Vulnerabilities > CVE-2013-7339 - NULL Pointer Dereference vulnerability in Linux Kernel

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.

Vulnerable Configurations

Part Description Count
OS
Linux
1885

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0740.NASL
    descriptionUpdated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id74458
    published2014-06-11
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74458
    titleRHEL 5 : kernel (RHSA-2014:0740)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:0740. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74458);
      script_version("1.11");
      script_cvs_date("Date: 2019/10/24 15:35:38");
    
      script_cve_id("CVE-2013-7339", "CVE-2014-1737", "CVE-2014-1738");
      script_bugtraq_id(66351, 67300, 67302);
      script_xref(name:"RHSA", value:"2014:0740");
    
      script_name(english:"RHEL 5 : kernel (RHSA-2014:0740)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix three security issues and several
    bugs are now available for Red Hat Enterprise Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    Important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * A flaw was found in the way the Linux kernel's floppy driver handled
    user space provided data in certain error code paths while processing
    FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX
    could use this flaw to free (using the kfree() function) arbitrary
    kernel memory. (CVE-2014-1737, Important)
    
    * It was found that the Linux kernel's floppy driver leaked internal
    kernel memory addresses to user space during the processing of the
    FDRAWCMD IOCTL command. A local user with write access to /dev/fdX
    could use this flaw to obtain information about the kernel heap
    arrangement. (CVE-2014-1738, Low)
    
    Note: A local user with write access to /dev/fdX could use these two
    flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate
    their privileges on the system.
    
    * A NULL pointer dereference flaw was found in the
    rds_ib_laddr_check() function in the Linux kernel's implementation of
    Reliable Datagram Sockets (RDS). A local, unprivileged user could use
    this flaw to crash the system. (CVE-2013-7339, Moderate)
    
    Red Hat would like to thank Matthew Daley for reporting CVE-2014-1737
    and CVE-2014-1738.
    
    This update also fixes the following bugs :
    
    * A bug in the futex system call could result in an overflow when
    passing a very large positive timeout. As a consequence, the
    FUTEX_WAIT operation did not work as intended and the system call was
    timing out immediately. A backported patch fixes this bug by limiting
    very large positive timeouts to the maximal supported value.
    (BZ#1091832)
    
    * A new Linux Security Module (LSM) functionality related to the
    setrlimit hooks should produce a warning message when used by a third
    party module that could not cope with it. However, due to a
    programming error, the kernel could print this warning message when a
    process was setting rlimits for a different process, or if rlimits
    were modified by another than the main thread even though there was no
    incompatible third party module. This update fixes the relevant code
    and ensures that the kernel handles this warning message correctly.
    (BZ#1092869)
    
    * Previously, the kernel was unable to detect KVM on system boot if
    the Hyper-V emulation was enabled. A patch has been applied to ensure
    that both KVM and Hyper-V hypervisors are now correctly detected
    during system boot. (BZ#1094152)
    
    * A function in the RPC code responsible for verifying whether cached
    credentials match the current process did not perform the check
    correctly. The code checked only whether the groups in the current
    process credentials appear in the same order as in the cached
    credentials but did not ensure that no other groups are present in the
    cached credentials. As a consequence, when accessing files in NFS
    mounts, a process with the same UID and GID as the original process
    but with a non-matching group list could have been granted an
    unauthorized access to a file, or under certain circumstances, the
    process could have been wrongly prevented from accessing the file. The
    incorrect test condition has been fixed and the problem can no longer
    occur. (BZ#1095062)
    
    * When being under heavy load, some Fibre Channel storage devices,
    such as Hitachi and HP Open-V series, can send a logout (LOGO) message
    to the host system. However, due to a bug in the lpfc driver, this
    could result in a loss of active paths to the storage and the paths
    could not be recovered without manual intervention. This update
    corrects the lpfc driver to ensure automatic recovery of the lost
    paths to the storage in this scenario. (BZ#1096061)
    
    All kernel users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. The system
    must be rebooted for this update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2014:0740"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-7339"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-1737"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-1738"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/06/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2014:0740";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-debuginfo-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-devel-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-debuginfo-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-debuginfo-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-debuginfo-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-devel-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-devel-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-devel-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debuginfo-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debuginfo-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debuginfo-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debuginfo-common-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debuginfo-common-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debuginfo-common-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-devel-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-devel-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-devel-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", reference:"kernel-doc-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"kernel-headers-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-headers-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-headers-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-debuginfo-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-devel-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-debuginfo-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-debuginfo-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-devel-2.6.18-371.9.1.el5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-devel-2.6.18-371.9.1.el5")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1168.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes three security issues and one bug is now available. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A NULL pointer dereference flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id79048
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79048
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2014:1168)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:1168. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79048);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/24 15:35:38");
    
