Vulnerabilities > CVE-2014-4014 - Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
linux
CWE-264
nessus
exploit available

Summary

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.

Vulnerable Configurations

Part Description Count
OS
Linux
1981

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Accessing, Modifying or Executing Executable Files
    An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Blue Boxing
    This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
  • Restful Privilege Elevation
    Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
  • Target Programs with Elevated Privileges
    This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.

Exploit-Db

descriptionLinux Kernel <= 3.13 - Local Privilege Escalation PoC (gid). CVE-2014-4014. Local exploit for linux platform
fileexploits/linux/local/33824.c
idEDB-ID:33824
last seen2016-02-03
modified2014-06-21
platformlinux
port
published2014-06-21
reporterVitaly Nikolenko
sourcehttps://www.exploit-db.com/download/33824/
titleLinux Kernel <= 3.13 - Local Privilege Escalation PoC gid
typelocal

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2286-1.NASL
    descriptionSasha Levin reported a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76565
    published2014-07-17
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76565
    titleUbuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2286-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2286-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76565);
      script_version("1.20");
      script_cvs_date("Date: 2019/09/19 12:54:30");
    
      script_cve_id("CVE-2014-0131", "CVE-2014-1739", "CVE-2014-3144", "CVE-2014-3145", "CVE-2014-3917", "CVE-2014-4014", "CVE-2014-4608", "CVE-2014-4943");
      script_bugtraq_id(66101, 67309, 67321, 67699, 67988, 68048, 68683);
      script_xref(name:"USN", value:"2286-1");
    
      script_name(english:"Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2286-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Sasha Levin reported a flaw in the Linux kernel's point-to-point
    protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP).
    A local user could exploit this flaw to gain administrative
    privileges. (CVE-2014-4943)
    
    Michael S. Tsirkin discovered an information leak in the Linux
    kernel's segmentation of skbs when using the zerocopy feature of
    vhost-net. A local attacker could exploit this flaw to gain
    potentially sensitive information from kernel memory. (CVE-2014-0131)
    
    Salva Peiro discovered an information leak in the Linux kernel's
    media- device driver. A local attacker could exploit this flaw to
    obtain sensitive information from kernel memory. (CVE-2014-1739)
    
    A bounds check error was discovered in the socket filter subsystem of
    the Linux kernel. A local user could exploit this flaw to cause a
    denial of service (system crash) via crafted BPF instructions.
    (CVE-2014-3144)
    
    A remainder calculation error was discovered in the socket filter
    subsystem of the Linux kernel. A local user could exploit this flaw to
    cause a denial of service (system crash) via crafted BPF instructions.
    (CVE-2014-3145)
    
    An flaw was discovered in the Linux kernel's audit subsystem when
    auditing certain syscalls. A local attacker could exploit this flaw to
    obtain potentially sensitive single-bit values from kernel memory or
    cause a denial of service (OOPS). (CVE-2014-3917)
    
    A flaw was discovered in the Linux kernel's implementation of user
    namespaces with respect to inode permissions. A local user could
    exploit this flaw by creating a user namespace to gain administrative
    privileges. (CVE-2014-4014)
    
    Don Bailey discovered a flaw in the LZO decompress algorithm used by
    the Linux kernel. An attacker could exploit this flaw to cause a
    denial of service (memory corruption or OOPS). (CVE-2014-4608).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2286-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected linux-image-3.8-generic package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.8-generic");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/07/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2014-0131", "CVE-2014-1739", "CVE-2014-3144", "CVE-2014-3145", "CVE-2014-3917", "CVE-2014-4014", "CVE-2014-4608", "CVE-2014-4943");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2286-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.8.0-44-generic", pkgver:"3.8.0-44.66~precise1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.8-generic");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2287-1.NASL
    descriptionSasha Levin reported a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76566
    published2014-07-17
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76566
    titleUbuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2287-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2287-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76566);
      script_version("1.18");
      script_cvs_date("Date: 2019/09/19 12:54:30");
    
      script_cve_id("CVE-2014-0131", "CVE-2014-3917", "CVE-2014-4014", "CVE-2014-4608", "CVE-2014-4611", "CVE-2014-4943");
      script_bugtraq_id(66101, 67699, 67988, 68214, 68218, 68683);
      script_xref(name:"USN", value:"2287-1");
    
      script_name(english:"Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2287-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Sasha Levin reported a flaw in the Linux kernel's point-to-point
    protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP).
    A local user could exploit this flaw to gain administrative
    privileges. (CVE-2014-4943)
    
    Michael S. Tsirkin discovered an information leak in the Linux
    kernel's segmentation of skbs when using the zerocopy feature of
    vhost-net. A local attacker could exploit this flaw to gain
    potentially sensitive information from kernel memory. (CVE-2014-0131)
    
    An flaw was discovered in the Linux kernel's audit subsystem when
    auditing certain syscalls. A local attacker could exploit this flaw to
    obtain potentially sensitive single-bit values from kernel memory or
    cause a denial of service (OOPS). (CVE-2014-3917)
    
    A flaw was discovered in the Linux kernel's implementation of user
    namespaces with respect to inode permissions. A local user could
    exploit this flaw by creating a user namespace to gain administrative
    privileges. (CVE-2014-4014)
    
    Don Bailey discovered a flaw in the LZO decompress algorithm used by
    the Linux kernel. An attacker could exploit this flaw to cause a
    denial of service (memory corruption or OOPS). (CVE-2014-4608)
    
    Don Bailey and Ludvig Strigeus discovered an integer overflow in the
    Linux kernel's implementation of the LZ4 decompression algorithm, when
    used by code not complying with API limitations. An attacker could
    exploit this flaw to cause a denial of service (memory corruption) or
    possibly other unspecified impact. (CVE-2014-4611).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2287-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected linux-image-3.11-generic and / or
    linux-image-3.11-generic-lpae packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/07/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2014-0131", "CVE-2014-3917", "CVE-2014-4014", "CVE-2014-4608", "CVE-2014-4611", "CVE-2014-4943");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2287-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.11.0-26-generic", pkgver:"3.11.0-26.45~precise1")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.11.0-26-generic-lpae", pkgver:"3.11.0-26.45~precise1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.11-generic / linux-image-3.11-generic-lpae");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2337-1.NASL
    descriptionA flaw was discovered in the Linux kernel virtual machine
    last seen2020-06-01
    modified2020-06-02
    plugin id77492
    published2014-09-03
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77492
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-2337-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2337-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77492);
      script_version("1.19");
      script_cvs_date("Date: 2019/09/19 12:54:30");
    
      script_cve_id("CVE-2014-0155", "CVE-2014-0181", "CVE-2014-0206", "CVE-2014-4014", "CVE-2014-4027", "CVE-2014-4171", "CVE-2014-4508", "CVE-2014-4652", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-4656", "CVE-2014-4667", "CVE-2014-5045");
      script_bugtraq_id(66688, 67034, 67985, 67988, 68126, 68157, 68162, 68163, 68164, 68170, 68176, 68224, 68862);
      script_xref(name:"USN", value:"2337-1");
    
      script_name(english:"Ubuntu 14.04 LTS : linux vulnerabilities (USN-2337-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A flaw was discovered in the Linux kernel virtual machine's (kvm)
    validation of interrupt requests (irq). A guest OS user could exploit
    this flaw to cause a denial of service (host OS crash).
    (CVE-2014-0155)
    
