Vulnerabilities > CVE-2013-6432 - Unspecified vulnerability in Linux Kernel
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN linux
nessus
Summary
The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging unspecified privileges to execute a crafted application.
Vulnerable Configurations
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2117-1.NASL description Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2013-4563) Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported a flaw in the Linux Kernel last seen 2020-03-18 modified 2014-02-19 plugin id 72578 published 2014-02-19 reporter Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72578 title Ubuntu 13.10 : linux vulnerabilities (USN-2117-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2117-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(72578); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-4563", "CVE-2013-4579", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6382", "CVE-2013-6432", "CVE-2013-7263", "CVE-2013-7264", "CVE-2013-7265", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271", "CVE-2013-7281", "CVE-2014-1438", "CVE-2014-1446"); script_xref(name:"USN", value:"2117-1"); script_name(english:"Ubuntu 13.10 : linux vulnerabilities (USN-2117-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2013-4563) Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM) subsystem. A local user could exploit this flaw to gain privileges on the host machine. (CVE-2013-4587) Andrew Honig reported a flaw in the apic_get_tmcct function of the Kernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service or host OS system crash. (CVE-2013-6367) Andrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine (KVM) VAPIC synchronization operation. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). (CVE-2013-6368) Lars Bull discovered a flaw in the recalculate_apic_map function of the Kernel Virtual Machine (KVM) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS crash). (CVE-2013-6376) Nico Golde and Fabian Yamaguchi reported buffer underflow errors in the implementation of the XFS filesystem in the Linux kernel. A local user with CAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory corruption) or possibly other unspecified issues. (CVE-2013-6382) A flaw was discovered in the ipv4 ping_recvmsg function of the Linux kernel. A local user could exploit this flaw to cause a denial of service (NULL pointer dereference and system crash). (CVE-2013-6432) mpd reported an information leak in the recvfrom, recvmmsg, and recvmsg system calls in the Linux kernel. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7263) mpb reported an information leak in the Layer Two Tunneling Protocol (l2tp) of the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7264) mpb reported an information leak in the Phone Network protocol (phonet) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7265) An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ISDN sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7266) An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with apple talk sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7267) An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ipx protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7268) An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with the netrom address family in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7269) An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with packet address family sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7270) An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with x25 protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7271) mpb reported an information leak in the Low-Rate Wireless Personal Area Networks support (IEEE 802.15.4) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7281) halfdog reported an error in the AMD K7 and K8 platform support in the Linux kernel. An unprivileged local user could exploit this flaw on AMD based systems to cause a denial of service (task kill) or possibly gain privileges via a crafted application. (CVE-2014-1438) An information leak was discovered in the Linux kernel's hamradio YAM driver for AX.25 packet radio. A local user with the CAP_NET_ADMIN capability could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-1446). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2117-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected linux-image-3.11-generic and / or linux-image-3.11-generic-lpae packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic-lpae"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:13.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(13\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 13.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2013-4563", "CVE-2013-4579", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6382", "CVE-2013-6432", "CVE-2013-7263", "CVE-2013-7264", "CVE-2013-7265", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271", "CVE-2013-7281", "CVE-2014-1438", "CVE-2014-1446"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2117-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"13.10", pkgname:"linux-image-3.11.0-17-generic", pkgver:"3.11.0-17.31")) flag++; if (ubuntu_check(osver:"13.10", pkgname:"linux-image-3.11.0-17-generic-lpae", pkgver:"3.11.0-17.31")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.11-generic / linux-image-3.11-generic-lpae"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2113-1.NASL description Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2013-4563) Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported a flaw in the Linux Kernel last seen 