      script_cve_id("CVE-2014-0222", "CVE-2014-0223", "CVE-2014-3535");
      script_bugtraq_id(67357, 67391);
      script_xref(name:"RHSA", value:"2014:1168");
    
      script_name(english:"RHEL 6 : rhev-hypervisor6 (RHSA-2014:1168)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated rhev-hypervisor6 package that fixes three security issues
    and one bug is now available.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The rhev-hypervisor6 package provides a Red Hat Enterprise
    Virtualization Hypervisor ISO disk image. The Red Hat Enterprise
    Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine
    (KVM) hypervisor. It includes everything necessary to run and manage
    virtual machines: a subset of the Red Hat Enterprise Linux operating
    environment and the Red Hat Enterprise Virtualization Agent.
    
    Note: Red Hat Enterprise Virtualization Hypervisor is only available
    for the Intel 64 and AMD64 architectures with virtualization
    extensions.
    
    A NULL pointer dereference flaw was found in the way the Linux
    kernel's networking implementation handled logging while processing
    certain invalid packets coming in via a VxLAN interface. A remote
    attacker could use this flaw to crash the system by sending a
    specially crafted packet to such an interface. (CVE-2014-3535)
    
    Two integer overflow flaws were found in the QEMU block driver for
    QCOW version 1 disk images. A user able to alter the QEMU disk image
    files loaded by a guest could use either of these flaws to corrupt
    QEMU process memory on the host, which could potentially result in
    arbitrary code execution on the host with the privileges of the QEMU
    process. (CVE-2014-0222, CVE-2014-0223)
    
    Red Hat would like to thank NSA for reporting CVE-2014-0222 and
    CVE-2014-0223.
    
    This update also fixes the following bug :
    
    * Previously, an updated version of Qlogic firmware was not supported
    in the Red Hat Enterprise Virtualization Hypervisor 6.5 image and an
    error message returned when users were using a newer version of Qlogic
    firmware. This update includes the latest Qlogic firmware package in
    the Red Hat Enterprise Virtualization Hypervisor 6.5 image so no
    firmware errors are returned. (BZ#1135780)
    
    This updated package also provides updated components that include
    fixes for various security issues. These issues have no security
    impact on Red Hat Enterprise Virtualization Hypervisor itself,
    however. The security fixes included in this update address the
    following CVE numbers :
    
    CVE-2012-6647, CVE-2013-7339, CVE-2014-2672, CVE-2014-2678,
    CVE-2014-2706, CVE-2014-2851, CVE-2014-3144, CVE-2014-3145,
    CVE-2014-0205, CVE-2014-3917, and CVE-2014-4667 (kernel issues)
    