    Andy Lutomirski discovered a flaw in the authorization of netlink
    socket operations when a socket is passed to a process of more
    privilege. A local user could exploit this flaw to bypass access
    restrictions by having a privileged executable do something it was not
    intended to do. (CVE-2014-0181)
    
    An information leak was discovered in the Linux kernels
    aio_read_events_ring function. A local user could exploit this flaw to
    obtain potentially sensitive information from kernel memory.
    (CVE-2014-0206)
    
    A flaw was discovered in the Linux kernel's implementation of user
    namespaces with respect to inode permissions. A local user could
    exploit this flaw by creating a user namespace to gain administrative
    privileges. (CVE-2014-4014)
    
    An information leak was discovered in the rd_mcp backend of the iSCSI
    target subsystem in the Linux kernel. A local user could exploit this
    flaw to obtain sensitive information from ramdisk_mcp memory by
    leveraging access to a SCSI initiator. (CVE-2014-4027)
    
    Sasha Levin reported an issue with the Linux kernel's shared memory
    subsystem when used with range notifications and hole punching. A
    local user could exploit this flaw to cause a denial of service.
    (CVE-2014-4171)
    
    Toralf Forster reported an error in the Linux kernels syscall
    auditing on 32 bit x86 platforms. A local user could exploit this flaw
    to cause a denial of service (OOPS and system crash). (CVE-2014-4508)
    
    An information leak was discovered in the control implemenation of the
    Advanced Linux Sound Architecture (ALSA) subsystem in the Linux
    kernel. A local user could exploit this flaw to obtain sensitive
    information from kernel memory. (CVE-2014-4652)
    
    A use-after-free flaw was discovered in the Advanced Linux Sound
    Architecture (ALSA) control implementation of the Linux kernel. A
    local user could exploit this flaw to cause a denial of service
    (system crash). (CVE-2014-4653)
    
    A authorization bug was discovered with the snd_ctl_elem_add function
    of the Advanced Linux Sound Architecture (ALSA) in the Linux kernel. A
    local user could exploit his bug to cause a denial of service (remove
    kernel controls). (CVE-2014-4654)
    
    A flaw discovered in how the snd_ctl_elem function of the Advanced
    Linux Sound Architecture (ALSA) handled a reference count. A local
    user could exploit this flaw to cause a denial of service (integer
    overflow and limit bypass). (CVE-2014-4655)
    
    An integer overflow flaw was discovered in the control implementation
    of the Advanced Linux Sound Architecture (ALSA). A local user could
    exploit this flaw to cause a denial of service (system crash).
    (CVE-2014-4656)
    
    An integer underflow flaw was discovered in the Linux kernel's
    handling of the backlog value for certain SCTP packets. A remote
    attacker could exploit this flaw to cause a denial of service (socket
    outage) via a crafted SCTP packet. (CVE-2014-4667)
    
    Vasily Averin discover a reference count flaw during attempts to
    umount in conjunction with a symlink. A local user could exploit this
    flaw to cause a denial of service (memory consumption or use after
    free) or possibly have other unspecified impact. (CVE-2014-5045).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2337-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected linux-image-3.13-generic,
    linux-image-3.13-generic-lpae and / or linux-image-3.13-lowlatency
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/09/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2014-0155", "CVE-2014-0181", "CVE-2014-0206", "CVE-2014-4014", "CVE-2014-4027", "CVE-2014-4171", "CVE-2014-4508", "CVE-2014-4652", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-4656", "CVE-2014-4667", "CVE-2014-5045");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2337-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-3.13.0-35-generic", pkgver:"3.13.0-35.62")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-3.13.0-35-generic-lpae", pkgver:"3.13.0-35.62")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-3.13.0-35-lowlatency", pkgver:"3.13.0-35.62")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2285-1.NASL
    descriptionSasha Levin reported a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76564
    published2014-07-17
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76564
    titleUbuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2285-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2285-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76564);
      script_version("1.19");
      script_cvs_date("Date: 2019/09/19 12:54:30");
    
      script_cve_id("CVE-2014-0131", "CVE-2014-1739", "CVE-2014-3917", "CVE-2014-4014", "CVE-2014-4027", "CVE-2014-4608", "CVE-2014-4943");
      script_bugtraq_id(66101, 67699, 67985, 67988, 68048, 68214, 68683);
      script_xref(name:"USN", value:"2285-1");
    
      script_name(english:"Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2285-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Sasha Levin reported a flaw in the Linux kernel's point-to-point
    protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP).
    A local user could exploit this flaw to gain administrative
    privileges. (CVE-2014-4943)
    
    Michael S. Tsirkin discovered an information leak in the Linux
    kernel's segmentation of skbs when using the zerocopy feature of
    vhost-net. A local attacker could exploit this flaw to gain
    potentially sensitive information from kernel memory. (CVE-2014-0131)
    
    Salva Peiro discovered an information leak in the Linux kernel's
    media- device driver. A local attacker could exploit this flaw to
    obtain sensitive information from kernel memory. (CVE-2014-1739)
    
    An flaw was discovered in the Linux kernel's audit subsystem when
    auditing certain syscalls. A local attacker could exploit this flaw to
    obtain potentially sensitive single-bit values from kernel memory or
    cause a denial of service (OOPS). (CVE-2014-3917)
    
    A flaw was discovered in the Linux kernel's implementation of user
    namespaces with respect to inode permissions. A local user could
    exploit this flaw by creating a user namespace to gain administrative
    privileges. (CVE-2014-4014)
    
    An information leak was discovered in the rd_mcp backend of the iSCSI
    target subsystem in the Linux kernel. A local user could exploit this
    flaw to obtain sensitive information from ramdisk_mcp memory by
    leveraging access to a SCSI initiator. (CVE-2014-4027)
    
