Vulnerabilities > CVE-2014-2851 - Use After Free vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
linux
debian
CWE-416
nessus
exploit available

Summary

Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.

Vulnerable Configurations

Part Description Count
OS
Linux
484
OS
Debian
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionLinux group_info refcounter - Overflow Memory Corruption. CVE-2014-2851. Dos exploit for linux platform
idEDB-ID:32926
last seen2016-02-03
modified2014-04-18
published2014-04-18
reporterThomas Pollet
sourcehttps://www.exploit-db.com/download/32926/
titleLinux group_info refcounter - Overflow Memory Corruption

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-124.NASL
    descriptionMultiple vulnerabilities has been found and corrected in the Linux kernel : kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number (CVE-2014-3917). The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification (CVE-2014-3153). Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions (CVE-2014-2672). The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced (CVE-2014-3144). The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced (CVE-2014-3145). Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter (CVE-2014-2851). The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the LECHO !OPOST case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings (CVE-2014-0196). The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device (CVE-2014-1738). The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device (CVE-2014-1737). The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports (CVE-2014-2678). drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions (CVE-2014-0077). The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets (CVE-2014-2309). Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (CVE-2013-2897). net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function (CVE-2014-2523). Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c (CVE-2014-2706). The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk (CVE-2014-0101). The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer (CVE-2014-0069). arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390 platform does not properly handle attempted use of the linkage stack, which allows local users to cause a denial of service (system crash) by executing a crafted instruction (CVE-2014-2039). Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function (CVE-2012-2137). The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context (CVE-2014-1874). The updated packages provides a solution for these security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id74513
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74513
    titleMandriva Linux Security Advisory : kernel (MDVSA-2014:124)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandriva Linux Security Advisory MDVSA-2014:124. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74513);
      script_version("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:56");
    
      script_cve_id("CVE-2012-2137", "CVE-2013-2897", "CVE-2014-0069", "CVE-2014-0077", "CVE-2014-0101", "CVE-2014-0196", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-1874", "CVE-2014-2039", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2672", "CVE-2014-2678", "CVE-2014-2706", "CVE-2014-2851", "CVE-2014-3144", "CVE-2014-3145", "CVE-2014-3153", "CVE-2014-3917");
      script_bugtraq_id(54063, 62044, 65459, 65588, 65700, 65943, 66095, 66279, 66492, 66543, 66591, 66678, 66779, 67282, 67300, 67302, 67309, 67321, 67906);
      script_xref(name:"MDVSA", value:"2014:124");
    
      script_name(english:"Mandriva Linux Security Advisory : kernel (MDVSA-2014:124)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandriva Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Multiple vulnerabilities has been found and corrected in the Linux
    kernel :
    
    kernel/auditsc.c in the Linux kernel through 3.14.5, when
    CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows
    local users to obtain potentially sensitive single-bit values from
    kernel memory or cause a denial of service (OOPS) via a large value of
    a syscall number (CVE-2014-3917).
    
    The futex_requeue function in kernel/futex.c in the Linux kernel
    through 3.14.5 does not ensure that calls have two different futex
    addresses, which allows local users to gain privileges via a crafted
    FUTEX_REQUEUE command that facilitates unsafe waiter modification
    (CVE-2014-3153).
    
    Race condition in the ath_tx_aggr_sleep function in
    drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before
    3.13.7 allows remote attackers to cause a denial of service (system
    crash) via a large amount of network traffic that triggers certain
    list deletions (CVE-2014-2672).
    
    The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension
    implementations in the sk_run_filter function in net/core/filter.c in
    the Linux kernel through 3.14.3 do not check whether a certain length
    value is sufficiently large, which allows local users to cause a
    denial of service (integer underflow and system crash) via crafted BPF
    instructions. NOTE: the affected code was moved to the
    __skb_get_nlattr and __skb_get_nlattr_nest functions before the
    vulnerability was announced (CVE-2014-3144).
    
    The BPF_S_ANC_NLATTR_NEST extension implementation in the
    sk_run_filter function in net/core/filter.c in the Linux kernel
    through 3.14.3 uses the reverse order in a certain subtraction, which
    allows local users to cause a denial of service (over-read and system
    crash) via crafted BPF instructions. NOTE: the affected code was moved
    to the __skb_get_nlattr_nest function before the vulnerability was
    announced (CVE-2014-3145).
    
    Integer overflow in the ping_init_sock function in net/ipv4/ping.c in
    the Linux kernel through 3.14.1 allows local users to cause a denial
    of service (use-after-free and system crash) or possibly gain
    privileges via a crafted application that leverages an improperly
    managed reference counter (CVE-2014-2851).
    
    The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel
    through 3.14.3 does not properly manage tty driver access in the LECHO
    !OPOST case, which allows local users to cause a denial of service
    (memory corruption and system crash) or gain privileges by triggering
    a race condition involving read and write operations with long strings
    (CVE-2014-0196).
    
    The raw_cmd_copyout function in drivers/block/floppy.c in the Linux
    kernel through 3.14.3 does not properly restrict access to certain
    pointers during processing of an FDRAWCMD ioctl call, which allows
    local users to obtain sensitive information from kernel heap memory by
    leveraging write access to a /dev/fd device (CVE-2014-1738).
    
    The raw_cmd_copyin function in drivers/block/floppy.c in the Linux
    kernel through 3.14.3 does not properly handle error conditions during
    processing of an FDRAWCMD ioctl call, which allows local users to
    trigger kfree operations and gain privileges by leveraging write
    access to a /dev/fd device (CVE-2014-1737).
    
    The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel
    through 3.14 allows local users to cause a denial of service (NULL
    pointer dereference and system crash) or possibly have unspecified
    other impact via a bind system call for an RDS socket on a system that
    lacks RDS transports (CVE-2014-2678).
    
    drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable
    buffers are disabled, does not properly validate packet lengths, which
    allows guest OS users to cause a denial of service (memory corruption
    and host OS crash) or possibly gain privileges on the host OS via
    crafted packets, related to the handle_rx and get_rx_bufs functions
    (CVE-2014-0077).
    
    The ip6_route_add function in net/ipv6/route.c in the Linux kernel
    through 3.13.6 does not properly count the addition of routes, which
    allows remote attackers to cause a denial of service (memory
    consumption) via a flood of ICMPv6 Router Advertisement packets
    (CVE-2014-2309).
    
    Multiple array index errors in drivers/hid/hid-multitouch.c in the
    Human Interface Device (HID) subsystem in the Linux kernel through
    3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically
    proximate attackers to cause a denial of service (heap memory
    corruption, or NULL pointer dereference and OOPS) via a crafted device
    (CVE-2013-2897).
    
    net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through
    3.13.6 uses a DCCP header pointer incorrectly, which allows remote
    attackers to cause a denial of service (system crash) or possibly
    execute arbitrary code via a DCCP packet that triggers a call to the
    (1) dccp_new, (2) dccp_packet, or (3) dccp_error function
    (CVE-2014-2523).
    
    Race condition in the mac80211 subsystem in the Linux kernel before
    3.13.7 allows remote attackers to cause a denial of service (system
    crash) via network traffic that improperly interacts with the
    WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and
    tx.c (CVE-2014-2706).
    
    The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the
    Linux kernel through 3.13.6 does not validate certain auth_enable and
    auth_capable fields before making an sctp_sf_authenticate call, which
    allows remote attackers to cause a denial of service (NULL pointer
    dereference and system crash) via an SCTP handshake with a modified
    INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk
    (CVE-2014-0101).
    
    The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel
    through 3.13.5 does not properly handle uncached write operations that
    copy fewer than the requested number of bytes, which allows local
    users to obtain sensitive information from kernel memory, cause a
    denial of service (memory corruption and system crash), or possibly
    gain privileges via a writev system call with a crafted pointer
    (CVE-2014-0069).
    
    arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the
    s390 platform does not properly handle attempted use of the linkage
    stack, which allows local users to cause a denial of service (system
    crash) by executing a crafted instruction (CVE-2014-2039).
    
    Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the
    Linux kernel before 3.2.24 allows local users to cause a denial of
    service (crash) and possibly execute arbitrary code via vectors
    related to Message Signaled Interrupts (MSI), irq routing entries, and
    an incorrect check by the setup_routing_entry function before invoking
    the kvm_set_irq function (CVE-2012-2137).
    
    The security_context_to_sid_core function in
    security/selinux/ss/services.c in the Linux kernel before 3.13.4
    allows local users to cause a denial of service (system crash) by
    leveraging the CAP_MAC_ADMIN capability to set a zero-length security
    context (CVE-2014-1874).
    
    The updated packages provides a solution for these security issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Android "Towelroot" Futex Requeue Kernel Exploit');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cpupower");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cpupower-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cpupower0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/06/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"cpupower-3.4.93-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", reference:"kernel-firmware-3.4.93-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-headers-3.4.93-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-server-3.4.93-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-server-devel-3.4.93-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", reference:"kernel-source-3.4.93-1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64cpupower-devel-3.4.93-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64cpupower0-3.4.93-1.1.mbs1")) flag++;
    if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"perf-3.4.93-1.1.mbs1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2223-1.NASL
    descriptionMatthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738) Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. (CVE-2014-1737) A flaw was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id74211
    published2014-05-28
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74211
    titleUbuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2223-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2223-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74211);
      script_version("1.13");
      script_cvs_date("Date: 2019/09/19 12:54:30");
    
      script_cve_id("CVE-2013-4483", "CVE-2014-0055", "CVE-2014-0077", "CVE-2014-0101", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2672", "CVE-2014-2678", "CVE-2014-2706", "CVE-2014-2851", "CVE-2014-3122");
      script_bugtraq_id(63445, 65943, 66095, 66279, 66441, 66492, 66543, 66591, 66678, 66779, 67162, 67300, 67302);
      script_xref(name:"USN", value:"2223-1");
    
      script_name(english:"Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2223-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Matthew Daley reported an information leak in the floppy disk driver
    of the Linux kernel. An unprivileged local user could exploit this
    flaw to obtain potentially sensitive information from kernel memory.
    (CVE-2014-1738)
    
    Matthew Daley reported a flaw in the handling of ioctl commands by the
    floppy disk driver in the Linux kernel. An unprivileged local user
    could exploit this flaw to gain administrative privileges if the
    floppy disk module is loaded. (CVE-2014-1737)
    
    A flaw was discovered in the Linux kernel's IPC reference counting. An
    unprivileged local user could exploit this flaw to cause a denial of
    service (OOM system crash). (CVE-2013-4483)
    
    A flaw was discovered in the vhost-net subsystem of the Linux kernel.
    Guest OS users could exploit this flaw to cause a denial of service
    (host OS crash). (CVE-2014-0055)
    
    A flaw was discovered in the handling of network packets when
    mergeable buffers are disabled for virtual machines in the Linux
    kernel. Guest OS users may exploit this flaw to cause a denial of
    service (host OS crash) or possibly gain privilege on the host OS.
    (CVE-2014-0077)
    
    A flaw was discovered in the Linux kernel's handling of the SCTP
    handshake. A remote attacker could exploit this flaw to cause a denial
    of service (system crash). (CVE-2014-0101)
    
    A flaw was discovered in the handling of routing information in Linux
    kernel's IPv6 stack. A remote attacker could exploit this flaw to
    cause a denial of service (memory consumption) via a flood of ICMPv6
    router advertisement packets. (CVE-2014-2309)
    
    An error was discovered in the Linux kernel's DCCP protocol support. A
    remote attacked could exploit this flaw to cause a denial of service
    (system crash) or possibly execute arbitrary code. (CVE-2014-2523)
    
    Max Sydorenko discovered a race condition in the Atheros 9k wireless
    driver in the Linux kernel. This race could be exploited by remote
    attackers to cause a denial of service (system crash). (CVE-2014-2672)
    
    An error was discovered in the Reliable Datagram Sockets (RDS)
    protocol stack in the Linux kernel. A local user could exploit this
    flaw to cause a denial of service (system crash) or possibly have
    unspecified other impact. (CVE-2014-2678)
    
    Yaara Rozenblum discovered a race condition in the Linux kernel's
    Generic IEEE 802.11 Networking Stack (mac80211). Remote attackers
    could exploit this flaw to cause a denial of service (system crash).
    (CVE-2014-2706)
    
    A flaw was discovered in the Linux kernel's ping sockets. An
    unprivileged local user could exploit this flaw to cause a denial of
    service (system crash) or possibly gain privileges via a crafted
    application. (CVE-2014-2851)
    
    Sasha Levin reported a bug in the Linux kernel's virtual memory
    management subsystem. An unprivileged local user could exploit this
    flaw to cause a denial of service (system crash). (CVE-2014-3122).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2223-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected linux-image-3.5-generic package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-4483", "CVE-2014-0055", "CVE-2014-0077", "CVE-2014-0101", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2672", "CVE-2014-2678", "CVE-2014-2706", "CVE-2014-2851", "CVE-2014-3122");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2223-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.5.0-51-generic", pkgver:"3.5.0-51.76~precise1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.5-generic");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1168.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes three security issues and one bug is now available. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: a subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A NULL pointer dereference flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id79048
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79048
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2014:1168)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:1168. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79048);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/24 15:35:38");
    
      script_cve_id("CVE-2014-0222", "CVE-2014-0223", "CVE-2014-3535");
      script_bugtraq_id(67357, 67391);
      script_xref(name:"RHSA", value:"2014:1168");
    
      script_name(english:"RHEL 6 : rhev-hypervisor6 (RHSA-2014:1168)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated rhev-hypervisor6 package that fixes three security issues
    and one bug is now available.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The rhev-hypervisor6 package provides a Red Hat Enterprise
    Virtualization Hypervisor ISO disk image. The Red Hat Enterprise
    Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine
    (KVM) hypervisor. It includes everything necessary to run and manage
    virtual machines: a subset of the Red Hat Enterprise Linux operating
    environment and the Red Hat Enterprise Virtualization Agent.
    