    Users of the Red Hat Enterprise Virtualization Hypervisor are advised
    to upgrade to this updated package."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2014:1168"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-0223"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-0222"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-3535"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected rhev-hypervisor6 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/09/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2014:1168";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", reference:"rhev-hypervisor6-6.5-20140821.1.el6ev")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhev-hypervisor6");
      }
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1538.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The walk_hugetlb_range() function in
    last seen2020-03-19
    modified2019-05-14
    plugin id124991
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124991
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1538)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-451.NASL
    descriptionThe Linux kernel was updated to fix security issues and bugs : Security issues fixed: CVE-2014-3153: The futex_requeue function in kernel/futex.c in the Linux kernel did not ensure that calls have two different futex addresses, which allowed local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. CVE-2014-0077: drivers/vhost/net.c in the Linux kernel, when mergeable buffers are disabled, did not properly validate packet lengths, which allowed guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package did not properly handle vhost_get_vq_desc errors, which allowed guest OS users to cause a denial of service (host OS crash) via unspecified vectors. CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. CVE-2014-2851: Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel did not properly consider which pages must be locked, which allowed local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings. Bugs fixed : - memcg: deprecate memory.force_empty knob (bnc#878274).
    last seen2020-06-05
    modified2014-07-02
    plugin id76342
    published2014-07-02
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76342
    titleopenSUSE Security Update : kernel (openSUSE-SU-2014:0856-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20140610_KERNEL_ON_SL5_X.NASL
    description - A flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2014-06-12
    plugin id74489
    published2014-06-12
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74489
    titleScientific Linux Security Update : kernel on SL5.x i386/x86_64 (20140610)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1477.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7265) - The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7266) - The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7267) - The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7268) - The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7269) - The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7270) - The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7271) - The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7281) - A NULL pointer dereference flaw was found in the rds_ib_laddr_check() function in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id124801
    published2019-05-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124801
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1477)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0439.NASL
    descriptionUpdated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * A denial of service flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76674
    published2014-07-22
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/76674
    titleRHEL 6 : MRG (RHSA-2014:0439)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2220-1.NASL
    descriptionMatthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738) Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. (CVE-2014-1737) A flaw was discovered in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel for systems that lack RDS transports. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-7339) An error was discovered in the Reliable Datagram Sockets (RDS) protocol stack in the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) or possibly have unspecified other impact. (CVE-2014-2678). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id74183
    published2014-05-27
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74183
    titleUbuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2220-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0981.NASL
    descriptionUpdated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-2851, Important) * A NULL pointer dereference flaw was found in the way the futex_wait_requeue_pi() function of the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76948
    published2014-08-01
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76948
    titleCentOS 6 : kernel (CESA-2014:0981)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1101.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-2851, Important) * A NULL pointer dereference flaw was found in the rds_ib_laddr_check() function in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id79043
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79043
    titleRHEL 6 : kernel (RHSA-2014:1101)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0981.NASL
    descriptionFrom Red Hat Security Advisory 2014:0981 : Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-2851, Important) * A NULL pointer dereference flaw was found in the way the futex_wait_requeue_pi() function of the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76888
    published2014-07-30
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76888
    titleOracle Linux 6 : kernel (ELSA-2014-0981)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0981.NASL
    descriptionUpdated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-2851, Important) * A NULL pointer dereference flaw was found in the way the futex_wait_requeue_pi() function of the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76908
    published2014-07-30
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76908
    titleRHEL 6 : kernel (RHSA-2014:0981)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0740-1.NASL
    descriptionFrom Red Hat Security Advisory 2014:0740 : Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id74505
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74505
    titleOracle Linux 5 : kernel (ELSA-2014-0740-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0740.NASL
    descriptionUpdated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id74471
    published2014-06-12
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74471
    titleCentOS 5 : kernel (CESA-2014:0740)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-441.NASL