    Don Bailey discovered a flaw in the LZO decompress algorithm used by
    the Linux kernel. An attacker could exploit this flaw to cause a
    denial of service (memory corruption or OOPS). (CVE-2014-4608).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2285-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected linux-image-3.5-generic package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.5-generic");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/07/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2014-0131", "CVE-2014-1739", "CVE-2014-3917", "CVE-2014-4014", "CVE-2014-4027", "CVE-2014-4608", "CVE-2014-4943");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2285-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.5.0-54-generic", pkgver:"3.5.0-54.81~precise1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.5-generic");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-478.NASL
    descriptionThe Linux Kernel was updated to fix various bugs and security issues. CVE-2014-4699: The Linux kernel on Intel processors did not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allowed local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls. CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel did not properly manage a certain backlog value, which allowed remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. CVE-2014-4171: mm/shmem.c in the Linux kernel did not properly implement the interaction between range notification and hole punching, which allowed local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call. CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. CVE-2014-4656: Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel allowed local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function. CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel did not properly maintain the user_ctl_count value, which allowed local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel did not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allowed local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call. CVE-2014-4653: sound/core/control.c in the ALSA control implementation in the Linux kernel did not ensure possession of a read/write lock, which allowed local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. CVE-2014-4652: Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel allowed local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. CVE-2014-4014: The capabilities implementation in the Linux kernel did not properly consider that namespaces are inapplicable to inodes, which allowed local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root. CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the Linux kernel did not properly count the addition of routes, which allowed remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. CVE-2014-3917: kernel/auditsc.c in the Linux kernel, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allowed local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. CVE-2014-0131: Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel allowed attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel did not check whether a certain length value is sufficiently large, which allowed local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel used the reverse order in a certain subtraction, which allowed local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced. Additional Bug fixed : - HID: logitech-dj: Fix USB 3.0 issue (bnc#788080).
    last seen2020-06-05
    modified2014-08-04
    plugin id76988
    published2014-08-04
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76988
    titleopenSUSE Security Update : kernel (openSUSE-SU-2014:0957-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2014-478.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76988);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-0131", "CVE-2014-2309", "CVE-2014-3144", "CVE-2014-3145", "CVE-2014-3917", "CVE-2014-4014", "CVE-2014-4171", "CVE-2014-4508", "CVE-2014-4652", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-4656", "CVE-2014-4667", "CVE-2014-4699");
    
      script_name(english:"openSUSE Security Update : kernel (openSUSE-SU-2014:0957-1)");
      script_summary(english:"Check for the openSUSE-2014-478 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Linux Kernel was updated to fix various bugs and security issues.
    
    CVE-2014-4699: The Linux kernel on Intel processors did not properly
    restrict use of a non-canonical value for the saved RIP address in the
    case of a system call that does not use IRET, which allowed local
    users to leverage a race condition and gain privileges, or cause a
    denial of service (double fault), via a crafted application that makes
    ptrace and fork system calls.
    
    CVE-2014-4667: The sctp_association_free function in
    net/sctp/associola.c in the Linux kernel did not properly manage a
    certain backlog value, which allowed remote attackers to cause a
    denial of service (socket outage) via a crafted SCTP packet.
    
    CVE-2014-4171: mm/shmem.c in the Linux kernel did not properly
    implement the interaction between range notification and hole
    punching, which allowed local users to cause a denial of service
    (i_mutex hold) by using the mmap system call to access a hole, as
    demonstrated by interfering with intended shmem activity by blocking
    completion of (1) an MADV_REMOVE madvise call or (2) an
    FALLOC_FL_PUNCH_HOLE fallocate call.
    
    CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on
    32-bit x86 platforms, when syscall auditing is enabled and the sep CPU
    feature flag is set, allowed local users to cause a denial of service
    (OOPS and system crash) via an invalid syscall number, as demonstrated
    by number 1000.
    
    CVE-2014-4656: Multiple integer overflows in sound/core/control.c in
    the ALSA control implementation in the Linux kernel allowed local
    users to cause a denial of service by leveraging /dev/snd/controlCX
    access, related to (1) index values in the snd_ctl_add function and
    (2) numid values in the snd_ctl_remove_numid_conflict function.
    
    CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c
    in the ALSA control implementation in the Linux kernel did not
    properly maintain the user_ctl_count value, which allowed local users
    to cause a denial of service (integer overflow and limit bypass) by
    leveraging /dev/snd/controlCX access for a large number of
    SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.
    
    CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c
    in the ALSA control implementation in the Linux kernel did not check
    authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allowed
    local users to remove kernel controls and cause a denial of service
    (use-after-free and system crash) by leveraging /dev/snd/controlCX
    access for an ioctl call.
    
    CVE-2014-4653: sound/core/control.c in the ALSA control implementation
    in the Linux kernel did not ensure possession of a read/write lock,
    which allowed local users to cause a denial of service
    (use-after-free) and obtain sensitive information from kernel memory
    by leveraging /dev/snd/controlCX access.
    
    CVE-2014-4652: Race condition in the tlv handler functionality in the
    snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA
    control implementation in the Linux kernel allowed local users to
    obtain sensitive information from kernel memory by leveraging
    /dev/snd/controlCX access.
    
    CVE-2014-4014: The capabilities implementation in the Linux kernel did
    not properly consider that namespaces are inapplicable to inodes,
    which allowed local users to bypass intended chmod restrictions by
    first creating a user namespace, as demonstrated by setting the setgid
    bit on a file with group ownership of root.
    
    CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the
    Linux kernel did not properly count the addition of routes, which
    allowed remote attackers to cause a denial of service (memory
    consumption) via a flood of ICMPv6 Router Advertisement packets.
    
    CVE-2014-3917: kernel/auditsc.c in the Linux kernel, when
    CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allowed
    local users to obtain potentially sensitive single-bit values from
    kernel memory or cause a denial of service (OOPS) via a large value of
    a syscall number.
    
    CVE-2014-0131: Use-after-free vulnerability in the skb_segment
    function in net/core/skbuff.c in the Linux kernel allowed attackers to
    obtain sensitive information from kernel memory by leveraging the
    absence of a certain orphaning operation.
    
    CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST
    extension implementations in the sk_run_filter function in
    net/core/filter.c in the Linux kernel did not check whether a certain
    length value is sufficiently large, which allowed local users to cause
    a denial of service (integer underflow and system crash) via crafted
    BPF instructions.
    
    CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in
    the sk_run_filter function in net/core/filter.c in the Linux kernel
    used the reverse order in a certain subtraction, which allowed local
    users to cause a denial of service (over-read and system crash) via
    crafted BPF instructions. NOTE: the affected code was moved to the
    __skb_get_nlattr_nest function before the vulnerability was announced.
    
    Additional Bug fixed :
    
      - HID: logitech-dj: Fix USB 3.0 issue (bnc#788080)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=788080"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=867531"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=867723"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=877257"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=880484"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=882189"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=883518"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=883724"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=883795"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=885422"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=885725"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2014-08/msg00000.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/07/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-base-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-base-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-debugsource-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-devel-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-default-devel-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-devel-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-source-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-source-vanilla-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", reference:"kernel-syms-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-base-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-base-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-debugsource-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-devel-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-debug-devel-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-base-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-base-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-debugsource-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-devel-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-desktop-devel-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-base-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-base-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-debugsource-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-devel-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-ec2-devel-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-base-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-base-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-debugsource-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-devel-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-pae-devel-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-base-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-base-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-debugsource-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-devel-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-trace-devel-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-debugsource-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-devel-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-vanilla-devel-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-base-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-base-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-debugsource-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-devel-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"i686", reference:"kernel-xen-devel-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-base-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-base-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-debugsource-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-devel-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-debug-devel-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-base-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-base-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-debugsource-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-devel-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-desktop-devel-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-base-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-base-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-debugsource-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-devel-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-ec2-devel-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-base-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-base-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-debugsource-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-devel-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-pae-devel-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-base-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-base-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-debugsource-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-devel-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-trace-devel-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-debugsource-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-devel-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-vanilla-devel-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-base-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-debugsource-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-devel-3.7.10-1.40.1") ) flag++;
    if ( rpm_check(release:"SUSE12.3", cpu:"x86_64", reference:"kernel-xen-devel-debuginfo-3.7.10-1.40.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-7426.NASL
    descriptionThe 3.14.8 stable update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-06-23
    plugin id76176
    published2014-06-23
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76176
    titleFedora 19 : kernel-3.14.8-100.fc19 (2014-7426)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2014-7426.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76176);
      script_version("1.10");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2014-4014");
      script_bugtraq_id(67988);
      script_xref(name:"FEDORA", value:"2014-7426");
    