    Note: Red Hat Enterprise Virtualization Hypervisor is only available
    for the Intel 64 and AMD64 architectures with virtualization
    extensions.
    
    A NULL pointer dereference flaw was found in the way the Linux
    kernel's networking implementation handled logging while processing
    certain invalid packets coming in via a VxLAN interface. A remote
    attacker could use this flaw to crash the system by sending a
    specially crafted packet to such an interface. (CVE-2014-3535)
    
    Two integer overflow flaws were found in the QEMU block driver for
    QCOW version 1 disk images. A user able to alter the QEMU disk image
    files loaded by a guest could use either of these flaws to corrupt
    QEMU process memory on the host, which could potentially result in
    arbitrary code execution on the host with the privileges of the QEMU
    process. (CVE-2014-0222, CVE-2014-0223)
    
    Red Hat would like to thank NSA for reporting CVE-2014-0222 and
    CVE-2014-0223.
    
    This update also fixes the following bug :
    
    * Previously, an updated version of Qlogic firmware was not supported
    in the Red Hat Enterprise Virtualization Hypervisor 6.5 image and an
    error message returned when users were using a newer version of Qlogic
    firmware. This update includes the latest Qlogic firmware package in
    the Red Hat Enterprise Virtualization Hypervisor 6.5 image so no
    firmware errors are returned. (BZ#1135780)
    
    This updated package also provides updated components that include
    fixes for various security issues. These issues have no security
    impact on Red Hat Enterprise Virtualization Hypervisor itself,
    however. The security fixes included in this update address the
    following CVE numbers :
    
    CVE-2012-6647, CVE-2013-7339, CVE-2014-2672, CVE-2014-2678,
    CVE-2014-2706, CVE-2014-2851, CVE-2014-3144, CVE-2014-3145,
    CVE-2014-0205, CVE-2014-3917, and CVE-2014-4667 (kernel issues)
    
    Users of the Red Hat Enterprise Virtualization Hypervisor are advised
    to upgrade to this updated package."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2014:1168"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-0223"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-0222"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-3535"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected rhev-hypervisor6 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/09/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2014:1168";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", reference:"rhev-hypervisor6-6.5-20140821.1.el6ev")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhev-hypervisor6");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-451.NASL
    descriptionThe Linux kernel was updated to fix security issues and bugs : Security issues fixed: CVE-2014-3153: The futex_requeue function in kernel/futex.c in the Linux kernel did not ensure that calls have two different futex addresses, which allowed local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. CVE-2014-0077: drivers/vhost/net.c in the Linux kernel, when mergeable buffers are disabled, did not properly validate packet lengths, which allowed guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package did not properly handle vhost_get_vq_desc errors, which allowed guest OS users to cause a denial of service (host OS crash) via unspecified vectors. CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. CVE-2014-2851: Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel did not properly consider which pages must be locked, which allowed local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings. Bugs fixed : - memcg: deprecate memory.force_empty knob (bnc#878274).
    last seen2020-06-05
    modified2014-07-02
    plugin id76342
    published2014-07-02
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76342
    titleopenSUSE Security Update : kernel (openSUSE-SU-2014:0856-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2014-451.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76342);
      script_version("1.10");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-7339", "CVE-2014-0055", "CVE-2014-0077", "CVE-2014-2678", "CVE-2014-2851", "CVE-2014-3122", "CVE-2014-3153");
    
      script_name(english:"openSUSE Security Update : kernel (openSUSE-SU-2014:0856-1)");
      script_summary(english:"Check for the openSUSE-2014-451 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Linux kernel was updated to fix security issues and bugs :
    
    Security issues fixed: CVE-2014-3153: The futex_requeue function in
    kernel/futex.c in the Linux kernel did not ensure that calls have two
    different futex addresses, which allowed local users to gain
    privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe
    waiter modification.
    
    CVE-2014-0077: drivers/vhost/net.c in the Linux kernel, when mergeable
    buffers are disabled, did not properly validate packet lengths, which
    allowed guest OS users to cause a denial of service (memory corruption
    and host OS crash) or possibly gain privileges on the host OS via
    crafted packets, related to the handle_rx and get_rx_bufs functions.
    
    CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the
    vhost-net subsystem in the Linux kernel package did not properly
    handle vhost_get_vq_desc errors, which allowed guest OS users to cause
    a denial of service (host OS crash) via unspecified vectors.
    
    CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the
    Linux kernel allowed local users to cause a denial of service (NULL
    pointer dereference and system crash) or possibly have unspecified
    other impact via a bind system call for an RDS socket on a system that
    lacks RDS transports.
    
    CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the
    Linux kernel allowed local users to cause a denial of service (NULL
    pointer dereference and system crash) or possibly have unspecified
    other impact via a bind system call for an RDS socket on a system that
    lacks RDS transports.
    
    CVE-2014-2851: Integer overflow in the ping_init_sock function in
    net/ipv4/ping.c in the Linux kernel allowed local users to cause a
    denial of service (use-after-free and system crash) or possibly gain
    privileges via a crafted application that leverages an improperly
    managed reference counter.
    
    CVE-2014-3122: The try_to_unmap_cluster function in mm/rmap.c in the
    Linux kernel did not properly consider which pages must be locked,
    which allowed local users to cause a denial of service (system crash)
    by triggering a memory-usage pattern that requires removal of
    page-table mappings.
    
    Bugs fixed :
    
      - memcg: deprecate memory.force_empty knob (bnc#878274)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=869563"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=870173"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=870576"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=871561"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=873374"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=876102"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=878274"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=880892"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2014-07/msg00002.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Android "Towelroot" Futex Requeue Kernel Exploit');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/06/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-base-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-base-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-debugsource-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-devel-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-devel-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-devel-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-source-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-source-vanilla-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-syms-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-base-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-base-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-debugsource-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-devel-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-devel-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-base-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-base-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-debugsource-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-devel-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-devel-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-base-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-base-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-debugsource-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-devel-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-devel-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-base-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-base-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-debugsource-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-devel-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-devel-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-base-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-base-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-debugsource-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-devel-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-devel-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-debugsource-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-devel-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-devel-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-base-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-base-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-debugsource-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-devel-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-devel-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-base-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-base-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-debugsource-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-devel-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-devel-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-base-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-base-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-debugsource-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-devel-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-devel-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-base-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-base-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-debugsource-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-devel-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-devel-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-base-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-base-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-debugsource-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-devel-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-devel-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-base-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-base-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-debugsource-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-devel-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-devel-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-debugsource-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-devel-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-devel-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-base-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-debugsource-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-devel-3.7.10-1.36.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-devel-debuginfo-3.7.10-1.36.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-3034.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id74101
    published2014-05-20
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74101
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3034)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from Oracle Linux
    # Security Advisory ELSA-2014-3034.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74101);
      script_version("1.20");
      script_cvs_date("Date: 2019/09/30 10:58:19");
    
      script_cve_id("CVE-2013-2929", "CVE-2013-4587", "CVE-2013-6383", "CVE-2013-6885", "CVE-2013-7263", "CVE-2013-7265", "CVE-2013-7266", "CVE-2014-0038", "CVE-2014-0049", "CVE-2014-0055", "CVE-2014-0069", "CVE-2014-0077", "CVE-2014-0101", "CVE-2014-0196", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2851");
      script_bugtraq_id(63983, 64328, 64743, 65255, 65909, 66095, 67199, 67282);
    
      script_name(english:"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3034)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote Oracle Linux host is missing a security update for
    the Unbreakable Enterprise kernel package(s)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-May/004134.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected unbreakable enterprise kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel recvmmsg Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-35.el6uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-provider-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-2929", "CVE-2013-4587", "CVE-2013-6383", "CVE-2013-6885", "CVE-2013-7263", "CVE-2013-7265", "CVE-2013-7266", "CVE-2014-0038", "CVE-2014-0049", "CVE-2014-0055", "CVE-2014-0069", "CVE-2014-0077", "CVE-2014-0101", "CVE-2014-0196", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2851");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2014-3034");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "3.8";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_check(release:"EL6", cpu:"x86_64", reference:"dtrace-modules-3.8.13-35.el6uek-0.4.3-4.el6")) flag++;
    if (rpm_check(release:"EL6", cpu:"x86_64", reference:"dtrace-modules-headers-0.4.3-4.el6")) flag++;
    if (rpm_check(release:"EL6", cpu:"x86_64", reference:"dtrace-modules-provider-headers-0.4.3-4.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-3.8.13-35.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-3.8.13-35.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-devel-3.8.13-35.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-devel-3.8.13-35.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-doc-3.8.13-35.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-firmware-3.8.13-35.el6uek")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2260-1.NASL
    descriptionA flaw was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76295
    published2014-06-28
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76295
    titleUbuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2260-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2260-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76295);
      script_version("1.20");
      script_cvs_date("Date: 2019/09/19 12:54:30");
    
      script_cve_id("CVE-2014-0077", "CVE-2014-0196", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-2568", "CVE-2014-2851", "CVE-2014-3122", "CVE-2014-3153");
      script_bugtraq_id(66348, 66678, 66779, 67162, 67199, 67300, 67302, 67906);
      script_xref(name:"USN", value:"2260-1");
    
      script_name(english:"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2260-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A flaw was discovered in the Linux kernel's pseudo tty (pty) device.
    An unprivileged user could exploit this flaw to cause a denial of
    service (system crash) or potentially gain administrator privileges.
    (CVE-2014-0196)
    
    Pinkie Pie discovered a flaw in the Linux kernel's futex subsystem. An
    unprivileged local user could exploit this flaw to cause a denial of
    service (system crash) or gain administrative privileges.
    (CVE-2014-3153)
    
    Matthew Daley reported an information leak in the floppy disk driver
    of the Linux kernel. An unprivileged local user could exploit this
    flaw to obtain potentially sensitive information from kernel memory.
    (CVE-2014-1738)
    
    Matthew Daley reported a flaw in the handling of ioctl commands by the
    floppy disk driver in the Linux kernel. An unprivileged local user
    could exploit this flaw to gain administrative privileges if the
    floppy disk module is loaded. (CVE-2014-1737)
    
    A flaw was discovered in the handling of network packets when
    mergeable buffers are disabled for virtual machines in the Linux
    kernel. Guest OS users may exploit this flaw to cause a denial of
    service (host OS crash) or possibly gain privilege on the host OS.
    (CVE-2014-0077)
    
    An information leak was discovered in the netfilter subsystem of the
    Linux kernel. An attacker could exploit this flaw to obtain sensitive
    information from kernel memory. (CVE-2014-2568)
    
    A flaw was discovered in the Linux kernel's ping sockets. An
    unprivileged local user could exploit this flaw to cause a denial of
    service (system crash) or possibly gain privileges via a crafted
    application. (CVE-2014-2851)
    