    descriptionThe Linux kernel was updated to fix security issues and bugs. Security issues fixed: CVE-2014-3153: The futex_requeue function in kernel/futex.c in the Linux kernel did not ensure that calls have two different futex addresses, which allowed local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel did not check whether a certain length value is sufficiently large, which allowed local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced. CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel used the reverse order in a certain subtraction, which allowed local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. CVE-2014-0077: drivers/vhost/net.c in the Linux kernel, when mergeable buffers are disabled, did not properly validate packet lengths, which allowed guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package did not properly handle vhost_get_vq_desc errors, which allowed guest OS users to cause a denial of service (host OS crash) via unspecified vectors. CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. CVE-2014-2851: Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. - ext4: Fix buffer double free in ext4_alloc_branch() (bnc#880599 bnc#876981). - patches.fixes/firewire-01-net-fix-use-after-free.patch, patches.fixes/firewire-02-ohci-fix-probe-failure-with-ag ere-lsi-controllers.patch, patches.fixes/firewire-03-dont-use-prepare_delayed_work. patch: Add missing bug reference (bnc#881697). - firewire: don
    last seen2020-06-05
    modified2014-06-26
    plugin id76228
    published2014-06-26
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76228
    titleopenSUSE Security Update : kernel (openSUSE-SU-2014:0840-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2906.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-0343 George Kargiotakis reported an issue in the temporary address handling of the IPv6 privacy extensions. Users on the same LAN can cause a denial of service or obtain access to sensitive information by sending router advertisement messages that cause temporary address generation to be disabled. - CVE-2013-2147 Dan Carpenter reported issues in the cpqarray driver for Compaq Smart2 Controllers and the cciss driver for HP Smart Array controllers allowing users to gain access to sensitive kernel memory. - CVE-2013-2889 Kees Cook discovered missing input sanitization in the HID driver for Zeroplus game pads that could lead to a local denial of service. - CVE-2013-2893 Kees Cook discovered that missing input sanitization in the HID driver for various Logitech force feedback devices could lead to a local denial of service. - CVE-2013-2929 Vasily Kulikov discovered that a flaw in the get_dumpable() function of the ptrace subsytsem could lead to information disclosure. Only systems with the fs.suid_dumpable sysctl set to a non-default value of
    last seen2020-03-17
    modified2014-04-27
    plugin id73713
    published2014-04-27
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73713
    titleDebian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2219-1.NASL
    descriptionMatthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738) Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. (CVE-2014-1737) A flaw was discovered in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel for systems that lack RDS transports. An unprivileged local user could exploit this flaw to cause a denial of service (system crash). (CVE-2013-7339) An error was discovered in the Reliable Datagram Sockets (RDS) protocol stack in the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) or possibly have unspecified other impact. (CVE-2014-2678). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id74182
    published2014-05-27
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74182
    titleUbuntu 10.04 LTS : linux vulnerabilities (USN-2219-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0740.NASL
    descriptionFrom Red Hat Security Advisory 2014:0740 : Updated kernel packages that fix three security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id74482
    published2014-06-12
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74482
    titleOracle Linux 5 : kernel (ELSA-2014-0740)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-140709.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed : - The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interfaces own IP address, as demonstrated by rds-ping. (bnc#767610). (CVE-2012-2372) - The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. (bnc#847652). (CVE-2013-2929) - Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device. (bnc#846404). (CVE-2013-4299) - The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. (bnc#851426). (CVE-2013-4579) - Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. (bnc#852553). (CVE-2013-6382) - The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. (bnc#869563). (CVE-2013-7339) - The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors. (bnc#870173). (CVE-2014-0055) - drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. (bnc#870576). (CVE-2014-0077) - The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. (bnc#866102). (CVE-2014-0101) - Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. (bnc#867723). (CVE-2014-0131) - The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced. (bnc#872540). (CVE-2014-0155) - The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869). (CVE-2014-1444) - The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. (bnc#858870). (CVE-2014-1445) - The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. (bnc#858872). (CVE-2014-1446) - The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context. (bnc#863335). (CVE-2014-1874) - The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. (bnc#867531). (CVE-2014-2309) - net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. (bnc#868653). (CVE-2014-2523) - The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. (bnc#871561). (CVE-2014-2678) - Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. (bnc#873374). (CVE-2014-2851) - The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings. (bnc#876102). (CVE-2014-3122) - The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced. (bnc#877257). (CVE-2014-3144) - The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. (bnc#877257). (CVE-2014-3145) - kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. (bnc#880484). (CVE-2014-3917) - arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number. (CVE-2014-4508) -. (bnc#883724) - Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795). (CVE-2014-4652) - sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795). (CVE-2014-4653) - The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call. (bnc#883795). (CVE-2014-4654) - The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. (bnc#883795). (CVE-2014-4655) - Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function. (bnc#883795). (CVE-2014-4656) - The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls. (bnc#885725). (CVE-2014-4699) Also the following non-security bugs have been fixed : - kernel: avoid page table walk on user space access (bnc#878407, LTC#110316). - spinlock: fix system hang with spin_retry <= 0 (bnc#874145, LTC#110189). - x86/UV: Set n_lshift based on GAM_GR_CONFIG MMR for UV3. (bnc#876176) - x86: Enable multiple CPUs in crash kernel. (bnc#846690) - x86/mce: Fix CMCI preemption bugs. (bnc#786450) - x86, CMCI: Add proper detection of end of CMCI storms. (bnc#786450) - futex: revert back to the explicit waiter counting code. (bnc#851603) - futex: avoid race between requeue and wake. (bnc#851603) - intel-iommu: fix off-by-one in pagetable freeing. (bnc#874577) - ia64: Change default PSR.ac from
    last seen2020-06-05
    modified2014-07-17
    plugin id76557
    published2014-07-17
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/76557
    titleSuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9488 / 9491 / 9493)