      script_name(english:"Fedora 19 : kernel-3.14.8-100.fc19 (2014-7426)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The 3.14.8 stable update contains a number of important fixes across
    the tree.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1107966"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134647.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c7710928"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/06/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC19", reference:"kernel-3.14.8-100.fc19")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0057.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id99163
    published2017-04-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99163
    titleOracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2017-0057.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(99163);
      script_version("3.12");
      script_cvs_date("Date: 2019/09/27 13:00:35");
    
      script_cve_id("CVE-2013-0343", "CVE-2013-1059", "CVE-2013-2140", "CVE-2013-2147", "CVE-2013-2148", "CVE-2013-2164", "CVE-2013-2234", "CVE-2013-2237", "CVE-2013-2850", "CVE-2013-2851", "CVE-2013-2852", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2892", "CVE-2013-2893", "CVE-2013-2895", "CVE-2013-2896", "CVE-2013-2897", "CVE-2013-2898", "CVE-2013-2899", "CVE-2013-2929", "CVE-2013-2930", "CVE-2013-4162", "CVE-2013-4163", "CVE-2013-4299", "CVE-2013-4312", "CVE-2013-4345", "CVE-2013-4348", "CVE-2013-4350", "CVE-2013-4470", "CVE-2013-4579", "CVE-2013-4587", "CVE-2013-4592", "CVE-2013-6367", "CVE-2013-6368", "CVE-2013-6376", "CVE-2013-6383", "CVE-2013-6885", "CVE-2013-7263", "CVE-2013-7265", "CVE-2013-7266", "CVE-2013-7421", "CVE-2013-7446", "CVE-2014-0038", "CVE-2014-0049", "CVE-2014-0055", "CVE-2014-0069", "CVE-2014-0077", "CVE-2014-0101", "CVE-2014-0181", "CVE-2014-0196", "CVE-2014-1690", "CVE-2014-1737", "CVE-2014-1738", "CVE-2014-1739", "CVE-2014-2309", "CVE-2014-2523", "CVE-2014-2851", "CVE-2014-3144", "CVE-2014-3145", "CVE-2014-3153", "CVE-2014-3181", "CVE-2014-3182", "CVE-2014-3184", "CVE-2014-3185", "CVE-2014-3186", "CVE-2014-3215", "CVE-2014-3535", "CVE-2014-3601", "CVE-2014-3610", "CVE-2014-3611", "CVE-2014-3645", "CVE-2014-3646", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-4014", "CVE-2014-4027", "CVE-2014-4171", "CVE-2014-4652", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-4656", "CVE-2014-4667", "CVE-2014-4699", "CVE-2014-4943", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-6410", "CVE-2014-7822", "CVE-2014-7826", "CVE-2014-7970", "CVE-2014-7975", "CVE-2014-8133", "CVE-2014-8134", "CVE-2014-8159", "CVE-2014-8160", "CVE-2014-8171", "CVE-2014-8173", "CVE-2014-8884", "CVE-2014-8989", "CVE-2014-9090", "CVE-2014-9322", "CVE-2014-9529", "CVE-2014-9585", "CVE-2014-9644", "CVE-2015-0239", "CVE-2015-1333", "CVE-2015-1421", "CVE-2015-1593", "CVE-2015-1805", "CVE-2015-2150", "CVE-2015-2830", "CVE-2015-2922", "CVE-2015-3212", "CVE-2015-3339", "CVE-2015-3636", "CVE-2015-4700", "CVE-2015-5156", "CVE-2015-5157", "CVE-2015-5283", "CVE-2015-5307", "CVE-2015-5364", "CVE-2015-5366", "CVE-2015-5697", "CVE-2015-5707", "CVE-2015-6937", "CVE-2015-7613", "CVE-2015-7872", "CVE-2015-8104", "CVE-2015-8215", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8569", "CVE-2015-8767", "CVE-2015-8956", "CVE-2016-0728", "CVE-2016-0758", "CVE-2016-0774", "CVE-2016-10088", "CVE-2016-10142", "CVE-2016-1583", "CVE-2016-2053", "CVE-2016-2117", "CVE-2016-3070", "CVE-2016-3134", "CVE-2016-3140", "CVE-2016-3157", "CVE-2016-3672", "CVE-2016-3699", "CVE-2016-4470", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-4565", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-4997", "CVE-2016-4998", "CVE-2016-5195", "CVE-2016-5696", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7042", "CVE-2016-7117", "CVE-2016-7425", "CVE-2016-8399", "CVE-2016-8633", "CVE-2016-8645", "CVE-2016-8646", "CVE-2016-8650", "CVE-2016-8655", "CVE-2016-9178", "CVE-2016-9555", "CVE-2016-9588", "CVE-2016-9644", "CVE-2016-9793", "CVE-2016-9794", "CVE-2017-2636", "CVE-2017-5970", "CVE-2017-6074", "CVE-2017-6345", "CVE-2017-7187");
      script_bugtraq_id(58795, 60243, 60280, 60341, 60375, 60409, 60410, 60414, 60874, 60922, 60953, 61411, 61412, 62042, 62043, 62044, 62045, 62046, 62048, 62049, 62050, 62056, 62405, 62740, 63183, 63359, 63536, 63743, 63790, 63888, 63983, 64111, 64270, 64291, 64318, 64319, 64328, 64677, 64686, 64743, 65180, 65255, 65588, 65909, 65943, 66095, 66279, 66441, 66678, 66779, 67034, 67199, 67282, 67300, 67302, 67309, 67321, 67341, 67906, 67985, 67988, 68048, 68157, 68159, 68162, 68163, 68164, 68170, 68224, 68411, 68683, 68768, 69396, 69428, 69489, 69721, 69763, 69768, 69770, 69779, 69781, 69799, 70314, 70319, 70742, 70743, 70745, 70746, 70766, 70768, 70883, 70971, 71097, 71154, 71250, 71367, 71650, 71684, 71685, 71880, 71990, 72061, 72320, 72322, 72347, 72356, 72607, 72842, 73014, 73060, 73133, 73699, 74243, 74293, 74315, 74450, 74951, 75356, 75510, 76005);
      script_xref(name:"IAVA", value:"2016-A-0306");
    