    Sasha Levin reported a bug in the Linux kernel's virtual memory
    management subsystem. An unprivileged local user could exploit this
    flaw to cause a denial of service (system crash). (CVE-2014-3122).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2260-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected linux-image-3.13-generic and / or
    linux-image-3.13-generic-lpae packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Android "Towelroot" Futex Requeue Kernel Exploit');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/06/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2014-0077", "CVE-2014-0196", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-2568", "CVE-2014-2851", "CVE-2014-3122", "CVE-2014-3153");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2260-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.13.0-30-generic", pkgver:"3.13.0-30.54~precise2")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.13.0-30-generic-lpae", pkgver:"3.13.0-30.54~precise2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.13-generic / linux-image-3.13-generic-lpae");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1479.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the
    last seen2020-03-19
    modified2019-05-13
    plugin id124803
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124803
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1479)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124803);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");
    
      script_cve_id(
        "CVE-2014-0196",
        "CVE-2014-0206",
        "CVE-2014-1444",
        "CVE-2014-1445",
        "CVE-2014-1446",
        "CVE-2014-1690",
        "CVE-2014-1737",
        "CVE-2014-1738",
        "CVE-2014-1739",
        "CVE-2014-1874",
        "CVE-2014-2038",
        "CVE-2014-2309",
        "CVE-2014-2523",
        "CVE-2014-2568",
        "CVE-2014-2672",
        "CVE-2014-2673",
        "CVE-2014-2706",
        "CVE-2014-2851",
        "CVE-2014-3122",
        "CVE-2014-3144",
        "CVE-2014-3145"
      );
      script_bugtraq_id(
        64952,
        64953,
        64954,
        65180,
        65459,
        65688,
        66095,
        66279,
        66348,
        66477,
        66492,
        66591,
        66779,
        67162,
        67199,
        67282,
        67300,
        67302,
        67309,
        67321,
        68048,
        68176
      );
    
      script_name(english:"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1479)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization installation on the remote host is affected by
    the following vulnerabilities :
    
      - The n_tty_write function in drivers/tty/n_tty.c in the
        Linux kernel through 3.14.3 does not properly manage
        tty driver access in the 'LECHO i1/4+ !OPOST' case, which
        allows local users to cause a denial of service (memory
        corruption and system crash) or gain privileges by
        triggering a race condition involving read and write
        operations with long strings.(CVE-2014-0196)
    
      - Array index error in the aio_read_events_ring function
        in fs/aio.c in the Linux kernel through 3.15.1 allows
        local users to obtain sensitive information from kernel
        memory via a large head value.(CVE-2014-0206)
    
      - The fst_get_iface function in drivers/net/wan/farsync.c
        in the Linux kernel before 3.11.7 does not properly
        initialize a certain data structure, which allows local
        users to obtain sensitive information from kernel
        memory by leveraging the CAP_NET_ADMIN capability for
        an SIOCWANDEV ioctl call.(CVE-2014-1444)
    
      - The wanxl_ioctl function in drivers/net/wan/wanxl.c in
        the Linux kernel before 3.11.7 does not properly
        initialize a certain data structure, which allows local
        users to obtain sensitive information from kernel
        memory via an ioctl call.(CVE-2014-1445)
    
      - The yam_ioctl function in drivers/net/hamradio/yam.c in
        the Linux kernel before 3.12.8 does not initialize a
        certain structure member, which allows local users to
        obtain sensitive information from kernel memory by
        leveraging the CAP_NET_ADMIN capability for an
        SIOCYAMGCFG ioctl call.(CVE-2014-1446)
    
      - The help function in net/netfilter/nf_nat_irc.c in the
        Linux kernel before 3.12.8 allows remote attackers to
        obtain sensitive information from kernel memory by
        establishing an IRC DCC session in which incorrect
        packet data is transmitted during use of the NAT mangle
        feature.(CVE-2014-1690)
    
      - A flaw was found in the way the Linux kernel's floppy
        driver handled user space provided data in certain
        error code paths while processing FDRAWCMD IOCTL
        commands. A local user with write access to /dev/fdX
        could use this flaw to free (using the kfree()
        function) arbitrary kernel memory. (CVE-2014-1737,
        Important)
    
      - It was found that the Linux kernel's floppy driver
        leaked internal kernel memory addresses to user space
        during the processing of the FDRAWCMD IOCTL command. A
        local user with write access to /dev/fdX could use this
        flaw to obtain information about the kernel heap
        arrangement. (CVE-2014-1738, Low)
    
      - Note: A local user with write access to /dev/fdX could
        use these two flaws (CVE-2014-1737 in combination with
        CVE-2014-1738) to escalate their privileges on the
        system.(CVE-2014-1737)
    
      - A flaw was found in the way the Linux kernel's floppy
        driver handled user space provided data in certain
        error code paths while processing FDRAWCMD IOCTL
        commands. A local user with write access to /dev/fdX
        could use this flaw to free (using the kfree()
        function) arbitrary kernel memory. (CVE-2014-1737,
        Important)
    
      - It was found that the Linux kernel's floppy driver
        leaked internal kernel memory addresses to user space
        during the processing of the FDRAWCMD IOCTL command. A
        local user with write access to /dev/fdX could use this
        flaw to obtain information about the kernel heap
        arrangement. (CVE-2014-1738, Low)
    
      - Note: A local user with write access to /dev/fdX could
        use these two flaws (CVE-2014-1737 in combination with
        CVE-2014-1738) to escalate their privileges on the
        system.(CVE-2014-1738)
    
      - An information leak flaw was found in the way the Linux
        kernel handled media device enumerate entities IOCTL
        requests. A local user able to access the /dev/media0
        device file could use this flaw to leak kernel memory
        bytes.(CVE-2014-1739)
    
      - The security_context_to_sid_core function in
        security/selinux/ss/services.c in the Linux kernel
        before 3.13.4 allows local users to cause a denial of
        service (system crash) by leveraging the CAP_MAC_ADMIN
        capability to set a zero-length security
        context.(CVE-2014-1874)
    
      - The nfs_can_extend_write function in fs/nfs/write.c in
        the Linux kernel before 3.13.3 relies on a write
        delegation to extend a write operation without a
        certain up-to-date verification, which allows local
        users to obtain sensitive information from kernel
        memory in opportunistic circumstances by writing to a
        file in an NFS filesystem and then reading the same
        file.(CVE-2014-2038)
    
      - The ip6_route_add function in net/ipv6/route.c in the
        Linux kernel through 3.13.6 does not properly count the
        addition of routes, which allows remote attackers to
        cause a denial of service (memory consumption) via a
        flood of ICMPv6 Router Advertisement
        packets.(CVE-2014-2309)
    
      - net/netfilter/nf_conntrack_proto_dccp.c in the Linux
        kernel through 3.13.6 uses a DCCP header pointer
        incorrectly, which allows remote attackers to cause a
        denial of service (system crash) or possibly execute
        arbitrary code via a DCCP packet that triggers a call
        to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error
        function.(CVE-2014-2523)
    
      - Use-after-free vulnerability in the nfqnl_zcopy
        function in net/netfilter/nfnetlink_queue_core.c in the
        Linux kernel through 3.13.6 allows attackers to obtain
        sensitive information from kernel memory by leveraging
        the absence of a certain orphaning operation. NOTE: the
        affected code was moved to the skb_zerocopy function in
        net/core/skbuff.c before the vulnerability was
        announced.(CVE-2014-2568)
    
      - It was found that a remote attacker could use a race
        condition flaw in the ath_tx_aggr_sleep() function to
        crash the system by creating large network traffic on
        the system's Atheros 9k wireless network
        adapter.(CVE-2014-2672)
    
      - A flaw was found in the way the Linux kernel performed
        forking inside of a transaction. A local, unprivileged
        user on a PowerPC system that supports transactional
        memory could use this flaw to crash the
        system.(CVE-2014-2673)
    
      - A race condition flaw was found in the way the Linux
        kernel's mac80211 subsystem implementation handled
        synchronization between TX and STA wake-up code paths.
        A remote attacker could use this flaw to crash the
        system.(CVE-2014-2706)
    
      - A use-after-free flaw was found in the way the
        ping_init_sock() function of the Linux kernel handled
        the group_info reference counter. A local, unprivileged
        user could use this flaw to crash the system or,
        potentially, escalate their privileges on the
        system.(CVE-2014-2851)
    
      - It was found that the try_to_unmap_cluster() function
        in the Linux kernel's Memory Managment subsystem did
        not properly handle page locking in certain cases,
        which could potentially trigger the BUG_ON() macro in
        the mlock_vma_page() function. A local, unprivileged
        user could use this flaw to crash the
        system.(CVE-2014-3122)
    
      - The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST
        extension implementations in the sk_run_filter function
        in net/core/filter.c in the Linux kernel through 3.14.3
        do not check whether a certain length value is
        sufficiently large, which allows local users to cause a
        denial of service (integer underflow and system crash)
        via crafted BPF instructions. NOTE: the affected code
        was moved to the __skb_get_nlattr and
        __skb_get_nlattr_nest functions before the
        vulnerability was announced.(CVE-2014-3144)
    
      - The BPF_S_ANC_NLATTR_NEST extension implementation in
        the sk_run_filter function in net/core/filter.c in the
        Linux kernel through 3.14.3 uses the reverse order in a
        certain subtraction, which allows local users to cause
        a denial of service (over-read and system crash) via
        crafted BPF instructions. NOTE: the affected code was
        moved to the __skb_get_nlattr_nest function before the
        vulnerability was announced.(CVE-2014-3145)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1479
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7d6a0a29");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/13");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-3.10.0-862.14.1.6_42",
            "kernel-devel-3.10.0-862.14.1.6_42",
            "kernel-headers-3.10.0-862.14.1.6_42",
            "kernel-tools-3.10.0-862.14.1.6_42",
            "kernel-tools-libs-3.10.0-862.14.1.6_42",
            "kernel-tools-libs-devel-3.10.0-862.14.1.6_42",
            "perf-3.10.0-862.14.1.6_42",
            "python-perf-3.10.0-862.14.1.6_42"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-0981.NASL
    descriptionUpdated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-2851, Important) * A NULL pointer dereference flaw was found in the way the futex_wait_requeue_pi() function of the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76948
    published2014-08-01
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76948
    titleCentOS 6 : kernel (CESA-2014:0981)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:0981 and 
    # CentOS Errata and Security Advisory 2014:0981 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76948);
      script_version("1.9");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2012-6647", "CVE-2013-7339", "CVE-2014-2672", "CVE-2014-2678", "CVE-2014-2706", "CVE-2014-2851", "CVE-2014-3144", "CVE-2014-3145");
      script_bugtraq_id(66351, 66492, 66543, 66591, 66779, 67309, 67321, 67395);
      script_xref(name:"RHSA", value:"2014:0981");
    
      script_name(english:"CentOS 6 : kernel (CESA-2014:0981)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix multiple security issues, several
    bugs, and add one enhancement are now available for Red Hat Enterprise
    Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    Important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * A use-after-free flaw was found in the way the ping_init_sock()
    function of the Linux kernel handled the group_info reference counter.
    A local, unprivileged user could use this flaw to crash the system or,
    potentially, escalate their privileges on the system. (CVE-2014-2851,
    Important)
    
    * A NULL pointer dereference flaw was found in the way the
    futex_wait_requeue_pi() function of the Linux kernel's futex subsystem
    handled the requeuing of certain Priority Inheritance (PI) futexes. A
    local, unprivileged user could use this flaw to crash the system.
    (CVE-2012-6647, Moderate)
    
    * A NULL pointer dereference flaw was found in the
    rds_ib_laddr_check() function in the Linux kernel's implementation of
    Reliable Datagram Sockets (RDS). A local, unprivileged user could use
    this flaw to crash the system. (CVE-2013-7339, Moderate)
    
    * It was found that a remote attacker could use a race condition flaw
    in the ath_tx_aggr_sleep() function to crash the system by creating
    large network traffic on the system's Atheros 9k wireless network
    adapter. (CVE-2014-2672, Moderate)
    
    * A NULL pointer dereference flaw was found in the
    rds_iw_laddr_check() function in the Linux kernel's implementation of
    Reliable Datagram Sockets (RDS). A local, unprivileged user could use
    this flaw to crash the system. (CVE-2014-2678, Moderate)
    
    * A race condition flaw was found in the way the Linux kernel's
    mac80211 subsystem implementation handled synchronization between TX
    and STA wake-up code paths. A remote attacker could use this flaw to
    crash the system. (CVE-2014-2706, Moderate)
    
    * An out-of-bounds memory access flaw was found in the Netlink
    Attribute extension of the Berkeley Packet Filter (BPF) interpreter
    functionality in the Linux kernel's networking implementation. A
    local, unprivileged user could use this flaw to crash the system or
    leak kernel memory to user space via a specially crafted socket
    filter. (CVE-2014-3144, CVE-2014-3145, Moderate)
    
    This update also fixes several bugs and adds one enhancement.
    Documentation for these changes will be available shortly from the
    Technical Notes document linked to in the References section.
    
