-2745: The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call. (bnc#770695) CVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083. (bnc#769896) CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. (bnc#774523) CVE-2012-3430: The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. (bnc#773383) CVE-2012-3511: Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call. (bnc#776885) CVE-2012-4444: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. (bnc#789831) CVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#786013) CVE-2012-4565: The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats. (bnc#787576) CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. (bnc#809889) CVE-2012-6538: The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. (bnc#809889) CVE-2012-6539: The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809891) CVE-2012-6540: The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809892) CVE-2012-6541: The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809893) CVE-2012-6542: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. (bnc#809894) CVE-2012-6544: The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. (bnc#809898) CVE-2012-6545: The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. (bnc#809899) CVE-2012-6546: The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809900) CVE-2012-6547: The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809901) CVE-2012-6548: The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (bnc#809902) CVE-2012-6549: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (bnc#809903) CVE-2013-0160: The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. (bnc#797175) CVE-2013-0216: The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. (bnc#800280)(XSA-39) CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third-party information. (bnc#801178)(XSA-43) CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. (bnc#802642) CVE-2013-0310: The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call. (bnc#804653) CVE-2013-0343: The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages. (bnc#805226) CVE-2013-0349: The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call. (bnc#805227) CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. (bnc#804154) CVE-2013-0914: The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. (bnc#808827) CVE-2013-1767: Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. (bnc#806138) CVE-2013-1773: Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. (bnc#806977) CVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. (bnc#806976) CVE-2013-1792: Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads. (bnc#808358) CVE-2013-1796: The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. (bnc#806980) CVE-2013-1797: Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. (bnc#806980) CVE-2013-1798: The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. (bnc#806980) CVE-2013-1827: net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. (bnc#811354) CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. (bnc#813735) CVE-2013-1943: The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guests physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c. (bnc#828012) CVE-2013-2015: The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test. (bnc#817377) CVE-2013-2141: The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. (bnc#823267) CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. (bnc#823260) CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. (bnc#824295) CVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. (bnc#827750) CVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. (bnc#827749) CVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. (bnc#828119) CVE-2013-2634: net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#810473) CVE-2013-2851: Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. (bnc#822575) CVE-2013-2852: Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. (bnc#822579) CVE-2013-2888: Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID. (bnc#835839) CVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839) CVE-2013-2892: drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839) CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. (bnc#835839) CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. (bnc#835839) CVE-2013-2929: The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. (bnc#847652) CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3235: net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) CVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. (bnc#847672) CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) CVE-2013-4588: Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function. (bnc#851095) CVE-2013-4591: Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a