      script_name(english:"OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates : please see Oracle VM Security Advisory
    OVMSA-2017-0057 for details."
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2017-April/000675.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bc2355e2"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel-uek / kernel-uek-firmware packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'AF_PACKET chocobo_root Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/04/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/03");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.3" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.3", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.3", reference:"kernel-uek-3.8.13-118.17.4.el6uek")) flag++;
    if (rpm_check(release:"OVS3.3", reference:"kernel-uek-firmware-3.8.13-118.17.4.el6uek")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-uek / kernel-uek-firmware");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2336-1.NASL
    descriptionA flaw was discovered in the Linux kernel virtual machine
    last seen2020-06-01
    modified2020-06-02
    plugin id77491
    published2014-09-03
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77491
    titleUbuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2336-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2336-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77491);
      script_version("1.19");
      script_cvs_date("Date: 2019/09/19 12:54:30");
    
      script_cve_id("CVE-2014-0155", "CVE-2014-0181", "CVE-2014-0206", "CVE-2014-4014", "CVE-2014-4027", "CVE-2014-4171", "CVE-2014-4508", "CVE-2014-4652", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-4656", "CVE-2014-4667", "CVE-2014-5045");
      script_bugtraq_id(66688, 67034, 67985, 67988, 68126, 68157, 68162, 68163, 68164, 68170, 68176, 68224, 68862);
      script_xref(name:"USN", value:"2336-1");
    
      script_name(english:"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2336-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A flaw was discovered in the Linux kernel virtual machine's (kvm)
    validation of interrupt requests (irq). A guest OS user could exploit
    this flaw to cause a denial of service (host OS crash).
    (CVE-2014-0155)
    
    Andy Lutomirski discovered a flaw in the authorization of netlink
    socket operations when a socket is passed to a process of more
    privilege. A local user could exploit this flaw to bypass access
    restrictions by having a privileged executable do something it was not
    intended to do. (CVE-2014-0181)
    
    An information leak was discovered in the Linux kernels
    aio_read_events_ring function. A local user could exploit this flaw to
    obtain potentially sensitive information from kernel memory.
    (CVE-2014-0206)
    
    A flaw was discovered in the Linux kernel's implementation of user
    namespaces with respect to inode permissions. A local user could
    exploit this flaw by creating a user namespace to gain administrative
    privileges. (CVE-2014-4014)
    
    An information leak was discovered in the rd_mcp backend of the iSCSI
    target subsystem in the Linux kernel. A local user could exploit this
    flaw to obtain sensitive information from ramdisk_mcp memory by
    leveraging access to a SCSI initiator. (CVE-2014-4027)
    
    Sasha Levin reported an issue with the Linux kernel's shared memory
    subsystem when used with range notifications and hole punching. A
    local user could exploit this flaw to cause a denial of service.
    (CVE-2014-4171)
    
    Toralf Forster reported an error in the Linux kernels syscall
    auditing on 32 bit x86 platforms. A local user could exploit this flaw
    to cause a denial of service (OOPS and system crash). (CVE-2014-4508)
    
    An information leak was discovered in the control implemenation of the
    Advanced Linux Sound Architecture (ALSA) subsystem in the Linux
    kernel. A local user could exploit this flaw to obtain sensitive
    information from kernel memory. (CVE-2014-4652)
    
    A use-after-free flaw was discovered in the Advanced Linux Sound
    Architecture (ALSA) control implementation of the Linux kernel. A
    local user could exploit this flaw to cause a denial of service
    (system crash). (CVE-2014-4653)
    
    A authorization bug was discovered with the snd_ctl_elem_add function
    of the Advanced Linux Sound Architecture (ALSA) in the Linux kernel. A
    local user could exploit his bug to cause a denial of service (remove
    kernel controls). (CVE-2014-4654)
    
    A flaw discovered in how the snd_ctl_elem function of the Advanced
    Linux Sound Architecture (ALSA) handled a reference count. A local
    user could exploit this flaw to cause a denial of service (integer
    overflow and limit bypass). (CVE-2014-4655)
    
    An integer overflow flaw was discovered in the control implementation
    of the Advanced Linux Sound Architecture (ALSA). A local user could
    exploit this flaw to cause a denial of service (system crash).
    (CVE-2014-4656)
    
    An integer underflow flaw was discovered in the Linux kernel's
    handling of the backlog value for certain SCTP packets. A remote
    attacker could exploit this flaw to cause a denial of service (socket
    outage) via a crafted SCTP packet. (CVE-2014-4667)
    
    Vasily Averin discover a reference count flaw during attempts to
    umount in conjunction with a symlink. A local user could exploit this
    flaw to cause a denial of service (memory consumption or use after
    free) or possibly have other unspecified impact. (CVE-2014-5045).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2336-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected linux-image-3.13-generic and / or
    linux-image-3.13-generic-lpae packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/09/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2014-0155", "CVE-2014-0181", "CVE-2014-0206", "CVE-2014-4014", "CVE-2014-4027", "CVE-2014-4171", "CVE-2014-4508", "CVE-2014-4652", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-4656", "CVE-2014-4667", "CVE-2014-5045");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2336-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.13.0-35-generic", pkgver:"3.13.0-35.62~precise1")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.13.0-35-generic-lpae", pkgver:"3.13.0-35.62~precise1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.13-generic / linux-image-3.13-generic-lpae");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-7430.NASL
    descriptionThe 3.14.8 stable update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-06-19
    plugin id76133
    published2014-06-19
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76133
    titleFedora 20 : kernel-3.14.8-200.fc20 (2014-7430)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2014-7430.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76133);
      script_version("1.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2014-4014");
      script_bugtraq_id(67988);
      script_xref(name:"FEDORA", value:"2014-7430");
    
      script_name(english:"Fedora 20 : kernel-3.14.8-200.fc20 (2014-7430)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The 3.14.8 stable update contains a number of important fixes across
    the tree.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1107966"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134508.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f62ff6af"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/06/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/19");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC20", reference:"kernel-3.14.8-200.fc20")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-493.NASL
    descriptionThe Linux kernel was updated to fix security issues and bugs : Security issues fixed: CVE-2014-4699: The Linux kernel on Intel processors did not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allowed local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls. CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel did not properly manage a certain backlog value, which allowed remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. CVE-2014-4171: mm/shmem.c in the Linux kernel did not properly implement the interaction between range notification and hole punching, which allowed local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call. CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. CVE-2014-0100: Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free error) or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system with a heavy CPU load. CVE-2014-4656: Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel allowed local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function. CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel did not properly maintain the user_ctl_count value, which allowed local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel did not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allowed local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call. CVE-2014-4653: sound/core/control.c in the ALSA control implementation in the Linux kernel did not ensure possession of a read/write lock, which allowed local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. CVE-2014-4652: Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel allowed local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access. CVE-2014-4014: The capabilities implementation in the Linux kernel did not properly consider that namespaces are inapplicable to inodes, which allowed local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root. CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the Linux kernel did not properly count the addition of routes, which allowed remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. CVE-2014-3917: kernel/auditsc.c in the Linux kernel, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allowed local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. CVE-2014-0131: Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel allowed attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. Bugs fixed : - Don
    last seen2020-06-05
    modified2014-08-13
    plugin id77177
    published2014-08-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77177
    titleopenSUSE Security Update : kernel (openSUSE-SU-2014:0985-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2014-493.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77177);
      script_version("1.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-0100", "CVE-2014-0131", "CVE-2014-2309", "CVE-2014-3917", "CVE-2014-4014", "CVE-2014-4171", "CVE-2014-4508", "CVE-2014-4652", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-4656", "CVE-2014-4667", "CVE-2014-4699");
      script_bugtraq_id(65952, 66095, 66101, 67699, 67988, 68126, 68157, 68162, 68163, 68164, 68170, 68224, 68411);
    
      script_name(english:"openSUSE Security Update : kernel (openSUSE-SU-2014:0985-1)");
      script_summary(english:"Check for the openSUSE-2014-493 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Linux kernel was updated to fix security issues and bugs :
    
    Security issues fixed: CVE-2014-4699: The Linux kernel on Intel
    processors did not properly restrict use of a non-canonical value for
    the saved RIP address in the case of a system call that does not use
    IRET, which allowed local users to leverage a race condition and gain
    privileges, or cause a denial of service (double fault), via a crafted
    application that makes ptrace and fork system calls.
    