    All kernel users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues and add this
    enhancement. The system must be rebooted for this update to take
    effect."
      );
      # https://lists.centos.org/pipermail/centos-announce/2014-July/020458.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?71444326"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-2672");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/07/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", reference:"kernel-2.6.32-431.23.3.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-abi-whitelists-2.6.32-431.23.3.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-debug-2.6.32-431.23.3.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-debug-devel-2.6.32-431.23.3.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-devel-2.6.32-431.23.3.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-doc-2.6.32-431.23.3.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-firmware-2.6.32-431.23.3.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-headers-2.6.32-431.23.3.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"perf-2.6.32-431.23.3.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"python-perf-2.6.32-431.23.3.el6")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1101.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-2851, Important) * A NULL pointer dereference flaw was found in the rds_ib_laddr_check() function in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id79043
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79043
    titleRHEL 6 : kernel (RHSA-2014:1101)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:1101. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79043);
      script_version("1.14");
      script_cvs_date("Date: 2019/10/24 15:35:38");
    
      script_cve_id("CVE-2013-7339", "CVE-2014-2672", "CVE-2014-2678", "CVE-2014-2706", "CVE-2014-2851");
      script_bugtraq_id(66351, 66492, 66543, 66591, 66779);
      script_xref(name:"RHSA", value:"2014:1101");
    
      script_name(english:"RHEL 6 : kernel (RHSA-2014:1101)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix multiple security issues and several
    bugs are now available for Red Hat Enterprise Linux 6.4 Extended
    Update Support.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * A use-after-free flaw was found in the way the ping_init_sock()
    function of the Linux kernel handled the group_info reference counter.
    A local, unprivileged user could use this flaw to crash the system or,
    potentially, escalate their privileges on the system. (CVE-2014-2851,
    Important)
    
    * A NULL pointer dereference flaw was found in the
    rds_ib_laddr_check() function in the Linux kernel's implementation of
    Reliable Datagram Sockets (RDS). A local, unprivileged user could use
    this flaw to crash the system. (CVE-2013-7339, Moderate)
    
    * It was found that a remote attacker could use a race condition flaw
    in the ath_tx_aggr_sleep() function to crash the system by creating
    large network traffic on the system's Atheros 9k wireless network
    adapter. (CVE-2014-2672, Moderate)
    
    * A NULL pointer dereference flaw was found in the
    rds_iw_laddr_check() function in the Linux kernel's implementation of
    Reliable Datagram Sockets (RDS). A local, unprivileged user could use
    this flaw to crash the system. (CVE-2014-2678, Moderate)
    
    * A race condition flaw was found in the way the Linux kernel's
    mac80211 subsystem implementation handled synchronization between TX
    and STA wake-up code paths. A remote attacker could use this flaw to
    crash the system. (CVE-2014-2706, Moderate)
    
    This update also fixes the following bugs :
    
    * The Completely Fair Scheduler (CFS) did not verify whether the CFS
    period timer is running while throttling tasks on the CFS run queue.
    Therefore under certain circumstances, the CFS run queue became stuck
    because the CFS period timer was inactive and could not be restarted.
    To fix this problem, the CFS now restarts the CFS period timer inside
    the throttling function if it is inactive. (BZ#1120666)
    
    * A previous change to the SCSI code fixed a race condition that could
    occur when removing a SCSI device. However, that change caused
    performance degradation because it used a certain function from the
    block layer code that was returning different values compared with
    later versions of the kernel. This update alters the SCSI code to
    properly utilize the values returned by the block layer code.
    (BZ#1117581)
    
    * If a statically defined gateway became unreachable and its
    corresponding neighbor entry entered a FAILED state, the gateway
    stayed in the FAILED state even after it became reachable again. This
    prevented routing of the traffic through that gateway. This update
    allows probing such a gateway automatically and routing the traffic
    through the gateway again once it becomes reachable. (BZ#1115262)
    
    * A miscalculation in the 'radix_tree' swap encoding corrupted swap
    area indexes bigger than 8 by truncating lower bits of swap entries.
    Consequently, systems with more than 8 swap areas could trigger a
    bogus OOM scenario when swapping out to such a swap area. This update
    fixes this problem by reducing a return value of the SWP_TYPE_SHIFT()
    function and removing a broken function call from the
    read_swap_header() function. (BZ#1099727)
    
    * The automatic route cache rebuilding feature could incorrectly
    compute the length of a route hash chain if the cache contained
    multiple entries with the same key but a different TOS, mark, or OIF
    bit. Consequently, the feature could reach the rebuild limit and
    disable the routing cache on the system. This problem is fixed by
    using a helper function that avoids counting such duplicate routes.
    (BZ#1113823)
    
    * When booting a guest in the Hyper-V environment and enough of
    Programmable Interval Timer (PIT) interrupts were lost or not injected
    into the guest on time, the kernel panicked and the guest failed to
    boot. This problem has been fixed by bypassing the relevant PIT check
    when the guest is running under the Hyper-V environment. (BZ#1112225)
    
    All kernel users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. The system
    must be rebooted for this update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2014:1101"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-7339"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-2672"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-2678"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-2706"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-2851"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/08/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-7339", "CVE-2014-2672", "CVE-2014-2678", "CVE-2014-2706", "CVE-2014-2851");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2014:1101");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2014:1101";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"kernel-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"kernel-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"kernel-debug-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"kernel-debug-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debug-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"kernel-debug-debuginfo-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"kernel-debug-debuginfo-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debug-debuginfo-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"kernel-debug-devel-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"kernel-debug-devel-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debug-devel-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"kernel-debuginfo-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"kernel-debuginfo-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debuginfo-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"kernel-debuginfo-common-i686-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"kernel-debuginfo-common-s390x-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"kernel-devel-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"kernel-devel-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-devel-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"kernel-doc-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"kernel-firmware-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"kernel-headers-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"kernel-headers-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-headers-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"kernel-kdump-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"kernel-kdump-debuginfo-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"kernel-kdump-devel-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"perf-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"perf-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perf-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"perf-debuginfo-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"perf-debuginfo-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perf-debuginfo-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"python-perf-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"python-perf-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"python-perf-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"i686", reference:"python-perf-debuginfo-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"s390x", reference:"python-perf-debuginfo-2.6.32-358.48.1.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-perf-debuginfo-2.6.32-358.48.1.el6")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc");
      }
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0981.NASL
    descriptionFrom Red Hat Security Advisory 2014:0981 : Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-2851, Important) * A NULL pointer dereference flaw was found in the way the futex_wait_requeue_pi() function of the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76888
    published2014-07-30
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76888
    titleOracle Linux 6 : kernel (ELSA-2014-0981)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2014:0981 and 
    # Oracle Linux Security Advisory ELSA-2014-0981 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76888);
      script_version("1.14");
      script_cvs_date("Date: 2019/09/30 10:58:19");
    
      script_cve_id("CVE-2012-6647", "CVE-2013-7339", "CVE-2014-2672", "CVE-2014-2678", "CVE-2014-2706", "CVE-2014-2851", "CVE-2014-3144", "CVE-2014-3145");
      script_bugtraq_id(66351, 66492, 66543, 66591, 66779, 67300, 67302, 67309, 67321, 67395, 67906, 68125, 68411, 68683);
      script_xref(name:"RHSA", value:"2014:0981");
    
      script_name(english:"Oracle Linux 6 : kernel (ELSA-2014-0981)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2014:0981 :
    
    Updated kernel packages that fix multiple security issues, several
    bugs, and add one enhancement are now available for Red Hat Enterprise
    Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    Important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * A use-after-free flaw was found in the way the ping_init_sock()
    function of the Linux kernel handled the group_info reference counter.
    A local, unprivileged user could use this flaw to crash the system or,
    potentially, escalate their privileges on the system. (CVE-2014-2851,
    Important)
    
    * A NULL pointer dereference flaw was found in the way the
    futex_wait_requeue_pi() function of the Linux kernel's futex subsystem
    handled the requeuing of certain Priority Inheritance (PI) futexes. A
    local, unprivileged user could use this flaw to crash the system.
    (CVE-2012-6647, Moderate)
    
    * A NULL pointer dereference flaw was found in the
    rds_ib_laddr_check() function in the Linux kernel's implementation of
    Reliable Datagram Sockets (RDS). A local, unprivileged user could use
    this flaw to crash the system. (CVE-2013-7339, Moderate)
    
    * It was found that a remote attacker could use a race condition flaw
    in the ath_tx_aggr_sleep() function to crash the system by creating
    large network traffic on the system's Atheros 9k wireless network
    adapter. (CVE-2014-2672, Moderate)
    
    * A NULL pointer dereference flaw was found in the
    rds_iw_laddr_check() function in the Linux kernel's implementation of
    Reliable Datagram Sockets (RDS). A local, unprivileged user could use
    this flaw to crash the system. (CVE-2014-2678, Moderate)
    
    * A race condition flaw was found in the way the Linux kernel's
    mac80211 subsystem implementation handled synchronization between TX
    and STA wake-up code paths. A remote attacker could use this flaw to
    crash the system. (CVE-2014-2706, Moderate)
    
    * An out-of-bounds memory access flaw was found in the Netlink
    Attribute extension of the Berkeley Packet Filter (BPF) interpreter
    functionality in the Linux kernel's networking implementation. A
    local, unprivileged user could use this flaw to crash the system or
    leak kernel memory to user space via a specially crafted socket
    filter. (CVE-2014-3144, CVE-2014-3145, Moderate)
    
    This update also fixes several bugs and adds one enhancement.
    Documentation for these changes will be available shortly from the
    Technical Notes document linked to in the References section.
    
    All kernel users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues and add this
    enhancement. The system must be rebooted for this update to take
    effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-July/004306.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/07/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2012-6647", "CVE-2013-7339", "CVE-2014-2672", "CVE-2014-2678", "CVE-2014-2706", "CVE-2014-2851", "CVE-2014-3144", "CVE-2014-3145");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2014-0981");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "2.6";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL6", rpm:"kernel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-2.6.32-431.23.3.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-abi-whitelists-2.6.32") && rpm_check(release:"EL6", reference:"kernel-abi-whitelists-2.6.32-431.23.3.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-debug-2.6.32") && rpm_check(release:"EL6", reference:"kernel-debug-2.6.32-431.23.3.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-debug-devel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-debug-devel-2.6.32-431.23.3.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-devel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-devel-2.6.32-431.23.3.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-doc-2.6.32") && rpm_check(release:"EL6", reference:"kernel-doc-2.6.32-431.23.3.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-firmware-2.6.32") && rpm_check(release:"EL6", reference:"kernel-firmware-2.6.32-431.23.3.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-headers-2.6.32") && rpm_check(release:"EL6", reference:"kernel-headers-2.6.32-431.23.3.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"perf-2.6.32-431.23.3.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"python-perf-2.6.32-431.23.3.el6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2228-1.NASL
    descriptionMatthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738) Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. (CVE-2014-1737) A flaw was discovered in the vhost-net subsystem of the Linux kernel. Guest OS users could exploit this flaw to cause a denial of service (host OS crash). (CVE-2014-0055) A flaw was discovered in the handling of network packets when mergeable buffers are disabled for virtual machines in the Linux kernel. Guest OS users may exploit this flaw to cause a denial of service (host OS crash) or possibly gain privilege on the host OS. (CVE-2014-0077) Nikolay Aleksandrov discovered a race condition in Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id74215
    published2014-05-28
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74215
    titleUbuntu 13.10 : linux vulnerabilities (USN-2228-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2228-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74215);
      script_version("1.12");
      script_cvs_date("Date: 2019/09/19 12:54:30");
    
      script_cve_id("CVE-2014-0055", "CVE-2014-0077", "CVE-2014-0100", "CVE-2014-0101", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2672", "CVE-2014-2673", "CVE-2014-2678", "CVE-2014-2706", "CVE-2014-2851");
      script_bugtraq_id(65943, 66095, 66279, 66441, 66477, 66492, 66543, 66591, 66678, 66779, 67300, 67302);
      script_xref(name:"USN", value:"2228-1");
    
      script_name(english:"Ubuntu 13.10 : linux vulnerabilities (USN-2228-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Matthew Daley reported an information leak in the floppy disk driver
    of the Linux kernel. An unprivileged local user could exploit this
    flaw to obtain potentially sensitive information from kernel memory.
    (CVE-2014-1738)
    
    Matthew Daley reported a flaw in the handling of ioctl commands by the
    floppy disk driver in the Linux kernel. An unprivileged local user
    could exploit this flaw to gain administrative privileges if the
    floppy disk module is loaded. (CVE-2014-1737)
    
    A flaw was discovered in the vhost-net subsystem of the Linux kernel.
    Guest OS users could exploit this flaw to cause a denial of service
    (host OS crash). (CVE-2014-0055)
    
    A flaw was discovered in the handling of network packets when
    mergeable buffers are disabled for virtual machines in the Linux
    kernel. Guest OS users may exploit this flaw to cause a denial of
    service (host OS crash) or possibly gain privilege on the host OS.
    (CVE-2014-0077)
    
    Nikolay Aleksandrov discovered a race condition in Linux kernel's IPv4
    fragment handling code. Remote attackers could exploit this flaw to
    cause a denial of service (system crash) or possibly have other
    unspecified impact. (CVE-2014-0100)
    