getxattr system call for the system.nfs4_acl extended attribute of a pathname on an NFSv4 filesystem. (bnc#851103) CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) CVE-2014-1444: The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869) CVE-2014-1445: The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. (bnc#858870) CVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. (bnc#858872) Also the following non-security bugs have been fixed : - x86: Clear HPET configuration registers on startup (bnc#748896). - sched: fix divide by zero in task_utime() (bnc#761774). - sched: Fix pick_next_highest_task_rt() for cgroups (bnc#760596). - mm: hugetlbfs: Close race during teardown of hugetlbfs shared page tables. - mm: hugetlbfs: Correctly detect if page tables have just been shared. (Fix bad PMD message displayed while using hugetlbfs (bnc#762366)). - cpumask: Partition_sched_domains takes array of cpumask_var_t (bnc#812364). - cpumask: Simplify sched_rt.c (bnc#812364). - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). - memcg: fix init_section_page_cgroup pfn alignment (bnc#835481). - tty: fix up atime/mtime mess, take three (bnc#797175). - tty: fix atime/mtime regression (bnc#815745). - ptrace: ptrace_resume() should not wake up !TASK_TRACED thread (bnc#804154). - kbuild: Fix gcc -x syntax (bnc#773831). - ftrace: Disable function tracing during suspend/resume and hibernation, again (bnc#768668). proc: fix pagemap_read() error case (bnc#787573). net: Upgrade device features irrespective of mask (bnc#715250). - tcp: bind() fix autoselection to share ports (bnc#823618). - tcp: bind() use stronger condition for bind_conflict (bnc#823618). - tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). - netfilter: use RCU safe kfree for conntrack extensions (bnc#827416). - netfilter: prevent race condition breaking net reference counting (bnc#835094). - netfilter: send ICMPv6 message on fragment reassembly timeout (bnc#773577). - netfilter: fix sending ICMPv6 on netfilter reassembly timeout (bnc#773577). - tcp_cubic: limit delayed_ack ratio to prevent divide error (bnc#810045). bonding: in balance-rr mode, set curr_active_slave only if it is up (bnc#789648). scsi: Add
    last seen2020-06-05
    modified2015-05-20
    plugin id83611
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83611
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2014:0287-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-140125.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : - Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050). (CVE-2013-4587) - Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101). (CVE-2013-4592) - The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051). (CVE-2013-6367) - The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052). (CVE-2013-6368) - The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (bnc#853053). (CVE-2013-6376) - The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321). (CVE-2013-4483) - Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021). (CVE-2013-4511) - Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029). (CVE-2013-4514) - The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034). (CVE-2013-4515) - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559). (CVE-2013-6378) - The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373). (CVE-2013-6380) - The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634). (CVE-2013-7027) - Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name &amp; msg_namelen message header parameters. (bnc#854722). (CVE-2013-6463) - The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558). (CVE-2013-6383) - Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226). (CVE-2013-4345) - arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (bnc#825006). (CVE-2013-2146) - The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (bnc#849362). (CVE-2013-2930) Also the following non-security bugs have been fixed : - kernel: correct tlb flush on page table upgrade (bnc#847660, LTC#99268). - kernel: fix floating-point-control register save and restore (bnc#847660, LTC#99000). - kernel: correct handling of asce-type exceptions (bnc#851879, LTC#100293). - watchdog: Get rid of MODULE_ALIAS_MISCDEV statements. (bnc#827767) - random: fix accounting race condition with lockless irq entropy_count update. (bnc#789359) - blktrace: Send BLK_TN_PROCESS events to all running traces. (bnc#838623) - printk: forcibly flush nmi ringbuffer if oops is in progress. (bnc#849675) - Introduce KABI exception for cpuidle_state->disable via #ifndef __GENKSYMS__ - Honor state disabling in the cpuidle ladder governor. (bnc#845378) - cpuidle: add a sysfs entry to