    CVE-2014-4667: The sctp_association_free function in
    net/sctp/associola.c in the Linux kernel did not properly manage a
    certain backlog value, which allowed remote attackers to cause a
    denial of service (socket outage) via a crafted SCTP packet.
    
    CVE-2014-4171: mm/shmem.c in the Linux kernel did not properly
    implement the interaction between range notification and hole
    punching, which allowed local users to cause a denial of service
    (i_mutex hold) by using the mmap system call to access a hole, as
    demonstrated by interfering with intended shmem activity by blocking
    completion of (1) an MADV_REMOVE madvise call or (2) an
    FALLOC_FL_PUNCH_HOLE fallocate call.
    
    CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on
    32-bit x86 platforms, when syscall auditing is enabled and the sep CPU
    feature flag is set, allowed local users to cause a denial of service
    (OOPS and system crash) via an invalid syscall number, as demonstrated
    by number 1000.
    
    CVE-2014-0100: Race condition in the inet_frag_intern function in
    net/ipv4/inet_fragment.c in the Linux kernel allowed remote attackers
    to cause a denial of service (use-after-free error) or possibly have
    unspecified other impact via a large series of fragmented ICMP Echo
    Request packets to a system with a heavy CPU load.
    
    CVE-2014-4656: Multiple integer overflows in sound/core/control.c in
    the ALSA control implementation in the Linux kernel allowed local
    users to cause a denial of service by leveraging /dev/snd/controlCX
    access, related to (1) index values in the snd_ctl_add function and
    (2) numid values in the snd_ctl_remove_numid_conflict function.
    
    CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c
    in the ALSA control implementation in the Linux kernel did not
    properly maintain the user_ctl_count value, which allowed local users
    to cause a denial of service (integer overflow and limit bypass) by
    leveraging /dev/snd/controlCX access for a large number of
    SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls.
    
    CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c
    in the ALSA control implementation in the Linux kernel did not check
    authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allowed
    local users to remove kernel controls and cause a denial of service
    (use-after-free and system crash) by leveraging /dev/snd/controlCX
    access for an ioctl call.
    
    CVE-2014-4653: sound/core/control.c in the ALSA control implementation
    in the Linux kernel did not ensure possession of a read/write lock,
    which allowed local users to cause a denial of service
    (use-after-free) and obtain sensitive information from kernel memory
    by leveraging /dev/snd/controlCX access.
    
    CVE-2014-4652: Race condition in the tlv handler functionality in the
    snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA
    control implementation in the Linux kernel allowed local users to
    obtain sensitive information from kernel memory by leveraging
    /dev/snd/controlCX access.
    
    CVE-2014-4014: The capabilities implementation in the Linux kernel did
    not properly consider that namespaces are inapplicable to inodes,
    which allowed local users to bypass intended chmod restrictions by
    first creating a user namespace, as demonstrated by setting the setgid
    bit on a file with group ownership of root.
    
    CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the
    Linux kernel did not properly count the addition of routes, which
    allowed remote attackers to cause a denial of service (memory
    consumption) via a flood of ICMPv6 Router Advertisement packets.
    
    CVE-2014-3917: kernel/auditsc.c in the Linux kernel, when
    CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allowed
    local users to obtain potentially sensitive single-bit values from
    kernel memory or cause a denial of service (OOPS) via a large value of
    a syscall number.
    
    CVE-2014-0131: Use-after-free vulnerability in the skb_segment
    function in net/core/skbuff.c in the Linux kernel allowed attackers to
    obtain sensitive information from kernel memory by leveraging the
    absence of a certain orphaning operation.
    
    Bugs fixed :
    
      - Don't trigger congestion wait on dirty-but-not-writeout
        pages (bnc#879071).
    
      - via-velocity: fix netif_receive_skb use in irq disabled
        section (bnc#851686).
    
      - HID: logitech-dj: Fix USB 3.0 issue (bnc#886629).
    
      - tg3: Change nvram command timeout value to 50ms
        (bnc#768714 bnc#855657).
    
      - tg3: Override clock, link aware and link idle mode
        during NVRAM dump (bnc#768714 bnc#855657).
    
      - tg3: Set the MAC clock to the fastest speed during boot
        code load (bnc#768714 bnc#855657).
    
      - ALSA: usb-audio: Fix deadlocks at resuming (bnc#884840).
    
      - ALSA: usb-audio: Save mixer status only once at suspend
        (bnc#884840).
    