    A flaw was discovered in the Linux kernel's handling of the SCTP
    handshake. A remote attacker could exploit this flaw to cause a denial
    of service (system crash). (CVE-2014-0101)
    
    A flaw was discovered in the handling of routing information in Linux
    kernel's IPv6 stack. A remote attacker could exploit this flaw to
    cause a denial of service (memory consumption) via a flood of ICMPv6
    router advertisement packets. (CVE-2014-2309)
    
    An error was discovered in the Linux kernel's DCCP protocol support. A
    remote attacked could exploit this flaw to cause a denial of service
    (system crash) or possibly execute arbitrary code. (CVE-2014-2523)
    
    Max Sydorenko discovered a race condition in the Atheros 9k wireless
    driver in the Linux kernel. This race could be exploited by remote
    attackers to cause a denial of service (system crash). (CVE-2014-2672)
    
    Adhemerval Zanella Neto discovered a flaw the in the Transactional
    Memory (TM) implementation for powerpc based machine. An unprivileged
    local user could exploit this flaw to cause a denial of service
    (system crash). (CVE-2014-2673)
    
    An error was discovered in the Reliable Datagram Sockets (RDS)
    protocol stack in the Linux kernel. A local user could exploit this
    flaw to cause a denial of service (system crash) or possibly have
    unspecified other impact. (CVE-2014-2678)
    
    Yaara Rozenblum discovered a race condition in the Linux kernel's
    Generic IEEE 802.11 Networking Stack (mac80211). Remote attackers
    could exploit this flaw to cause a denial of service (system crash).
    (CVE-2014-2706)
    
    A flaw was discovered in the Linux kernel's ping sockets. An
    unprivileged local user could exploit this flaw to cause a denial of
    service (system crash) or possibly gain privileges via a crafted
    application. (CVE-2014-2851).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2228-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected linux-image-3.11-generic and / or
    linux-image-3.11-generic-lpae packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:13.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(13\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 13.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2014-0055", "CVE-2014-0077", "CVE-2014-0100", "CVE-2014-0101", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2672", "CVE-2014-2673", "CVE-2014-2678", "CVE-2014-2706", "CVE-2014-2851");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2228-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"13.10", pkgname:"linux-image-3.11.0-22-generic", pkgver:"3.11.0-22.38")) flag++;
    if (ubuntu_check(osver:"13.10", pkgname:"linux-image-3.11.0-22-generic-lpae", pkgver:"3.11.0-22.38")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.11-generic / linux-image-3.11-generic-lpae");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2226-1.NASL
    descriptionMatthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738) Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. (CVE-2014-1737) A flaw was discovered in the handling of network packets when mergeable buffers are disabled for virtual machines in the Linux kernel. Guest OS users may exploit this flaw to cause a denial of service (host OS crash) or possibly gain privilege on the host OS. (CVE-2014-0077) A flaw was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id74214
    published2014-05-28
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74214
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-2226-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2226-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74214);
      script_version("1.10");
      script_cvs_date("Date: 2019/09/19 12:54:30");
    
      script_cve_id("CVE-2014-0077", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-2851");
      script_bugtraq_id(66678, 66779, 67300, 67302);
      script_xref(name:"USN", value:"2226-1");
    
      script_name(english:"Ubuntu 14.04 LTS : linux vulnerabilities (USN-2226-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Matthew Daley reported an information leak in the floppy disk driver
    of the Linux kernel. An unprivileged local user could exploit this
    flaw to obtain potentially sensitive information from kernel memory.
    (CVE-2014-1738)
    
    Matthew Daley reported a flaw in the handling of ioctl commands by the
    floppy disk driver in the Linux kernel. An unprivileged local user
    could exploit this flaw to gain administrative privileges if the
    floppy disk module is loaded. (CVE-2014-1737)
    
    A flaw was discovered in the handling of network packets when
    mergeable buffers are disabled for virtual machines in the Linux
    kernel. Guest OS users may exploit this flaw to cause a denial of
    service (host OS crash) or possibly gain privilege on the host OS.
    (CVE-2014-0077)
    
    A flaw was discovered in the Linux kernel's ping sockets. An
    unprivileged local user could exploit this flaw to cause a denial of
    service (system crash) or possibly gain privileges via a crafted
    application. (CVE-2014-2851).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2226-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected linux-image-3.13-generic,
    linux-image-3.13-generic-lpae and / or linux-image-3.13-lowlatency
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2014-0077", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-2851");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2226-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-3.13.0-27-generic", pkgver:"3.13.0-27.50")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-3.13.0-27-generic-lpae", pkgver:"3.13.0-27.50")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-3.13.0-27-lowlatency", pkgver:"3.13.0-27.50")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0557.NASL
    descriptionUpdated kernel-rt packages that fix multiple security issues are now available for Red Hat Enterprise MRG 2.5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * A race condition leading to a use-after-free flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76677
    published2014-07-22
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/76677
    titleRHEL 6 : MRG (RHSA-2014:0557)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:0557. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76677);
      script_version("1.16");
      script_cvs_date("Date: 2019/10/24 15:35:38");
    
      script_cve_id(
        "CVE-2014-0100",
        "CVE-2014-0196",
        "CVE-2014-1737",
        "CVE-2014-1738",
        "CVE-2014-2672",
        "CVE-2014-2678",
        "CVE-2014-2706",
        "CVE-2014-2851",
        "CVE-2014-3122"
      );
      script_bugtraq_id(
        65952,
        66492,
        66543,
        66591,
        66779,
        67162,
        67282,
        67300,
        67302
      );
      script_xref(name:"RHSA", value:"2014:0557");
    
      script_name(english:"RHEL 6 : MRG (RHSA-2014:0557)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Red Hat host is missing one or more security updates.");
      script_set_attribute(attribute:"description", value:
    "Updated kernel-rt packages that fix multiple security issues are now
    available for Red Hat Enterprise MRG 2.5.
    
    The Red Hat Security Response Team has rated this update as having
    Important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The kernel-rt packages contain the Linux kernel, the core of any Linux
    operating system.
    
      * A race condition leading to a use-after-free flaw was
        found in the way the Linux kernel's TCP/IP protocol
        suite implementation handled the addition of fragments
        to the LRU (Last-Recently Used) list under certain
        conditions. A remote attacker could use this flaw to
        crash the system or, potentially, escalate their
        privileges on the system by sending a large amount of
        specially crafted fragmented packets to that system.
        (CVE-2014-0100, Important)
    
      * A race condition flaw, leading to heap-based buffer
        overflows, was found in the way the Linux kernel's N_TTY
        line discipline (LDISC) implementation handled
        concurrent processing of echo output and TTY write
        operations originating from user space when the
        underlying TTY driver was PTY. An unprivileged, local
        user could use this flaw to crash the system or,
        potentially, escalate their privileges on the system.
        (CVE-2014-0196, Important)
    
      * A flaw was found in the way the Linux kernel's floppy
        driver handled user space provided data in certain error
        code paths while processing FDRAWCMD IOCTL commands. A
        local user with write access to /dev/fdX could use this
        flaw to free (using the kfree() function) arbitrary
        kernel memory. (CVE-2014-1737, Important)
    
      * It was found that the Linux kernel's floppy driver
        leaked internal kernel memory addresses to user space
        during the processing of the FDRAWCMD IOCTL command. A
        local user with write access to /dev/fdX could use this
        flaw to obtain information about the kernel heap
        arrangement. (CVE-2014-1738, Low)
    
    Note: A local user with write access to /dev/fdX could use these two
    flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate
    their privileges on the system.
    
      * A use-after-free flaw was found in the way the
        ping_init_sock() function of the Linux kernel handled
        the group_info reference counter. A local, unprivileged
        user could use this flaw to crash the system or,
        potentially, escalate their privileges on the system.
        (CVE-2014-2851, Important)
    
      * It was found that a remote attacker could use a race
        condition flaw in the ath_tx_aggr_sleep() function to
        crash the system by creating large network traffic on
        the system's Atheros 9k wireless network adapter.
        (CVE-2014-2672, Moderate)
    
      * A NULL pointer dereference flaw was found in the
        rds_iw_laddr_check() function in the Linux kernel's
        implementation of Reliable Datagram Sockets (RDS). A
        local, unprivileged user could use this flaw to crash
        the system. (CVE-2014-2678, Moderate)
    
      * A race condition flaw was found in the way the Linux
        kernel's mac80211 subsystem implementation handled
        synchronization between TX and STA wake-up code paths.
        A remote attacker could use this flaw to crash the
        system. (CVE-2014-2706, Moderate)
    
      * It was found that the try_to_unmap_cluster() function in
        the Linux kernel's Memory Managment subsystem did not
        properly handle page locking in certain cases, which
        could potentially trigger the BUG_ON() macro in the
        mlock_vma_page() function. A local, unprivileged user
        could use this flaw to crash the system. (CVE-2014-3122,
        Moderate)
    
    Users are advised to upgrade to these updated packages, which upgrade
    the kernel-rt kernel to version kernel-rt-3.10.33-rt32.34 and correct
    these issues. The system must be rebooted for this update to take
    effect.");
      script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0100.html");
      script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-0196.html");
      script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-1737.html");
      script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-1738.html");
      script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-2672.html");
      script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-2678.html");
      script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-2706.html");
      script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-2851.html");
      script_set_attribute(attribute:"see_also", value:"https://www.redhat.com/security/data/cve/CVE-2014-3122.html");
      script_set_attribute(attribute:"see_also", value:"http://rhn.redhat.com/errata/RHSA-2014-0557.html");
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/22");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Red Hat Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2014:0557";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL6", rpm:"mrg-release"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "MRG");
    
      if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-3.10.33-rt32.34.el6rt")) flag++;
      if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-debug-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-3.10.33-rt32.34.el6rt")) flag++;
      if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-debug-debuginfo-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-debuginfo-3.10.33-rt32.34.el6rt")) flag++;
      if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-debug-devel-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-devel-3.10.33-rt32.34.el6rt")) flag++;
      if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-debuginfo-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debuginfo-3.10.33-rt32.34.el6rt")) flag++;
      if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-debuginfo-common-x86_64-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debuginfo-common-x86_64-3.10.33-rt32.34.el6rt")) flag++;
      if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-devel-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-devel-3.10.33-rt32.34.el6rt")) flag++;
      if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-doc-3.10.0-") && rpm_check(release:"RHEL6", reference:"kernel-rt-doc-3.10.33-rt32.34.el6rt")) flag++;
      if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-firmware-3.10.0-") && rpm_check(release:"RHEL6", reference:"kernel-rt-firmware-3.10.33-rt32.34.el6rt")) flag++;
      if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-trace-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-3.10.33-rt32.34.el6rt")) flag++;
      if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-trace-debuginfo-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-debuginfo-3.10.33-rt32.34.el6rt")) flag++;
      if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-trace-devel-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-devel-3.10.33-rt32.34.el6rt")) flag++;
      if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-vanilla-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-3.10.33-rt32.34.el6rt")) flag++;
      if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-vanilla-debuginfo-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-debuginfo-3.10.33-rt32.34.el6rt")) flag++;
      if (! rpm_exists(release:"RHEL6", rpm:"kernel-rt-vanilla-devel-3.10.0-") && rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-devel-3.10.33-rt32.34.el6rt")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc");
      }
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2926.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leaks or privilege escalation : - CVE-2014-0196 Jiri Slaby discovered a race condition in the pty layer, which could lead to denial of service or privilege escalation. - CVE-2014-1737 / CVE-2014-1738 Matthew Daley discovered that missing input sanitising in the FDRAWCMD ioctl and an information leak could result in privilege escalation. - CVE-2014-2851 Incorrect reference counting in the ping_init_sock() function allows denial of service or privilege escalation. - CVE-2014-3122 Incorrect locking of memory can result in local denial of service.
    last seen2020-03-17
    modified2014-05-13
    plugin id73971
    published2014-05-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73971
    titleDebian DSA-2926-1 : linux - security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2926. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(73971);
      script_version("1.12");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2014-0196", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-2851", "CVE-2014-3122");
      script_bugtraq_id(66779, 67162, 67282, 67300, 67302);
      script_xref(name:"DSA", value:"2926");
    
      script_name(english:"Debian DSA-2926-1 : linux - security update");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a denial of service, information leaks or privilege
    escalation :
    
      - CVE-2014-0196
        Jiri Slaby discovered a race condition in the pty layer,
        which could lead to denial of service or privilege
        escalation.
    
      - CVE-2014-1737 / CVE-2014-1738
        Matthew Daley discovered that missing input sanitising
        in the FDRAWCMD ioctl and an information leak could
        result in privilege escalation.
    
      - CVE-2014-2851
        Incorrect reference counting in the ping_init_sock()
        function allows denial of service or privilege
        escalation.
    