disable specific C state for debug purpose. (bnc#845378) - net: Do not enable tx-nocache-copy by default. (bnc#845378) - mm: reschedule to avoid RCU stall triggering during boot of large machines. (bnc#820434,bnc#852153) - rtc-cmos: Add an alarm disable quirk. (bnc#805740) - tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973, LTC#97595). - tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973, LTC#97595). - sched: Avoid throttle_cfs_rq() racing with period_timer stopping. (bnc#848336) - sched/balancing: Periodically decay max cost of idle balance. (bnc#849256) - sched: Consider max cost of idle balance per sched domain. (bnc#849256) - sched: Reduce overestimating rq->avg_idle. (bnc#849256) - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining. (bnc#848336) - sched: Fix hrtimer_cancel()/rq->lock deadlock. (bnc#848336) - sched: Fix race on toggling cfs_bandwidth_used. (bnc#848336) - sched: Guarantee new group-entities always have weight. (bnc#848336) - sched: Use jump labels to reduce overhead when bandwidth control is inactive. (bnc#848336) - sched: Fix several races in CFS_BANDWIDTH. (bnc#848336) - futex: fix handling of read-only-mapped hugepages (VM Functionality). - futex: move user address verification up to common code. (bnc#851603) - futexes: Clean up various details. (bnc#851603) - futexes: Increase hash table size for better performance. (bnc#851603) - futexes: Document multiprocessor ordering guarantees. (bnc#851603) - futexes: Avoid taking the hb->lock if there is nothing to wake up. (bnc#851603) - futexes: Fix futex_hashsize initialization. (bnc#851603) - mutex: Make more scalable by doing fewer atomic operations. (bnc#849256) - powerpc: Fix memory hotplug with sparse vmemmap. (bnc#827527) - powerpc: Add System RAM to /proc/iomem. (bnc#827527) - powerpc/mm: Mark Memory Resources as busy. (bnc#827527) - powerpc: Fix fatal SLB miss when restoring PPR. (bnc#853465) - powerpc: Make function that parses RTAS error logs global. (bnc#852761) - powerpc/pseries: Parse and handle EPOW interrupts. (bnc#852761) - powerpc/rtas_flash: Fix validate_flash buffer overflow issue. (bnc#847842) - powerpc/rtas_flash: Fix bad memory access. (bnc#847842) - x86: Update UV3 hub revision ID (bnc#846298 fate#314987). - x86: Remove some noise from boot log when starting cpus. (bnc#770541) - x86/microcode/amd: Tone down printk(), do not treat a missing firmware file as an error. (bnc#843654) - x86/dumpstack: Fix printk_address for direct addresses. (bnc#845621) - x86/PCI: reduce severity of host bridge window conflict warnings. (bnc#858534) - ipv6: fix race condition regarding dst->expires and dst->from. (bnc#843185) - netback: bump tx queue length. (bnc#849404) - xfrm: invalidate dst on policy insertion/deletion. (bnc#842239) - xfrm: prevent ipcomp scratch buffer race condition. (bnc#842239) - tcp: bind() fix autoselection to share ports. (bnc#823618) - tcp: bind() use stronger condition for bind_conflict. (bnc#823618) - tcp: ipv6: bind() use stronger condition for bind_conflict. (bnc#823618) - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops. (bnc#823618) - macvlan: introduce IFF_MACVLAN flag and helper function. (bnc#846984) - macvlan: introduce macvlan_dev_real_dev() helper function. (bnc#846984) - macvlan: disable LRO on lower device instead of macvlan. (bnc#846984) - fs: Avoid softlockup in shrink_dcache_for_umount_subtree. (bnc#834473) - blkdev_max_block: make private to fs/buffer.c. (bnc#820338) - storage: SMI Corporation usb key added to READ_CAPACITY_10 quirk. (bnc#850324) - autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race. (bnc#851314) - autofs4: catatonic_mode vs. notify_daemon race. (bnc#851314) - autofs4: close the races around autofs4_notify_daemon(). (bnc#851314) - autofs4: deal with autofs4_write/autofs4_write races. (bnc#851314) - autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless mount. (bnc#851314) - autofs4: fix deal with autofs4_write races. (bnc#851314) - autofs4: use simple_empty() for empty directory check. (bnc#851314) - dlm: set zero linger time on sctp socket. (bnc#787843) - SUNRPC: Fix a data corruption issue when retransmitting RPC calls (no bugzilla yet - netapp confirms problem and fix). - nfs: Change NFSv4 to not recover locks after they are lost. (bnc#828236) - nfs: Adapt readdirplus to application usage patterns. (bnc#834708) - xfs: Account log unmount transaction correctly. (bnc#849950) - xfs: improve ioend error handling. (bnc#846036) - xfs: reduce ioend latency. (bnc#846036) - xfs: use per-filesystem I/O completion workqueues. (bnc#846036) - xfs: Hide additional entries in struct xfs_mount. (bnc#846036 / bnc#848544) - Btrfs: do not BUG_ON() if we get an error walking backrefs (FATE#312888). - vfs: avoid
    last seen2020-06-05
    modified2014-02-05