Redhat

rpms
  • kernel-rt-0:3.10.33-rt32.33.el6rt
  • kernel-rt-debug-0:3.10.33-rt32.33.el6rt
  • kernel-rt-debug-debuginfo-0:3.10.33-rt32.33.el6rt
  • kernel-rt-debug-devel-0:3.10.33-rt32.33.el6rt
  • kernel-rt-debuginfo-0:3.10.33-rt32.33.el6rt
  • kernel-rt-debuginfo-common-x86_64-0:3.10.33-rt32.33.el6rt
  • kernel-rt-devel-0:3.10.33-rt32.33.el6rt
  • kernel-rt-doc-0:3.10.33-rt32.33.el6rt
  • kernel-rt-firmware-0:3.10.33-rt32.33.el6rt
  • kernel-rt-trace-0:3.10.33-rt32.33.el6rt
  • kernel-rt-trace-debuginfo-0:3.10.33-rt32.33.el6rt
  • kernel-rt-trace-devel-0:3.10.33-rt32.33.el6rt
  • kernel-rt-vanilla-0:3.10.33-rt32.33.el6rt
  • kernel-rt-vanilla-debuginfo-0:3.10.33-rt32.33.el6rt
  • kernel-rt-vanilla-devel-0:3.10.33-rt32.33.el6rt
  • kernel-0:2.6.18-371.9.1.el5
  • kernel-PAE-0:2.6.18-371.9.1.el5
  • kernel-PAE-debuginfo-0:2.6.18-371.9.1.el5
  • kernel-PAE-devel-0:2.6.18-371.9.1.el5
  • kernel-debug-0:2.6.18-371.9.1.el5
  • kernel-debug-debuginfo-0:2.6.18-371.9.1.el5
  • kernel-debug-devel-0:2.6.18-371.9.1.el5
  • kernel-debuginfo-0:2.6.18-371.9.1.el5
  • kernel-debuginfo-common-0:2.6.18-371.9.1.el5
  • kernel-devel-0:2.6.18-371.9.1.el5
  • kernel-doc-0:2.6.18-371.9.1.el5
  • kernel-headers-0:2.6.18-371.9.1.el5
  • kernel-kdump-0:2.6.18-371.9.1.el5
  • kernel-kdump-debuginfo-0:2.6.18-371.9.1.el5
  • kernel-kdump-devel-0:2.6.18-371.9.1.el5
  • kernel-xen-0:2.6.18-371.9.1.el5
  • kernel-xen-debuginfo-0:2.6.18-371.9.1.el5
  • kernel-xen-devel-0:2.6.18-371.9.1.el5
  • kernel-0:2.6.32-431.23.3.el6
  • kernel-abi-whitelists-0:2.6.32-431.23.3.el6
  • kernel-bootwrapper-0:2.6.32-431.23.3.el6
  • kernel-debug-0:2.6.32-431.23.3.el6
  • kernel-debug-debuginfo-0:2.6.32-431.23.3.el6
  • kernel-debug-devel-0:2.6.32-431.23.3.el6
  • kernel-debuginfo-0:2.6.32-431.23.3.el6
  • kernel-debuginfo-common-i686-0:2.6.32-431.23.3.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-431.23.3.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-431.23.3.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-431.23.3.el6
  • kernel-devel-0:2.6.32-431.23.3.el6
  • kernel-doc-0:2.6.32-431.23.3.el6
  • kernel-firmware-0:2.6.32-431.23.3.el6
  • kernel-headers-0:2.6.32-431.23.3.el6
  • kernel-kdump-0:2.6.32-431.23.3.el6
  • kernel-kdump-debuginfo-0:2.6.32-431.23.3.el6
  • kernel-kdump-devel-0:2.6.32-431.23.3.el6
  • perf-0:2.6.32-431.23.3.el6
  • perf-debuginfo-0:2.6.32-431.23.3.el6
  • python-perf-0:2.6.32-431.23.3.el6
  • python-perf-debuginfo-0:2.6.32-431.23.3.el6
  • kernel-0:2.6.32-358.48.1.el6
  • kernel-bootwrapper-0:2.6.32-358.48.1.el6
  • kernel-debug-0:2.6.32-358.48.1.el6
  • kernel-debug-debuginfo-0:2.6.32-358.48.1.el6
  • kernel-debug-devel-0:2.6.32-358.48.1.el6
  • kernel-debuginfo-0:2.6.32-358.48.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-358.48.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-358.48.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-358.48.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-358.48.1.el6
  • kernel-devel-0:2.6.32-358.48.1.el6
  • kernel-doc-0:2.6.32-358.48.1.el6
  • kernel-firmware-0:2.6.32-358.48.1.el6
  • kernel-headers-0:2.6.32-358.48.1.el6
  • kernel-kdump-0:2.6.32-358.48.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-358.48.1.el6
  • kernel-kdump-devel-0:2.6.32-358.48.1.el6
  • perf-0:2.6.32-358.48.1.el6
  • perf-debuginfo-0:2.6.32-358.48.1.el6
  • python-perf-0:2.6.32-358.48.1.el6
  • python-perf-debuginfo-0:2.6.32-358.48.1.el6

Seebug

bulletinFamilyexploit
descriptionCVE ID:CVE-2013-7339 Linux Kernel是一款开源的操作系统。 Linux Kernel &quot;rds_ib_laddr_check()&quot;函数(net/rds/ib.c)存在一个空指针引用错误,允许本地攻击者利用漏洞使内核崩溃,造成拒绝服务攻击。 0 Linux Kernel 2.6.32.61 用户可参考厂商的GIT库以获得补丁修复此漏洞: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c2349758acf1874e4c2b93fe41d072336f1a31d0
idSSV:61914
last seen2017-11-19
modified2014-03-25
published2014-03-25
reporterRoot
titleLinux Kernel &quot;rds_ib_laddr_check()&quot;空指针引用漏洞