      - CVE-2014-3122
        Incorrect locking of memory can result in local denial
        of service."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2014-0196"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2014-1737"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2014-1738"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2014-2851"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2014-3122"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2014/dsa-2926"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the linux packages.
    
    For the stable distribution (wheezy), these problems have been fixed
    in version 3.2.57-3+deb7u1. This update also fixes a regression in the
    isci driver and suspend problems with certain AMD CPUs (introduced in
    the updated kernel from the Wheezy 7.5 point release)."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"linux", reference:"3.2.57-3+deb7u1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0057.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id99163
    published2017-04-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99163
    titleOracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2017-0057.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99163);
      script_version("3.12");
      script_cvs_date("Date: 2019/09/27 13:00:35");
    
      script_cve_id("CVE-2013-0343", "CVE-2013-1059", "CVE-2013-2140", "CVE-2013-2147", "CVE-2013-2148", "CVE-2013-2164", "CVE-2013-2234", "CVE-2013-2237", "CVE-2013-2850", "CVE-2013-2851", "CVE-2013-2852", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2892", "CVE-2013-2893", "CVE-2013-2895", "CVE-2013-2896", "CVE-2013-2897", "CVE-2013-2898", "CVE-2013-2899", "CVE-2013-2929", "CVE-2013-2930", "CVE-2013-4162", "CVE-2013-4163", "CVE-2013-4299", "CVE-2013-4312", "CVE-2013-4345", "CVE-2013-4348", "CVE-2013-4350", "CVE-2013-4470", "CVE-2013-4579", "CVE-2013-4587", "CVE-2013-4592", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6383", "CVE-2013-6885", "CVE-2013-7263", "CVE-2013-7265", "CVE-2013-7266", "CVE-2013-7421", "CVE-2013-7446", "CVE-2014-0038", "CVE-2014-0049", "CVE-2014-0055", "CVE-2014-0069", "CVE-2014-0077", "CVE-2014-0101", "CVE-2014-0181", "CVE-2014-0196", "CVE-2014-1690", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-1739", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2851", "CVE-2014-3144", "CVE-2014-3145", "CVE-2014-3153", "CVE-2014-3181", "CVE-2014-3182", "CVE-2014-3184", "CVE-2014-3185", "CVE-2014-3186", "CVE-2014-3215", "CVE-2014-3535", "CVE-2014-3601", "CVE-2014-3610", "CVE-2014-3611", "CVE-2014-3645", "CVE-2014-3646", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-4014", "CVE-2014-4027", "CVE-2014-4171", "CVE-2014-4652", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-4656", "CVE-2014-4667", "CVE-2014-4699", "CVE-2014-4943", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-6410", "CVE-2014-7822", "CVE-2014-7826", "CVE-2014-7970", "CVE-2014-7975", "CVE-2014-8133", "CVE-2014-8134", "CVE-2014-8159", "CVE-2014-8160", "CVE-2014-8171", "CVE-2014-8173", "CVE-2014-8884", "CVE-2014-8989", "CVE-2014-9090", "CVE-2014-9322", "CVE-2014-9529", "CVE-2014-9585", "CVE-2014-9644", "CVE-2015-0239", "CVE-2015-1333", "CVE-2015-1421", "CVE-2015-1593", "CVE-2015-1805", "CVE-2015-2150", "CVE-2015-2830", "CVE-2015-2922", "CVE-2015-3212", "CVE-2015-3339", "CVE-2015-3636", "CVE-2015-4700", "CVE-2015-5156", "CVE-2015-5157", "CVE-2015-5283", "CVE-2015-5307", "CVE-2015-5364", "CVE-2015-5366", "CVE-2015-5697", "CVE-2015-5707", "CVE-2015-6937", "CVE-2015-7613", "CVE-2015-7872", "CVE-2015-8104", "CVE-2015-8215", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8569", "CVE-2015-8767", "CVE-2015-8956", "CVE-2016-0728", "CVE-2016-0758", "CVE-2016-0774", "CVE-2016-10088", "CVE-2016-10142", "CVE-2016-1583", "CVE-2016-2053", "CVE-2016-2117", "CVE-2016-3070", "CVE-2016-3134", "CVE-2016-3140", "CVE-2016-3157", "CVE-2016-3672", "CVE-2016-3699", "CVE-2016-4470", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4565", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4997", "CVE-2016-4998", "CVE-2016-5195", "CVE-2016-5696", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7042", "CVE-2016-7117", "CVE-2016-7425", "CVE-2016-8399", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-8646", "CVE-2016-8650", "CVE-2016-8655", "CVE-2016-9178", "CVE-2016-9555", "CVE-2016-9588", "CVE-2016-9644", "CVE-2016-9793", "CVE-2016-9794", "CVE-2017-2636", "CVE-2017-5970", "CVE-2017-6074", "CVE-2017-6345", "CVE-2017-7187");
      script_bugtraq_id(58795, 60243, 60280, 60341, 60375, 60409, 60410, 60414, 60874, 60922, 60953, 61411, 61412, 62042, 62043, 62044, 62045, 62046, 62048, 62049, 62050, 62056, 62405, 62740, 63183, 63359, 63536, 63743, 63790, 63888, 63983, 64111, 64270, 64291, 64318, 64319, 64328, 64677, 64686, 64743, 65180, 65255, 65588, 65909, 65943, 66095, 66279, 66441, 66678, 66779, 67034, 67199, 67282, 67300, 67302, 67309, 67321, 67341, 67906, 67985, 67988, 68048, 68157, 68159, 68162, 68163, 68164, 68170, 68224, 68411, 68683, 68768, 69396, 69428, 69489, 69721, 69763, 69768, 69770, 69779, 69781, 69799, 70314, 70319, 70742, 70743, 70745, 70746, 70766, 70768, 70883, 70971, 71097, 71154, 71250, 71367, 71650, 71684, 71685, 71880, 71990, 72061, 72320, 72322, 72347, 72356, 72607, 72842, 73014, 73060, 73133, 73699, 74243, 74293, 74315, 74450, 74951, 75356, 75510, 76005);
      script_xref(name:"IAVA", value:"2016-A-0306");
    
      script_name(english:"OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates : please see Oracle VM Security Advisory
    OVMSA-2017-0057 for details."
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2017-April/000675.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bc2355e2"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel-uek / kernel-uek-firmware packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'AF_PACKET chocobo_root Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/04/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/03");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.3" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.3", reference:"kernel-uek-3.8.13-118.17.4.el6uek")) flag++;
    if (rpm_check(release:"OVS3.3", reference:"kernel-uek-firmware-3.8.13-118.17.4.el6uek")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-uek / kernel-uek-firmware");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0981.NASL
    descriptionUpdated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-2851, Important) * A NULL pointer dereference flaw was found in the way the futex_wait_requeue_pi() function of the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76908
    published2014-07-30
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76908
    titleRHEL 6 : kernel (RHSA-2014:0981)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:0981. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76908);
      script_version("1.20");
      script_cvs_date("Date: 2019/10/24 15:35:38");
    
      script_cve_id("CVE-2012-6647", "CVE-2013-7339", "CVE-2014-2672", "CVE-2014-2678", "CVE-2014-2706", "CVE-2014-2851", "CVE-2014-3144", "CVE-2014-3145");
      script_bugtraq_id(66351, 66492, 66543, 66591, 66779, 67309, 67321, 67395);
      script_xref(name:"RHSA", value:"2014:0981");
    
      script_name(english:"RHEL 6 : kernel (RHSA-2014:0981)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix multiple security issues, several
    bugs, and add one enhancement are now available for Red Hat Enterprise
    Linux 6.
    
    The Red Hat Security Response Team has rated this update as having
    Important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * A use-after-free flaw was found in the way the ping_init_sock()
    function of the Linux kernel handled the group_info reference counter.
    A local, unprivileged user could use this flaw to crash the system or,
    potentially, escalate their privileges on the system. (CVE-2014-2851,
    Important)
    
    * A NULL pointer dereference flaw was found in the way the
    futex_wait_requeue_pi() function of the Linux kernel's futex subsystem
    handled the requeuing of certain Priority Inheritance (PI) futexes. A
    local, unprivileged user could use this flaw to crash the system.
    (CVE-2012-6647, Moderate)
    
    * A NULL pointer dereference flaw was found in the
    rds_ib_laddr_check() function in the Linux kernel's implementation of
    Reliable Datagram Sockets (RDS). A local, unprivileged user could use
    this flaw to crash the system. (CVE-2013-7339, Moderate)
    
    * It was found that a remote attacker could use a race condition flaw
    in the ath_tx_aggr_sleep() function to crash the system by creating
    large network traffic on the system's Atheros 9k wireless network
    adapter. (CVE-2014-2672, Moderate)
    
    * A NULL pointer dereference flaw was found in the
    rds_iw_laddr_check() function in the Linux kernel's implementation of
    Reliable Datagram Sockets (RDS). A local, unprivileged user could use
    this flaw to crash the system. (CVE-2014-2678, Moderate)
    
    * A race condition flaw was found in the way the Linux kernel's
    mac80211 subsystem implementation handled synchronization between TX
    and STA wake-up code paths. A remote attacker could use this flaw to
    crash the system. (CVE-2014-2706, Moderate)
    
    * An out-of-bounds memory access flaw was found in the Netlink
    Attribute extension of the Berkeley Packet Filter (BPF) interpreter
    functionality in the Linux kernel's networking implementation. A
    local, unprivileged user could use this flaw to crash the system or
    leak kernel memory to user space via a specially crafted socket
    filter. (CVE-2014-3144, CVE-2014-3145, Moderate)
    
    This update also fixes several bugs and adds one enhancement.
    Documentation for these changes will be available shortly from the
    Technical Notes document linked to in the References section.
    
    All kernel users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues and add this
    enhancement. The system must be rebooted for this update to take
    effect."
      );
      # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b5caa05f"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2014:0981"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-7339"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-2672"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-2678"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-2706"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-2851"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-3144"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-3145"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2012-6647"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/07/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2012-6647", "CVE-2013-7339", "CVE-2014-2672", "CVE-2014-2678", "CVE-2014-2706", "CVE-2014-2851", "CVE-2014-3144", "CVE-2014-3145");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2014:0981");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2014:0981";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"kernel-abi-whitelists-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-debug-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-debug-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debug-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-debug-debuginfo-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-debug-debuginfo-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debug-debuginfo-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-debug-devel-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-debug-devel-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debug-devel-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-debuginfo-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-debuginfo-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debuginfo-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-debuginfo-common-i686-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-debuginfo-common-s390x-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-devel-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-devel-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-devel-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"kernel-doc-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", reference:"kernel-firmware-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-headers-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-headers-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-headers-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-kdump-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-kdump-debuginfo-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-kdump-devel-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perf-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perf-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perf-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perf-debuginfo-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perf-debuginfo-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perf-debuginfo-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"python-perf-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"python-perf-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-perf-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"python-perf-debuginfo-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"python-perf-debuginfo-2.6.32-431.23.3.el6")) flag++;
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-perf-debuginfo-2.6.32-431.23.3.el6")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
      }
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-5235.NASL
    descriptionThe 3.13.10 stable update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-04-21
    plugin id73628
    published2014-04-21
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73628
    titleFedora 20 : kernel-3.13.10-200.fc20 (2014-5235)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2014-5235.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(73628);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2014-0155", "CVE-2014-2851");
      script_bugtraq_id(66688, 66779);
      script_xref(name:"FEDORA", value:"2014-5235");
    
      script_name(english:"Fedora 20 : kernel-3.13.10-200.fc20 (2014-5235)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The 3.13.10 stable update contains a number of important fixes across
    the tree.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1081589"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1086730"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131859.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?361199bb"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/04/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC20", reference:"kernel-3.13.10-200.fc20")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-3018.NASL
    descriptionDescription of changes: [3.8.13-26.2.3.el6uek] - net: ipv4: current group_info should be put after using. (Wang, Xiaoming) [Orabug: 18603523] {CVE-2014-2851}
    last seen2020-06-01
    modified2020-06-02
    plugin id73606
    published2014-04-18
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73606
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3018)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Oracle Linux Security Advisory ELSA-2014-3018.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(73606);
      script_version("1.9");
      script_cvs_date("Date: 2019/09/30 10:58:19");
    
      script_cve_id("CVE-2014-2851");
      script_bugtraq_id(66779);
    
      script_name(english:"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3018)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Description of changes:
    
    [3.8.13-26.2.3.el6uek]
    - net: ipv4: current group_info should be put after using. (Wang, 
    Xiaoming)  [Orabug: 18603523]  {CVE-2014-2851}"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-April/004075.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected unbreakable enterprise kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-26.2.3.el6uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-headers");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/04/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2014-2851");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2014-3018");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "3.8";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_check(release:"EL6", cpu:"x86_64", reference:"dtrace-modules-3.8.13-26.2.3.el6uek-0.4.2-3.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-3.8.13-26.2.3.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-3.8.13-26.2.3.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-devel-3.8.13-26.2.3.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-devel-3.8.13-26.2.3.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-doc-3.8.13-26.2.3.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-firmware-3.8.13-26.2.3.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-headers-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-headers-3.8.13-26.2.3.el6uek")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-0786.NASL
    descriptionFrom Red Hat Security Advisory 2014:0786 : Updated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76738
    published2014-07-24
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76738
    titleOracle Linux 7 : kernel (ELSA-2014-0786)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2014:0786 and 
    # Oracle Linux Security Advisory ELSA-2014-0786 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76738);
      script_version("1.20");
      script_cvs_date("Date: 2019/09/30 10:58:19");
    
      script_cve_id("CVE-2014-0206", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-2568", "CVE-2014-2851", "CVE-2014-3144", "CVE-2014-3145", "CVE-2014-3153");
      script_bugtraq_id(66348, 66779, 67300, 67302, 67309, 67321, 67906, 68176);
      script_xref(name:"RHSA", value:"2014:0786");
    
      script_name(english:"Oracle Linux 7 : kernel (ELSA-2014-0786)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2014:0786 :
    
    Updated kernel packages that fix multiple security issues, several
    bugs, and add various enhancements are now available for Red Hat
    Enterprise Linux 7.
    