    plugin id72325
    published2014-02-05
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/72325
    titleSuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 8823 / 8827)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1508.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write request, as demonstrated by a voice_svc_send_req buffer overflow.(CVE-2016-5343i1/4%0 - A use-after-free flaw was found in the way the Linux kernel
    last seen2020-03-19
    modified2019-05-21
    plugin id125301
    published2019-05-21
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125301
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1508)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2014-0140-1.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) CVE-2013-4592: Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101) CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) CVE-2013-4514: Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029) CVE-2013-4515: The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034) CVE-2013-7027: The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634) CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) CVE-2013-6380: The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373) CVE-2013-6463: Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722) CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) Also the following non-security bugs have been fixed : - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). - printk: forcibly flush nmi ringbuffer if oops is in progress (bnc#849675). - blktrace: Send BLK_TN_PROCESS events to all running traces (bnc#838623). - x86/dumpstack: Fix printk_address for direct addresses (bnc#845621). - futex: fix handling of read-only-mapped hugepages (VM Functionality). - random: fix accounting race condition with lockless irq entropy_count update (bnc#789359). - Provide realtime priority kthread and workqueue boot options (bnc#836718). - sched: Fix several races in CFS_BANDWIDTH (bnc#848336). - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining (bnc#848336). - sched: Fix hrtimer_cancel()/rq->lock deadlock (bnc#848336). - sched: Fix race on toggling cfs_bandwidth_used (bnc#848336). - sched: Fix buglet in return_cfs_rq_runtime(). - sched: Guarantee new group-entities always have weight (bnc#848336). - sched: Use jump labels to reduce overhead when bandwidth control is inactive (bnc#848336). watchdog: Get rid of MODULE_ALIAS_MISCDEV statements (bnc#827767). tcp: bind() fix autoselection to share ports (bnc#823618). - tcp: bind() use stronger condition for bind_conflict (bnc#823618). - tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). - macvlan: disable LRO on lower device instead of macvlan (bnc#846984). - macvlan: introduce IFF_MACVLAN flag and helper function (bnc#846984). - macvlan: introduce macvlan_dev_real_dev() helper function (bnc#846984). - xen: netback: bump tx queue length (bnc#849404). - xen: xen_spin_kick fixed crash/lock release (bnc#807434)(bnc#848652). - xen: fixed USB passthrough issue (bnc#852624). - netxen: fix off by one bug in netxen_release_tx_buffer() (bnc#845729). - xfrm: invalidate dst on policy insertion/deletion (bnc#842239). xfrm: prevent ipcomp scratch buffer race condition (bnc#842239). crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). crypto: gf128mul - fix call to memset() (obvious fix). autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race (bnc#851314). - autofs4: catatonic_mode vs. notify_daemon race (bnc#851314). - autofs4: close the races around autofs4_notify_daemon() (bnc#851314). - autofs4: deal with autofs4_write/autofs4_write races (bnc#851314). - autofs4 - dont clear DCACHE_NEED_AUTOMOUNT on rootless mount (bnc#851314). - autofs4 - fix deal with autofs4_write races (bnc#851314). autofs4 - use simple_empty() for empty directory check (bnc#851314). blkdev_max_block: make private to fs/buffer.c (bnc#820338). Avoid softlockup in shrink_dcache_for_umount_subtree (bnc#834473). dlm: set zero linger time on sctp socket (bnc#787843). - SUNRPC: Fix a data corruption issue when retransmitting RPC calls (bnc#855037) - nfs: Change NFSv4 to not recover locks after they are lost (bnc#828236). nfs: Adapt readdirplus to application usage patterns (bnc#834708). xfs: Account log unmount transaction correctly (bnc#849950). - xfs: improve ioend error handling (bnc#846036). - xfs: reduce ioend latency (bnc#846036). - xfs: use per-filesystem I/O completion workqueues (bnc#846036). xfs: Hide additional entries in struct xfs_mount (bnc#846036 bnc#848544). vfs: avoid
    last seen2020-06-05
    modified2015-05-20
    plugin id83608
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83608
    titleSUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2014:0140-1)