      - ALSA: usb-audio: Resume mixer values properly
        (bnc#884840)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=768714"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=851686"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=855657"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=866101"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=867531"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=867723"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=879071"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=880484"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=882189"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=883518"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=883724"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=883795"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=884840"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=885422"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=885725"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=886629"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.opensuse.org/opensuse-updates/2014-08/msg00016.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-eppic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-eppic-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-gcore");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-gcore-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libipset3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libipset3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-xend-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/07/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/08/13");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"cloop-2.639-11.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"cloop-debuginfo-2.639-11.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"cloop-debugsource-2.639-11.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-default-2.639_k3.11.10_21-11.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-default-debuginfo-2.639_k3.11.10_21-11.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-desktop-2.639_k3.11.10_21-11.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-desktop-debuginfo-2.639_k3.11.10_21-11.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-pae-2.639_k3.11.10_21-11.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-pae-debuginfo-2.639_k3.11.10_21-11.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-xen-2.639_k3.11.10_21-11.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-xen-debuginfo-2.639_k3.11.10_21-11.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-7.0.2-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-debuginfo-7.0.2-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-debugsource-7.0.2-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-devel-7.0.2-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-eppic-7.0.2-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-eppic-debuginfo-7.0.2-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-gcore-7.0.2-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-gcore-debuginfo-7.0.2-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-default-7.0.2_k3.11.10_21-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-default-debuginfo-7.0.2_k3.11.10_21-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-desktop-7.0.2_k3.11.10_21-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-desktop-debuginfo-7.0.2_k3.11.10_21-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-pae-7.0.2_k3.11.10_21-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-pae-debuginfo-7.0.2_k3.11.10_21-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-xen-7.0.2_k3.11.10_21-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-xen-debuginfo-7.0.2_k3.11.10_21-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-debugsource-1.28-16.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-default-1.28_k3.11.10_21-16.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-default-debuginfo-1.28_k3.11.10_21-16.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-desktop-1.28_k3.11.10_21-16.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-desktop-debuginfo-1.28_k3.11.10_21-16.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-pae-1.28_k3.11.10_21-16.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-pae-debuginfo-1.28_k3.11.10_21-16.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-xen-1.28_k3.11.10_21-16.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-xen-debuginfo-1.28_k3.11.10_21-16.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-6.21.1-2.17.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-debuginfo-6.21.1-2.17.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-debugsource-6.21.1-2.17.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-devel-6.21.1-2.17.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-default-6.21.1_k3.11.10_21-2.17.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-default-debuginfo-6.21.1_k3.11.10_21-2.17.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-desktop-6.21.1_k3.11.10_21-2.17.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-desktop-debuginfo-6.21.1_k3.11.10_21-2.17.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-pae-6.21.1_k3.11.10_21-2.17.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-pae-debuginfo-6.21.1_k3.11.10_21-2.17.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-xen-6.21.1_k3.11.10_21-2.17.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-xen-debuginfo-6.21.1_k3.11.10_21-2.17.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-1.4.20.3-13.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-debuginfo-1.4.20.3-13.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-debugsource-1.4.20.3-13.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-default-1.4.20.3_k3.11.10_21-13.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-default-debuginfo-1.4.20.3_k3.11.10_21-13.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-desktop-1.4.20.3_k3.11.10_21-13.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-desktop-debuginfo-1.4.20.3_k3.11.10_21-13.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-pae-1.4.20.3_k3.11.10_21-13.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-pae-debuginfo-1.4.20.3_k3.11.10_21-13.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-xen-1.4.20.3_k3.11.10_21-13.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-xen-debuginfo-1.4.20.3_k3.11.10_21-13.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-base-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-base-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-debugsource-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-devel-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-devel-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"kernel-devel-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"kernel-source-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"kernel-source-vanilla-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"kernel-syms-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libipset3-6.21.1-2.17.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libipset3-debuginfo-6.21.1-2.17.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-1.58-13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-debuginfo-1.58-13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-debugsource-1.58-13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-kmp-default-1.58_k3.11.10_21-13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-kmp-default-debuginfo-1.58_k3.11.10_21-13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-kmp-desktop-1.58_k3.11.10_21-13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-kmp-desktop-debuginfo-1.58_k3.11.10_21-13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-kmp-pae-1.58_k3.11.10_21-13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-kmp-pae-debuginfo-1.58_k3.11.10_21-13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-0.44-258.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-debuginfo-0.44-258.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-debugsource-0.44-258.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-kmp-default-0.44_k3.11.10_21-258.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-kmp-default-debuginfo-0.44_k3.11.10_21-258.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-kmp-desktop-0.44_k3.11.10_21-258.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-kmp-desktop-debuginfo-0.44_k3.11.10_21-258.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-kmp-pae-0.44_k3.11.10_21-258.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-kmp-pae-debuginfo-0.44_k3.11.10_21-258.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"python-virtualbox-4.2.18-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"python-virtualbox-debuginfo-4.2.18-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-debugsource-20130607-2.14.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-default-20130607_k3.11.10_21-2.14.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-default-debuginfo-20130607_k3.11.10_21-2.14.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-desktop-20130607_k3.11.10_21-2.14.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-desktop-debuginfo-20130607_k3.11.10_21-2.14.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-pae-20130607_k3.11.10_21-2.14.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-pae-debuginfo-20130607_k3.11.10_21-2.14.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-xen-20130607_k3.11.10_21-2.14.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-xen-debuginfo-20130607_k3.11.10_21-2.14.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-4.2.18-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-debuginfo-4.2.18-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-debugsource-4.2.18-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-devel-4.2.18-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-default-4.2.18_k3.11.10_21-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-default-debuginfo-4.2.18_k3.11.10_21-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-desktop-4.2.18_k3.11.10_21-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-desktop-debuginfo-4.2.18_k3.11.10_21-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-pae-4.2.18_k3.11.10_21-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-pae-debuginfo-4.2.18_k3.11.10_21-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-tools-4.2.18-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-tools-debuginfo-4.2.18-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-x11-4.2.18-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-x11-debuginfo-4.2.18-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-default-4.2.18_k3.11.10_21-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-default-debuginfo-4.2.18_k3.11.10_21-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-desktop-4.2.18_k3.11.10_21-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-desktop-debuginfo-4.2.18_k3.11.10_21-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-pae-4.2.18_k3.11.10_21-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-pae-debuginfo-4.2.18_k3.11.10_21-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-qt-4.2.18-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-qt-debuginfo-4.2.18-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-websrv-4.2.18-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-websrv-debuginfo-4.2.18-2.18.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-debugsource-4.3.2_01-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-devel-4.3.2_01-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-default-4.3.2_01_k3.11.10_21-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-default-debuginfo-4.3.2_01_k3.11.10_21-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-desktop-4.3.2_01_k3.11.10_21-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-desktop-debuginfo-4.3.2_01_k3.11.10_21-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-pae-4.3.2_01_k3.11.10_21-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-pae-debuginfo-4.3.2_01_k3.11.10_21-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-libs-4.3.2_01-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-libs-debuginfo-4.3.2_01-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-tools-domU-4.3.2_01-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-tools-domU-debuginfo-4.3.2_01-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-2.3-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-debuginfo-2.3-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-debugsource-2.3-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-default-2.3_k3.11.10_21-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-default-debuginfo-2.3_k3.11.10_21-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-desktop-2.3_k3.11.10_21-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-desktop-debuginfo-2.3_k3.11.10_21-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-pae-2.3_k3.11.10_21-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-pae-debuginfo-2.3_k3.11.10_21-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-xen-2.3_k3.11.10_21-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-xen-debuginfo-2.3_k3.11.10_21-2.13.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-base-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-base-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-debugsource-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-devel-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-devel-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-base-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-base-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-debugsource-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-devel-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-devel-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-base-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-base-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-debugsource-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-devel-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-devel-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-base-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-base-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-debugsource-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-devel-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-devel-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-base-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-base-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-debugsource-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-devel-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-devel-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-vanilla-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-vanilla-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-vanilla-debugsource-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-vanilla-devel-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-vanilla-devel-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-base-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-base-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-debugsource-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-devel-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-devel-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-base-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-base-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-debugsource-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-devel-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-devel-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-base-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-base-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-debugsource-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-devel-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-devel-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-base-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-base-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-debugsource-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-devel-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-devel-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-base-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-base-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-debugsource-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-devel-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-devel-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-base-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-base-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-debugsource-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-devel-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-devel-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-vanilla-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-vanilla-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-vanilla-debugsource-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-vanilla-devel-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-vanilla-devel-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-base-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-debugsource-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-devel-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-devel-debuginfo-3.11.10-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-4.3.2_01-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-doc-html-4.3.2_01-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-libs-32bit-4.3.2_01-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.3.2_01-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-tools-4.3.2_01-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-tools-debuginfo-4.3.2_01-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-xend-tools-4.3.2_01-21.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-xend-tools-debuginfo-4.3.2_01-21.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-3096.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id79735
    published2014-12-05
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79735
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3096)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from Oracle Linux
    # Security Advisory ELSA-2014-3096.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79735);
      script_version("1.19");
      script_cvs_date("Date: 2019/10/16 10:34:21");
    