    The Red Hat Security Response Team has rated this update as having
    Important security impact. Common Vulnerability Scoring System (CVSS)
    base scores, which give detailed severity ratings, are available for
    each vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * A flaw was found in the way the Linux kernel's futex subsystem
    handled the requeuing of certain Priority Inheritance (PI) futexes. A
    local, unprivileged user could use this flaw to escalate their
    privileges on the system. (CVE-2014-3153, Important)
    
    * A use-after-free flaw was found in the way the ping_init_sock()
    function of the Linux kernel handled the group_info reference counter.
    A local, unprivileged user could use this flaw to crash the system or,
    potentially, escalate their privileges on the system. (CVE-2014-2851,
    Important)
    
    * Use-after-free and information leak flaws were found in the way the
    Linux kernel's floppy driver processed the FDRAWCMD IOCTL command. A
    local user with write access to /dev/fdX could use these flaws to
    escalate their privileges on the system. (CVE-2014-1737,
    CVE-2014-1738, Important)
    
    * It was found that the aio_read_events_ring() function of the Linux
    kernel's Asynchronous I/O (AIO) subsystem did not properly sanitize
    the AIO ring head received from user space. A local, unprivileged user
    could use this flaw to disclose random parts of the (physical) memory
    belonging to the kernel and/or other processes. (CVE-2014-0206,
    Moderate)
    
    * An out-of-bounds memory access flaw was found in the Netlink
    Attribute extension of the Berkeley Packet Filter (BPF) interpreter
    functionality in the Linux kernel's networking implementation. A
    local, unprivileged user could use this flaw to crash the system or
    leak kernel memory to user space via a specially crafted socket
    filter. (CVE-2014-3144, CVE-2014-3145, Moderate)
    
    * An information leak flaw was found in the way the skb_zerocopy()
    function copied socket buffers (skb) that are backed by user-space
    buffers (for example vhost-net and Xen netback), potentially allowing
    an attacker to read data from those buffers. (CVE-2014-2568, Low)
    
    Red Hat would like to thank Kees Cook of Google for reporting
    CVE-2014-3153 and Matthew Daley for reporting CVE-2014-1737 and
    CVE-2014-1738. Google acknowledges Pinkie Pie as the original reporter
    of CVE-2014-3153. The CVE-2014-0206 issue was discovered by Mateusz
    Guzik of Red Hat.
    
    This update also fixes the following bugs :
    
    * Due to incorrect calculation of Tx statistics in the qlcninc driver,
    running the 'ethtool -S ethX' command could trigger memory corruption.
    As a consequence, running the sosreport tool, that uses this command,
    resulted in a kernel panic. The problem has been fixed by correcting
    the said statistics calculation. (BZ#1104972)
    
    * When an attempt to create a file on the GFS2 file system failed due
    to a file system quota violation, the relevant VFS inode was not
    completely uninitialized. This could result in a list corruption
    error. This update resolves this problem by correctly uninitializing
    the VFS inode in this situation. (BZ#1097407)
    
    * Due to a race condition in the kernel, the getcwd() system call
    could return '/' instead of the correct full path name when querying a
    path name of a file or directory. Paths returned in the '/proc' file
    system could also be incorrect. This problem was causing instability
    of various applications. The aforementioned race condition has been
    fixed and getcwd() now always returns the correct paths. (BZ#1099048)
    
    In addition, this update adds the following enhancements :
    
    * The kernel mutex code has been improved. The changes include
    improved queuing of the MCS spin locks, the MCS code optimization,
    introduction of the cancellable MCS spin locks, and improved handling
    of mutexes without wait locks. (BZ#1103631, BZ#1103629)
    
    * The handling of the Virtual Memory Area (VMA) cache and huge page
    faults has been improved. (BZ#1103630)
    
    All kernel users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues and add these
    enhancements. The system must be rebooted for this update to take
    effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-July/004282.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Android "Towelroot" Futex Requeue Kernel Exploit');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/07/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2014-0206", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-2568", "CVE-2014-2851", "CVE-2014-3144", "CVE-2014-3145", "CVE-2014-3153");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2014-0786");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "3.10";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL7", rpm:"kernel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-3.10.0-123.4.2.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-abi-whitelists-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-abi-whitelists-3.10.0-123.4.2.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-debug-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-123.4.2.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-debug-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-123.4.2.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-123.4.2.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-doc-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-doc-3.10.0-123.4.2.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-headers-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-123.4.2.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-tools-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-123.4.2.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-tools-libs-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-123.4.2.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-tools-libs-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-123.4.2.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"perf-3.10.0-123.4.2.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"python-perf-3.10.0-123.4.2.el7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2221-1.NASL
    descriptionMatthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738) Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. (CVE-2014-1737) A flaw was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id74184
    published2014-05-27
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74184
    titleUbuntu 12.04 LTS : linux vulnerabilities (USN-2221-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2221-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74184);
      script_version("1.13");
      script_cvs_date("Date: 2019/09/19 12:54:30");
    
      script_cve_id("CVE-2013-4483", "CVE-2014-0069", "CVE-2014-0077", "CVE-2014-0101", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2672", "CVE-2014-2678", "CVE-2014-2706", "CVE-2014-2851");
      script_bugtraq_id(63445, 65588, 65943, 66095, 66279, 66492, 66543, 66591, 66678, 66779, 67300, 67302);
      script_xref(name:"USN", value:"2221-1");
    
      script_name(english:"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2221-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Matthew Daley reported an information leak in the floppy disk driver
    of the Linux kernel. An unprivileged local user could exploit this
    flaw to obtain potentially sensitive information from kernel memory.
    (CVE-2014-1738)
    
    Matthew Daley reported a flaw in the handling of ioctl commands by the
    floppy disk driver in the Linux kernel. An unprivileged local user
    could exploit this flaw to gain administrative privileges if the
    floppy disk module is loaded. (CVE-2014-1737)
    
    A flaw was discovered in the Linux kernel's IPC reference counting. An
    unprivileged local user could exploit this flaw to cause a denial of
    service (OOM system crash). (CVE-2013-4483)
    
    Al Viro discovered an error in how CIFS in the Linux kernel handles
    uncached write operations. An unprivileged local user could exploit
    this flaw to cause a denial of service (system crash), obtain
    sensitive information from kernel memory, or possibly gain privileges.
    (CVE-2014-0069)
    
    A flaw was discovered in the handling of network packets when
    mergeable buffers are disabled for virtual machines in the Linux
    kernel. Guest OS users may exploit this flaw to cause a denial of
    service (host OS crash) or possibly gain privilege on the host OS.
    (CVE-2014-0077)
    
    A flaw was discovered in the Linux kernel's handling of the SCTP
    handshake. A remote attacker could exploit this flaw to cause a denial
    of service (system crash). (CVE-2014-0101)
    
    A flaw was discovered in the handling of routing information in Linux
    kernel's IPv6 stack. A remote attacker could exploit this flaw to
    cause a denial of service (memory consumption) via a flood of ICMPv6
    router advertisement packets. (CVE-2014-2309)
    
    An error was discovered in the Linux kernel's DCCP protocol support. A
    remote attacked could exploit this flaw to cause a denial of service
    (system crash) or possibly execute arbitrary code. (CVE-2014-2523)
    
    Max Sydorenko discovered a race condition in the Atheros 9k wireless
    driver in the Linux kernel. This race could be exploited by remote
    attackers to cause a denial of service (system crash). (CVE-2014-2672)
    
    An error was discovered in the Reliable Datagram Sockets (RDS)
    protocol stack in the Linux kernel. A local user could exploit this
    flaw to cause a denial of service (system crash) or possibly have
    unspecified other impact. (CVE-2014-2678)
    
    Yaara Rozenblum discovered a race condition in the Linux kernel's
    Generic IEEE 802.11 Networking Stack (mac80211). Remote attackers
    could exploit this flaw to cause a denial of service (system crash).
    (CVE-2014-2706)
    