2020-03-18 modified 2014-02-19 plugin id 72576 published 2014-02-19 reporter Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72576 title Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2113-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2113-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(72576); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-4563", "CVE-2013-4579", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6382", "CVE-2013-6432", "CVE-2013-7263", "CVE-2013-7264", "CVE-2013-7265", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271", "CVE-2013-7281", "CVE-2014-1438", "CVE-2014-1446"); script_xref(name:"USN", value:"2113-1"); script_name(english:"Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2113-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Saran Neti reported a flaw in the ipv6 UDP Fragmentation Offload (UFI) in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2013-4563) Mathy Vanhoef discovered an error in the the way the ath9k driver was handling the BSSID masking. A remote attacker could exploit this error to discover the original MAC address after a spoofing atack. (CVE-2013-4579) Andrew Honig reported a flaw in the Linux Kernel's kvm_vm_ioctl_create_vcpu function of the Kernel Virtual Machine (KVM) subsystem. A local user could exploit this flaw to gain privileges on the host machine. (CVE-2013-4587) Andrew Honig reported a flaw in the apic_get_tmcct function of the Kernel Virtual Machine (KVM) subsystem if the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service or host OS system crash. (CVE-2013-6367) Andrew Honig reported an error in the Linux Kernel's Kernel Virtual Machine (KVM) VAPIC synchronization operation. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash). (CVE-2013-6368) Lars Bull discovered a flaw in the recalculate_apic_map function of the Kernel Virtual Machine (KVM) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS crash). (CVE-2013-6376) Nico Golde and Fabian Yamaguchi reported buffer underflow errors in the implementation of the XFS filesystem in the Linux kernel. A local user with CAP_SYS_ADMIN could exploit these flaw to cause a denial of service (memory corruption) or possibly other unspecified issues. (CVE-2013-6382) A flaw was discovered in the ipv4 ping_recvmsg function of the Linux kernel. A local user could exploit this flaw to cause a denial of service (NULL pointer dereference and system crash). (CVE-2013-6432) mpd reported an information leak in the recvfrom, recvmmsg, and recvmsg system calls in the Linux kernel. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7263) mpb reported an information leak in the Layer Two Tunneling Protocol (l2tp) of the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7264) mpb reported an information leak in the Phone Network protocol (phonet) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7265) An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ISDN sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7266) An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with apple talk sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7267) An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with ipx protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7268) An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with the netrom address family in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7269) An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with packet address family sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7270) An information leak was discovered in the recvfrom, recvmmsg, and recvmsg systemcalls when used with x25 protocol sockets in the Linux kernel. A local user could exploit this leak to obtain potentially sensitive information from kernel memory. (CVE-2013-7271) mpb reported an information leak in the Low-Rate Wireless Personal Area Networks support (IEEE 802.15.4) in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from kernel stack memory. (CVE-2013-7281) halfdog reported an error in the AMD K7 and K8 platform support in the Linux kernel. An unprivileged local user could exploit this flaw on AMD based systems to cause a denial of service (task kill) or possibly gain privileges via a crafted application. (CVE-2014-1438) An information leak was discovered in the Linux kernel's hamradio YAM driver for AX.25 packet radio. A local user with the CAP_NET_ADMIN capability could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-1446). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2113-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected linux-image-3.11-generic and / or linux-image-3.11-generic-lpae packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic-lpae"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2013-4563", "CVE-2013-4579", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6382", "CVE-2013-6432", "CVE-2013-7263", "CVE-2013-7264", "CVE-2013-7265", "CVE-2013-7266", "CVE-2013-7267", "CVE-2013-7268", "CVE-2013-7269", "CVE-2013-7270", "CVE-2013-7271", "CVE-2013-7281", "CVE-2014-1438", "CVE-2014-1446"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2113-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.11.0-17-generic", pkgver:"3.11.0-17.31~precise1")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.11.0-17-generic-lpae", pkgver:"3.11.0-17.31~precise1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.11-generic / linux-image-3.11-generic-lpae"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-114.NASL description The Linux Kernel was updated to version 3.11.10, fixing security issues and bugs : - floppy: bail out in open() if drive is not responding to block0 read (bnc#773058). - compat_sys_recvmmsg X32 fix (bnc#860993 CVE-2014-0038). - HID: usbhid: fix sis quirk (bnc#859804). - hwmon: (coretemp) Fix truncated name of alarm attributes - HID: usbhid: quirk for Synaptics Quad HD touchscreen (bnc#859804). - HID: usbhid: quirk for Synaptics HD touchscreen (bnc#859804). - HID: usbhid: merge the sis quirk (bnc#859804). - HID: hid-multitouch: add support for SiS panels (bnc#859804). - HID: usbhid: quirk for SiS Touchscreen (bnc#859804). - HID: usbhid: quirk for Synaptics Large Touchccreen (bnc#859804). - drivers: net: cpsw: fix dt probe for one port ethernet. - drivers: net: cpsw: fix for cpsw crash when build as modules. - dma: edma: Remove limits on number of slots. - dma: edma: Leave linked to Null slot instead of DUMMY slot. - dma: edma: Find missed events and issue them. - dma: edma: Write out and handle MAX_NR_SG at a given time. - dma: edma: Setup parameters to DMA MAX_NR_SG at a time. - ARM: edma: Add function to manually trigger an EDMA channel. - ARM: edma: Fix clearing of unused list for DT DMA resources. - ACPI: Add Toshiba NB100 to Vista _OSI blacklist. - ACPI: add missing win8 OSI comment to blacklist (bnc#856294). - ACPI: update win8 OSI blacklist. - ACPI: blacklist win8 OSI for buggy laptops. - ACPI: blacklist win8 OSI for ASUS Zenbook Prime UX31A (bnc#856294). - ACPI: Blacklist Win8 OSI for some HP laptop 2013 models (bnc#856294). - floppy: bail out in open() if drive is not responding to block0 read (bnc#773058). - ping: prevent NULL pointer dereference on write to msg_name (bnc#854175 CVE-2013-6432). - x86/dumpstack: Fix printk_address for direct addresses (bnc#845621). - Refresh patches.suse/stack-unwind. - Refresh patches.xen/xen-x86_64-dump-user-pgt. - KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368) (bnc#853052 CVE-2013-6368). - KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376) (bnc#853053 CVE-2013-6376). - Build the KOTD against openSUSE:13.1:Update - xencons: generalize use of add_preferred_console() (bnc#733022, bnc#852652). - Update Xen patches to 3.11.10. - Rename patches.xen/xen-pcpu-hotplug to patches.xen/xen-pcpu. - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (bnc#853051 CVE-2013-6367). - KVM: Improve create VCPU parameter (CVE-2013-4587) (bnc#853050 CVE-2013-4587). - ipv6: fix headroom calculation in udp6_ufo_fragment (bnc#848042 CVE-2013-4563). - net: rework recvmsg handler msg_name and msg_namelen logic (bnc#854722). - patches.drivers/gpio-ucb1400-add-module_alias.patch: Update upstream reference - patches.drivers/gpio-ucb1400-can-be-built-as-a-module.pa tch: Update upstream reference - Delete patches.suse/ida-remove-warning-dump-stack.patch. Already included in kernel 3.11 (WARN calls dump_stack.) - xhci: Limit the spurious wakeup fix only to HP machines (bnc#852931). - iscsi_target: race condition on shutdown (bnc#850072). - Linux 3.11.10. - Refresh patches.xen/xen3-patch-2.6.29. - Delete patches.suse/btrfs-relocate-csums-properly-with-prealloc -extents.patch. - patches.drivers/xhci-Fix-spurious-wakeups-after-S5-on-Ha swell.patch: (bnc#852931). - Build mei and mei_me as modules (bnc#852656) - Linux 3.11.9. - Linux 3.11.8 (CVE-2013-4511 bnc#846529 bnc#849021). - Delete patches.drivers/ALSA-hda-Add-a-fixup-for-ASUS-N76VZ. - Delete patches.fixes/Fix-a-few-incorrectly-checked-io_-remap_pf n_range-ca.patch. - Add USB PHY support (needed to get USB and Ethernet working on beagle and panda boards) Add CONFIG_PINCTRL_SINGLE=y to be able to use Device tree (at least for beagle and panda boards) Add ARM SoC sound support Add SPI bus support Add user-space access to I2C and SPI - patches.arch/iommu-vt-d-remove-stack-trace-from-broken-i rq-remapping-warning.patch: Fix forward porting, sorry. - iommu: Remove stack trace from broken irq remapping warning (bnc#844513). - gpio: ucb1400: Add MODULE_ALIAS. - Allow NFSv4 username mapping to work properly (bnc#838024). - nfs: check if gssd is running before attempting to use krb5i auth in SETCLIENTID call. - sunrpc: replace sunrpc_net->gssd_running flag with a more reliable check. - sunrpc: create a new dummy pipe for gssd to hold open. - Set CONFIG_GPIO_TWL4030 as built-in (instead of module) as a requirement to boot on SD card on beagleboard xM - armv6hl, armv7hl: Update config files. Set CONFIG_BATMAN_ADV_BLA=y as all other kernel configuration files have. - Update config files : - CONFIG_BATMAN_ADV_NC=y, because other BATMAN_ADV options are all enabled so why not this one. - CONFIG_GPIO_SCH=m, CONFIG_GPIO_PCH=m, because we support all other features of these pieces of hardware. - CONFIG_INTEL_POWERCLAMP=m, because this small driver might be useful in specific cases, and there last seen 2020-06-05 modified 2014-06-13 plugin id 75252 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75252 title openSUSE Security Update : kernel (openSUSE-SU-2014:0205-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-114. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75252); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-4511", "CVE-2013-4563", "CVE-2013-4587", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6432", "CVE-2014-0038"); script_bugtraq_id(63512, 63702, 64135, 64270, 64291, 64319, 64328, 65255); script_name(english:"openSUSE Security Update : kernel (openSUSE-SU-2014:0205-1)"); script_summary(english:"Check for the openSUSE-2014-114 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The Linux Kernel was updated to version 3.11.10, fixing security issues and bugs : - floppy: bail out in open() if drive is not responding to block0 read (bnc#773058). - compat_sys_recvmmsg X32 fix (bnc#860993 CVE-2014-0038). - HID: usbhid: fix sis quirk (bnc#859804). - hwmon: (coretemp) Fix truncated name of alarm attributes - HID: usbhid: quirk for Synaptics Quad HD touchscreen (bnc#859804). - HID: usbhid: quirk for Synaptics HD touchscreen (bnc#859804). - HID: usbhid: merge the sis quirk (bnc#859804). - HID: hid-multitouch: add support for SiS panels (bnc#859804). - HID: usbhid: quirk for SiS Touchscreen (bnc#859804). - HID: usbhid: quirk for Synaptics Large Touchccreen (bnc#859804). - drivers: net: cpsw: fix dt probe for one port ethernet. - drivers: net: cpsw: fix for cpsw crash when build as modules. - dma: edma: Remove limits on number of slots. - dma: edma: Leave linked to Null slot instead of DUMMY slot. - dma: edma: Find missed events and issue them. - dma: edma: Write out and handle MAX_NR_SG at a given time. - dma: edma: Setup parameters to DMA MAX_NR_SG at a time. - ARM: edma: Add function to manually trigger an EDMA channel. - ARM: edma: Fix clearing of unused list for DT DMA resources. - ACPI: Add Toshiba NB100 to Vista _OSI blacklist. - ACPI: add missing win8 OSI comment to blacklist (bnc#856294). - ACPI: update win8 OSI blacklist. - ACPI: blacklist win8 OSI for buggy laptops. - ACPI: blacklist win8 OSI for ASUS Zenbook Prime UX31A (bnc#856294). - ACPI: Blacklist Win8 OSI for some HP laptop 2013 models (bnc#856294). - floppy: bail out in open() if drive is not responding to block0 read (bnc#773058). - ping: prevent NULL pointer dereference on write to msg_name (bnc#854175 CVE-2013-6432). - x86/dumpstack: Fix printk_address for direct addresses (bnc#845621). - Refresh patches.suse/stack-unwind. - Refresh patches.xen/xen-x86_64-dump-user-pgt. - KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368) (bnc#853052 CVE-2013-6368). - KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376) (bnc#853053 CVE-2013-6376). - Build the KOTD against openSUSE:13.1:Update - xencons: generalize use of add_preferred_console() (bnc#733022, bnc#852652). - Update Xen patches to 3.11.10. - Rename patches.xen/xen-pcpu-hotplug to patches.xen/xen-pcpu. - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (bnc#853051 CVE-2013-6367). - KVM: Improve create VCPU parameter (CVE-2013-4587) (bnc#853050 CVE-2013-4587). - ipv6: fix headroom calculation in udp6_ufo_fragment (bnc#848042 CVE-2013-4563). - net: rework recvmsg handler msg_name and msg_namelen logic (bnc#854722). - patches.drivers/gpio-ucb1400-add-module_alias.patch: Update upstream reference - patches.drivers/gpio-ucb1400-can-be-built-as-a-module.pa tch: Update upstream reference - Delete patches.suse/ida-remove-warning-dump-stack.patch. Already included in kernel 3.11 (WARN calls dump_stack.) - xhci: Limit the spurious wakeup fix only to HP machines (bnc#852931). - iscsi_target: race condition on shutdown (bnc#850072). - Linux 3.11.10. - Refresh patches.xen/xen3-patch-2.6.29. - Delete patches.suse/btrfs-relocate-csums-properly-with-prealloc -extents.patch. - patches.drivers/xhci-Fix-spurious-wakeups-after-S5-on-Ha swell.patch: (bnc#852931). - Build mei and mei_me as modules (bnc#852656) - Linux 3.11.9. - Linux 3.11.8 (CVE-2013-4511 bnc#846529 bnc#849021). - Delete patches.drivers/ALSA-hda-Add-a-fixup-for-ASUS-N76VZ. - Delete patches.fixes/Fix-a-few-incorrectly-checked-io_-remap_pf n_range-ca.patch. - Add USB PHY support (needed to get USB and Ethernet working on beagle and panda boards) Add CONFIG_PINCTRL_SINGLE=y to be able to use Device tree (at least for beagle and panda boards) Add ARM SoC sound support Add SPI bus support Add user-space access to I2C and SPI - patches.arch/iommu-vt-d-remove-stack-trace-from-broken-i rq-remapping-warning.patch: Fix forward porting, sorry. - iommu: Remove stack trace from broken irq remapping warning (bnc#844513). - gpio: ucb1400: Add MODULE_ALIAS. - Allow NFSv4 username mapping to work properly (bnc#838024). - nfs: check if gssd is running before attempting to use krb5i auth in SETCLIENTID call. - sunrpc: replace sunrpc_net->gssd_running flag with a more reliable check. - sunrpc: create a new dummy pipe for gssd to hold open. - Set CONFIG_GPIO_TWL4030 as built-in (instead of module) as a requirement to boot on SD card on beagleboard xM - armv6hl, armv7hl: Update config files. Set CONFIG_BATMAN_ADV_BLA=y as all other kernel configuration files have. - Update config files : - CONFIG_BATMAN_ADV_NC=y, because other BATMAN_ADV options are all enabled so why not this one. - CONFIG_GPIO_SCH=m, CONFIG_GPIO_PCH=m, because we support all other features of these pieces of hardware. - CONFIG_INTEL_POWERCLAMP=m, because this small driver might be useful in specific cases, and there's no obvious reason not to include it. - Fix a few incorrectly checked [io_]remap_pfn_range() calls (bnc#849021, CVE-2013-4511). - Linux 3.11.7." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=733022" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=773058" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=838024" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=844513" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=845621" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=846529" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=848042" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=849021" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=850072" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=852652" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=852656" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=852931" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=853050" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=853051" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=853052" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=853053" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=854175" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=854722" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=856294" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=859804" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=860993" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-02/msg00022.html" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel recvmmsg Privilege Escalation'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-base-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-base-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-debugsource-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-devel-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-devel-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kernel-devel-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kernel-source-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kernel-source-vanilla-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kernel-syms-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-base-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-base-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-debugsource-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-devel-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-devel-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-base-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-base-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-debugsource-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-devel-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-devel-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-base-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-base-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-debugsource-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-devel-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-devel-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-base-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-base-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-debugsource-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-devel-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-devel-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-base-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-base-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-debugsource-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-devel-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-devel-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-vanilla-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-vanilla-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-vanilla-debugsource-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-vanilla-devel-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-vanilla-devel-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-base-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-base-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-debugsource-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-devel-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-devel-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-base-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-base-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-debugsource-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-devel-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-devel-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-base-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-base-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-debugsource-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-devel-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-devel-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-base-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-base-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-debugsource-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-devel-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-devel-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-base-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-base-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-debugsource-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-devel-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-devel-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-base-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-base-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-debugsource-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-devel-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-devel-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-vanilla-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-vanilla-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-vanilla-debugsource-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-vanilla-devel-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-vanilla-devel-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-base-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-debugsource-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-devel-3.11.10-7.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-devel-debuginfo-3.11.10-7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1526.NASL description According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A double free vulnerability was found in netlink_dump, which could cause a denial of service or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2016-9806i1/4%0 - Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf.(CVE-2010-5321i1/4%0 - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2018-1108i1/4%0 - The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.(CVE-2019-7222i1/4%0 - The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call.(CVE-2016-2062i1/4%0 - drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device.(CVE-2013-2896i1/4%0 - The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3139i1/4%0 - An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function.(CVE-2017-7542i1/4%0 - Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures.(CVE-2017-10810i1/4%0 - The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging unspecified privileges to execute a crafted application.(CVE-2013-6432i1/4%0 - The madvise_willneed function in the Linux kernel allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.(CVE-2017-18208i1/4%0 - An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.(CVE-2018-17182i1/4%0 - The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header.(CVE-2013-7027i1/4%0 - The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit.(CVE-2014-9710i1/4%0 - A flaw was found in the way the Linux kernel last seen 2020-03-19 modified 2019-05-14 plugin id 124979 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124979 title EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1526) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124979); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19"); script_cve_id( "CVE-2010-5321", "CVE-2013-2896", "CVE-2013-6432", "CVE-2013-7027", "CVE-2013-7270", "CVE-2014-3645", "CVE-2014-3687", "CVE-2014-9710", "CVE-2016-2053", "CVE-2016-2062", "CVE-2016-3139", "CVE-2016-9806", "CVE-2017-10662", "CVE-2017-10810", "CVE-2017-17053", "CVE-2017-18208", "CVE-2017-7542", "CVE-2018-1108", "CVE-2018-17182", "CVE-2019-7222" ); script_bugtraq_id( 62048, 64013, 64135, 64744, 70746, 70766, 73308 ); script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1526)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization for ARM 64 host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A double free vulnerability was found in netlink_dump, which could cause a denial of service or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2016-9806i1/4%0 - Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf.(CVE-2010-5321i1/4%0 - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2018-1108i1/4%0 - The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.(CVE-2019-7222i1/4%0 - The adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call.(CVE-2016-2062i1/4%0 - drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device.(CVE-2013-2896i1/4%0 - The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3139i1/4%0 - An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function.(CVE-2017-7542i1/4%0 - Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures.(CVE-2017-10810i1/4%0 - The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging unspecified privileges to execute a crafted application.(CVE-2013-6432i1/4%0 - The madvise_willneed function in the Linux kernel allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.(CVE-2017-18208i1/4%0 - An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.(CVE-2018-17182i1/4%0 - The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header.(CVE-2013-7027i1/4%0 - The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit.(CVE-2014-9710i1/4%0 - A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system.(CVE-2014-3687i1/4%0 - A syntax vulnerability was discovered in the kernel's ASN1.1 DER decoder, which could lead to memory corruption or a complete local denial of service through x509 certificate DER files. A local system user could use a specially created key file to trigger BUG_ON() in the public_key_verify_signature() function (crypto/asymmetric_keys/public_key.c), to cause a kernel panic and crash the system.(CVE-2016-2053i1/4%0 - It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) instructions. On hosts with an Intel processor and invept VM exit support, an unprivileged guest user could use these instructions to crash the guest.(CVE-2014-3645i1/4%0 - The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7270i1/4%0 - The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel, before 4.12.10, does not correctly handle errors from LDT table allocation when forking a new process. This could allow a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program.(CVE-2017-17053i1/4%0 - It was found that the sanity_check_raw_super() function in 'fs/f2fs/super.c' file in the Linux kernel before version 4.12-rc1 does not validate the f2fs filesystem segment count. This allows an unprivileged local user to cause a system panic and DoS. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-10662i1/4%0 Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1526 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d79c113e"); script_set_attribute(attribute:"solution", value: "Update the affected kernel packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["kernel-4.19.28-1.2.117", "kernel-devel-4.19.28-1.2.117", "kernel-headers-4.19.28-1.2.117", "kernel-tools-4.19.28-1.2.117", "kernel-tools-libs-4.19.28-1.2.117", "kernel-tools-libs-devel-4.19.28-1.2.117", "perf-4.19.28-1.2.117", "python-perf-4.19.28-1.2.117"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }
References
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
- https://bugzilla.redhat.com/show_bug.cgi?id=1039046
- http://www.openwall.com/lists/oss-security/2013/12/06/6
- https://github.com/torvalds/linux/commit/cf970c002d270c36202bd5b9c2804d3097a52da0
- http://www.ubuntu.com/usn/USN-2113-1
- http://www.ubuntu.com/usn/USN-2117-1
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=cf970c002d270c36202bd5b9c2804d3097a52da0