    A flaw was discovered in the Linux kernel's ping sockets. An
    unprivileged local user could exploit this flaw to cause a denial of
    service (system crash) or possibly gain privileges via a crafted
    application. (CVE-2014-2851).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2221-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-4483", "CVE-2014-0069", "CVE-2014-0077", "CVE-2014-0101", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2672", "CVE-2014-2678", "CVE-2014-2706", "CVE-2014-2851");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2221-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-63-generic", pkgver:"3.2.0-63.95")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-63-generic-pae", pkgver:"3.2.0-63.95")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-63-highbank", pkgver:"3.2.0-63.95")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-63-virtual", pkgver:"3.2.0-63.95")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.2-generic / linux-image-3.2-generic-pae / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2014-1105-1.NASL
    descriptionThe SUSE Linux Enterprise Server 11 SP2 LTSS received a roll up update to fix several security and non-security issues. The following security issues have been fixed : - CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors. (bnc#870173) - CVE-2014-0077: drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. (bnc#870576) - CVE-2014-1739: The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call. (bnc#882804) - CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. (bnc#871797) - CVE-2014-2851: Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. (bnc#873374) - CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced. (bnc#877257) - CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. (bnc#877257) - CVE-2014-3917: kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. (bnc#880484) - CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. (bnc#883724) - CVE-2014-4652: Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795) - CVE-2014-4653: sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795) - CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call. (bnc#883795) - CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. (bnc#883795) - CVE-2014-4656: Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function. (bnc#883795) - CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. (bnc#885422) - CVE-2014-4699: The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls. (bnc#885725) - CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. (bnc#889173) - CVE-2013-4299: Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device. (bnc#846404) The following bugs have been fixed : - pagecachelimit: reduce lru_lock contention for heavy parallel reclaim (bnc#878509, bnc#864464). - pagecachelimit: reduce lru_lock contention for heavy parallel reclaim kabi fixup (bnc#878509, bnc#864464). - ACPI / PAD: call schedule() when need_resched() is true (bnc#866911). - kabi: Fix breakage due to addition of user_ctl_lock (bnc#883795). - cpuset: Fix memory allocator deadlock (bnc#876590). - tcp: allow to disable cwnd moderation in TCP_CA_Loss state (bnc#879921). - tcp: adapt selected parts of RFC 5682 and PRR logic (bnc#879921). - vlan: more careful checksum features handling (bnc#872634). - bonding: fix vlan_features computing (bnc#872634). - NFSv4: Minor cleanups for nfs4_handle_exception and nfs4_async_handle_error (bnc#889324). - NFS: Do not lose sockets when nfsd shutdown races with connection timeout (bnc#871854). - reiserfs: call truncate_setsize under tailpack mutex (bnc#878115). - reiserfs: drop vmtruncate (bnc#878115). - megaraid_sas: mask off flags in ioctl path (bnc#886474). - block: fix race between request completion and timeout handling (bnc#881051). - drivers/rtc/interface.c: fix infinite loop in initializing the alarm (bnc#871676). - xfrm: check peer pointer for null before calling inet_putpeer() (bnc#877775). - supported.conf: Add firewire/nosy as supported. This driver is the replacement for the ieee1394/pcilynx driver, which was supported. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-05-20
    plugin id83633
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83633
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2014:1105-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-5609.NASL
    descriptionThe 3.13.11 stable kernel update contains a number of important fixes across the tree. The 3.13.10 stable update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-05-06
    plugin id73872
    published2014-05-06
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73872
    titleFedora 19 : kernel-3.13.11-100.fc19 (2014-5609)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-3019.NASL
    descriptionDescription of changes: [2.6.39-400.214.5.el6uek] - net: ipv4: current group_info should be put after using. (Wang, Xiaoming) [Orabug: 18603524] {CVE-2014-2851}
    last seen2020-06-01
    modified2020-06-02
    plugin id73607
    published2014-04-18
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/73607
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3019)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0290.NASL
    descriptionThe remote Oracle Linux host is missing a security update for one or more kernel-related packages.
    last seen2020-06-01
    modified2020-06-02
    plugin id81800
    published2015-03-13
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81800
    titleOracle Linux 7 : kernel (ELSA-2015-0290)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1534.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7267i1/4%0 - fs/f2fs/segment.c in the Linux kernel allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.(CVE-2017-18241i1/4%0 - fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls.(CVE-2016-4581i1/4%0 - drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.(CVE-2014-0077i1/4%0 - It was found that the fix for CVE-2016-9576 was incomplete: the Linux kernel
    last seen2020-03-19
    modified2019-05-14
    plugin id124987
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124987
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1534)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-441.NASL
    descriptionThe Linux kernel was updated to fix security issues and bugs. Security issues fixed: CVE-2014-3153: The futex_requeue function in kernel/futex.c in the Linux kernel did not ensure that calls have two different futex addresses, which allowed local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel did not check whether a certain length value is sufficiently large, which allowed local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced. CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel used the reverse order in a certain subtraction, which allowed local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. CVE-2014-0077: drivers/vhost/net.c in the Linux kernel, when mergeable buffers are disabled, did not properly validate packet lengths, which allowed guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package did not properly handle vhost_get_vq_desc errors, which allowed guest OS users to cause a denial of service (host OS crash) via unspecified vectors. CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. CVE-2014-2851: Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. - ext4: Fix buffer double free in ext4_alloc_branch() (bnc#880599 bnc#876981). - patches.fixes/firewire-01-net-fix-use-after-free.patch, patches.fixes/firewire-02-ohci-fix-probe-failure-with-ag ere-lsi-controllers.patch, patches.fixes/firewire-03-dont-use-prepare_delayed_work. patch: Add missing bug reference (bnc#881697). - firewire: don
    last seen2020-06-05
    modified2014-06-26
    plugin id76228
    published2014-06-26
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76228
    titleopenSUSE Security Update : kernel (openSUSE-SU-2014:0840-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2225-1.NASL
    descriptionMatthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738) Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. (CVE-2014-1737) A flaw was discovered in the vhost-net subsystem of the Linux kernel. Guest OS users could exploit this flaw to cause a denial of service (host OS crash). (CVE-2014-0055) A flaw was discovered in the handling of network packets when mergeable buffers are disabled for virtual machines in the Linux kernel. Guest OS users may exploit this flaw to cause a denial of service (host OS crash) or possibly gain privilege on the host OS. (CVE-2014-0077) Nikolay Aleksandrov discovered a race condition in Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id74213
    published2014-05-28
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74213
    titleUbuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2225-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-0786.NASL
    descriptionUpdated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76901
    published2014-07-30
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76901
    titleRHEL 7 : kernel (RHSA-2014:0786)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2224-1.NASL
    descriptionMatthew Daley reported an information leak in the floppy disk driver of the Linux kernel. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-1738) Matthew Daley reported a flaw in the handling of ioctl commands by the floppy disk driver in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges if the floppy disk module is loaded. (CVE-2014-1737) A flaw was discovered in the vhost-net subsystem of the Linux kernel. Guest OS users could exploit this flaw to cause a denial of service (host OS crash). (CVE-2014-0055) A flaw was discovered in the handling of network packets when mergeable buffers are disabled for virtual machines in the Linux kernel. Guest OS users may exploit this flaw to cause a denial of service (host OS crash) or possibly gain privilege on the host OS. (CVE-2014-0077) A flaw was discovered in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id74212
    published2014-05-28
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74212
    titleUbuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2224-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-140709.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed : - The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interfaces own IP address, as demonstrated by rds-ping. (bnc#767610). (CVE-2012-2372) - The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. (bnc#847652). (CVE-2013-2929) - Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device. (bnc#846404). (CVE-2013-4299) - The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. (bnc#851426). (CVE-2013-4579) - Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. (bnc#852553). (CVE-2013-6382) - The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. (bnc#869563). (CVE-2013-7339) - The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors. (bnc#870173). (CVE-2014-0055) - drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. (bnc#870576). (CVE-2014-0077) - The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. (bnc#866102). (CVE-2014-0101) - Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. (bnc#867723). (CVE-2014-0131) - The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced. (bnc#872540). (CVE-2014-0155) - The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869). (CVE-2014-1444) - The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. (bnc#858870). (CVE-2014-1445) - The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. (bnc#858872). (CVE-2014-1446) - The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context. (bnc#863335). (CVE-2014-1874) - The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. (bnc#867531). (CVE-2014-2309) - net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. (bnc#868653). (CVE-2014-2523) - The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports. (bnc#871561). (CVE-2014-2678) - Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter. (bnc#873374). (CVE-2014-2851) - The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings. (bnc#876102). (CVE-2014-3122) - The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced. (bnc#877257). (CVE-2014-3144) - The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. (bnc#877257). (CVE-2014-3145) - kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. (bnc#880484). (CVE-2014-3917) - arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number. (CVE-2014-4508) -. (bnc#883724) - Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795). (CVE-2014-4652) - sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. (bnc#883795). (CVE-2014-4653) - The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call. (bnc#883795). (CVE-2014-4654) - The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. (bnc#883795). (CVE-2014-4655) - Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function. (bnc#883795). (CVE-2014-4656) - The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls. (bnc#885725). (CVE-2014-4699) Also the following non-security bugs have been fixed : - kernel: avoid page table walk on user space access (bnc#878407, LTC#110316). - spinlock: fix system hang with spin_retry <= 0 (bnc#874145, LTC#110189). - x86/UV: Set n_lshift based on GAM_GR_CONFIG MMR for UV3. (bnc#876176) - x86: Enable multiple CPUs in crash kernel. (bnc#846690) - x86/mce: Fix CMCI preemption bugs. (bnc#786450) - x86, CMCI: Add proper detection of end of CMCI storms. (bnc#786450) - futex: revert back to the explicit waiter counting code. (bnc#851603) - futex: avoid race between requeue and wake. (bnc#851603) - intel-iommu: fix off-by-one in pagetable freeing. (bnc#874577) - ia64: Change default PSR.ac from
    last seen2020-06-05
    modified2014-07-17
    plugin id76557
    published2014-07-17
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/76557
    titleSuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9488 / 9491 / 9493)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/126220/linuxgroupinfo-dos.txt
idPACKETSTORM:126220
last seen2016-12-05
published2014-04-18
reporterThomas Pollet
sourcehttps://packetstormsecurity.com/files/126220/Linux-group_info-Denial-Of-Service.html
titleLinux group_info Denial Of Service

Redhat

rpms
  • kernel-rt-0:3.10.33-rt32.34.el6rt
  • kernel-rt-debug-0:3.10.33-rt32.34.el6rt
  • kernel-rt-debug-debuginfo-0:3.10.33-rt32.34.el6rt
  • kernel-rt-debug-devel-0:3.10.33-rt32.34.el6rt
  • kernel-rt-debuginfo-0:3.10.33-rt32.34.el6rt
  • kernel-rt-debuginfo-common-x86_64-0:3.10.33-rt32.34.el6rt
  • kernel-rt-devel-0:3.10.33-rt32.34.el6rt
  • kernel-rt-doc-0:3.10.33-rt32.34.el6rt
  • kernel-rt-firmware-0:3.10.33-rt32.34.el6rt
  • kernel-rt-trace-0:3.10.33-rt32.34.el6rt
  • kernel-rt-trace-debuginfo-0:3.10.33-rt32.34.el6rt
  • kernel-rt-trace-devel-0:3.10.33-rt32.34.el6rt
  • kernel-rt-vanilla-0:3.10.33-rt32.34.el6rt
  • kernel-rt-vanilla-debuginfo-0:3.10.33-rt32.34.el6rt
  • kernel-rt-vanilla-devel-0:3.10.33-rt32.34.el6rt
  • kernel-0:3.10.0-123.4.2.el7
  • kernel-abi-whitelists-0:3.10.0-123.4.2.el7
  • kernel-bootwrapper-0:3.10.0-123.4.2.el7
  • kernel-debug-0:3.10.0-123.4.2.el7
  • kernel-debug-debuginfo-0:3.10.0-123.4.2.el7
  • kernel-debug-devel-0:3.10.0-123.4.2.el7
  • kernel-debuginfo-0:3.10.0-123.4.2.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-123.4.2.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-123.4.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-123.4.2.el7
  • kernel-devel-0:3.10.0-123.4.2.el7
  • kernel-doc-0:3.10.0-123.4.2.el7
  • kernel-headers-0:3.10.0-123.4.2.el7
  • kernel-kdump-0:3.10.0-123.4.2.el7
  • kernel-kdump-debuginfo-0:3.10.0-123.4.2.el7
  • kernel-kdump-devel-0:3.10.0-123.4.2.el7
  • kernel-tools-0:3.10.0-123.4.2.el7
  • kernel-tools-debuginfo-0:3.10.0-123.4.2.el7
  • kernel-tools-libs-0:3.10.0-123.4.2.el7
  • kernel-tools-libs-devel-0:3.10.0-123.4.2.el7
  • perf-0:3.10.0-123.4.2.el7
  • perf-debuginfo-0:3.10.0-123.4.2.el7
  • python-perf-0:3.10.0-123.4.2.el7
  • python-perf-debuginfo-0:3.10.0-123.4.2.el7
  • kernel-0:2.6.32-431.23.3.el6
  • kernel-abi-whitelists-0:2.6.32-431.23.3.el6
  • kernel-bootwrapper-0:2.6.32-431.23.3.el6
  • kernel-debug-0:2.6.32-431.23.3.el6
  • kernel-debug-debuginfo-0:2.6.32-431.23.3.el6
  • kernel-debug-devel-0:2.6.32-431.23.3.el6
  • kernel-debuginfo-0:2.6.32-431.23.3.el6
  • kernel-debuginfo-common-i686-0:2.6.32-431.23.3.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-431.23.3.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-431.23.3.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-431.23.3.el6
  • kernel-devel-0:2.6.32-431.23.3.el6
  • kernel-doc-0:2.6.32-431.23.3.el6
  • kernel-firmware-0:2.6.32-431.23.3.el6
  • kernel-headers-0:2.6.32-431.23.3.el6
  • kernel-kdump-0:2.6.32-431.23.3.el6
  • kernel-kdump-debuginfo-0:2.6.32-431.23.3.el6
  • kernel-kdump-devel-0:2.6.32-431.23.3.el6
  • perf-0:2.6.32-431.23.3.el6
  • perf-debuginfo-0:2.6.32-431.23.3.el6
  • python-perf-0:2.6.32-431.23.3.el6
  • python-perf-debuginfo-0:2.6.32-431.23.3.el6
  • kernel-0:2.6.32-358.48.1.el6
  • kernel-bootwrapper-0:2.6.32-358.48.1.el6
  • kernel-debug-0:2.6.32-358.48.1.el6
  • kernel-debug-debuginfo-0:2.6.32-358.48.1.el6
  • kernel-debug-devel-0:2.6.32-358.48.1.el6
  • kernel-debuginfo-0:2.6.32-358.48.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-358.48.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-358.48.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-358.48.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-358.48.1.el6
  • kernel-devel-0:2.6.32-358.48.1.el6
  • kernel-doc-0:2.6.32-358.48.1.el6
  • kernel-firmware-0:2.6.32-358.48.1.el6
  • kernel-headers-0:2.6.32-358.48.1.el6
  • kernel-kdump-0:2.6.32-358.48.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-358.48.1.el6
  • kernel-kdump-devel-0:2.6.32-358.48.1.el6
  • perf-0:2.6.32-358.48.1.el6
  • perf-debuginfo-0:2.6.32-358.48.1.el6
  • python-perf-0:2.6.32-358.48.1.el6
  • python-perf-debuginfo-0:2.6.32-358.48.1.el6

Seebug

  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:86187
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-86187
    titleLinux group_info refcounter - Overflow Memory Corruption
  • bulletinFamilyexploit
    descriptionBugtraq ID:66779 CVE ID:CVE-2014-2851 Linux Kernel是Linux操作系统的内核。 Linux kernel在ping_init_sock()函数的实现上存在refcount问题,本地攻击者可利用此漏洞获取提升的权限或造成内核崩溃。 0 Linux kernel 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://www.kernel.org/
    idSSV:62163
    last seen2017-11-19
    modified2014-04-15
    published2014-04-15
    reporterRoot
    titleLinux Kernel 'ping_init_sock()'本地权限提升漏洞