      script_cve_id("CVE-2014-1739", "CVE-2014-3181", "CVE-2014-3184", "CVE-2014-3185", "CVE-2014-3535", "CVE-2014-3601", "CVE-2014-3611", "CVE-2014-3645", "CVE-2014-3646", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-4014", "CVE-2014-4171", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655");
      script_bugtraq_id(67988, 68048, 68157, 68162, 68164, 69489, 69721, 69768, 69779, 69781, 70743, 70745, 70746, 70766, 70883);
    
      script_name(english:"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3096)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote Oracle Linux host is missing a security update for
    the Unbreakable Enterprise kernel package(s)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-December/004685.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2014-December/004686.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected unbreakable enterprise kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-55.el6uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-55.el7uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/12/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6 / 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2014-1739", "CVE-2014-3181", "CVE-2014-3184", "CVE-2014-3185", "CVE-2014-3535", "CVE-2014-3601", "CVE-2014-3611", "CVE-2014-3645", "CVE-2014-3646", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-4014", "CVE-2014-4171", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2014-3096");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "3.8";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_check(release:"EL6", cpu:"x86_64", reference:"dtrace-modules-3.8.13-55.el6uek-0.4.3-4.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-3.8.13-55.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-3.8.13-55.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-devel-3.8.13-55.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-devel-3.8.13-55.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-doc-3.8.13-55.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-firmware-3.8.13-55.el6uek")) flag++;
    
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"dtrace-modules-3.8.13-55.el7uek-0.4.3-4.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-3.8.13-55.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-3.8.13-55.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-devel-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-devel-3.8.13-55.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-devel-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-devel-3.8.13-55.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-doc-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-doc-3.8.13-55.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-firmware-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-firmware-3.8.13-55.el7uek")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2289-1.NASL
    descriptionSasha Levin reported a flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id76568
    published2014-07-17
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76568
    titleUbuntu 13.10 : linux vulnerabilities (USN-2289-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-2289-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(76568);
      script_version("1.18");
      script_cvs_date("Date: 2019/09/19 12:54:30");
    
      script_cve_id("CVE-2014-0131", "CVE-2014-3917", "CVE-2014-4014", "CVE-2014-4608", "CVE-2014-4611", "CVE-2014-4943");
      script_bugtraq_id(66101, 67699, 67988, 68214, 68218, 68683);
      script_xref(name:"USN", value:"2289-1");
    
      script_name(english:"Ubuntu 13.10 : linux vulnerabilities (USN-2289-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Sasha Levin reported a flaw in the Linux kernel's point-to-point
    protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP).
    A local user could exploit this flaw to gain administrative
    privileges. (CVE-2014-4943)
    
    Michael S. Tsirkin discovered an information leak in the Linux
    kernel's segmentation of skbs when using the zerocopy feature of
    vhost-net. A local attacker could exploit this flaw to gain
    potentially sensitive information from kernel memory. (CVE-2014-0131)
    
    An flaw was discovered in the Linux kernel's audit subsystem when
    auditing certain syscalls. A local attacker could exploit this flaw to
    obtain potentially sensitive single-bit values from kernel memory or
    cause a denial of service (OOPS). (CVE-2014-3917)
    
    A flaw was discovered in the Linux kernel's implementation of user
    namespaces with respect to inode permissions. A local user could
    exploit this flaw by creating a user namespace to gain administrative
    privileges. (CVE-2014-4014)
    
    Don Bailey discovered a flaw in the LZO decompress algorithm used by
    the Linux kernel. An attacker could exploit this flaw to cause a
    denial of service (memory corruption or OOPS). (CVE-2014-4608)
    
    Don Bailey and Ludvig Strigeus discovered an integer overflow in the
    Linux kernel's implementation of the LZ4 decompression algorithm, when
    used by code not complying with API limitations. An attacker could
    exploit this flaw to cause a denial of service (memory corruption) or
    possibly other unspecified impact. (CVE-2014-4611).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/2289-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected linux-image-3.11-generic and / or
    linux-image-3.11-generic-lpae packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.11-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:13.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/24");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/07/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/07/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(13\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 13.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2014-0131", "CVE-2014-3917", "CVE-2014-4014", "CVE-2014-4608", "CVE-2014-4611", "CVE-2014-4943");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2289-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"13.10", pkgname:"linux-image-3.11.0-26-generic", pkgver:"3.11.0-26.45")) flag++;
    if (ubuntu_check(osver:"13.10", pkgname:"linux-image-3.11.0-26-generic-lpae", pkgver:"3.11.0-26.45")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.11-generic / linux-image-3.11-generic-lpae");
    }
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0004_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID. (CVE-2013-2888) - drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap- based out-of-bounds write) via a crafted device. (CVE-2013-2889) - drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap- based out-of-bounds write) via a crafted device. (CVE-2013-2892) - The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (CVE-2013-2930) - Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service (OOPS and system crash) via vectors involving powering on a virtual machine. (CVE-2013-4127) - The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. (CVE-2013-4162) - The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt option had been specified, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call. (CVE-2013-4163) - Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel through 3.11.1 allows local users to gain privileges by leveraging the CAP_NET_ADMIN capability and providing an invalid tuntap interface name in a TUNSETIFF ioctl call. (CVE-2013-4343) - The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation. (CVE-2013-4348) - The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network. (CVE-2013-4350) - net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet. (CVE-2013-4387) - The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline. (CVE-2013-4563) - The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. (CVE-2013-4579) - Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (CVE-2013-4587) - The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (CVE-2013-6367) - The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (CVE-2013-6368) - The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (CVE-2013-6376) - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (CVE-2013-6378) - The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (CVE-2013-6380) - Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. (CVE-2013-6382) - Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted application that uses shmctl IPC_RMID operations in conjunction with other shm system calls. (CVE-2013-7026) - The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does not ensure that a certain length value is consistent with the size of an associated data structure, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (CVE-2013-7266) - The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (CVE-2013-7267) - The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (CVE-2013-7268) - The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (CVE-2013-7269) - The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (CVE-2013-7270) - The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call. (CVE-2013-7271) - Buffer overflow in the complete_emulated_mmio function in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6 allows guest OS users to execute arbitrary code on the host OS by leveraging a loop that triggers an invalid memory copy affecting certain cancel_work_item data. (CVE-2014-0049) - The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors. (CVE-2014-0055) - The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. (CVE-2014-0069) - drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions. (CVE-2014-0077) - Race condition in the inet_frag_intern function in net/ipv4/inet_fragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service (use-after-free error) or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system with a heavy CPU load. (CVE-2014-0100) - A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system. (CVE-2014-0101) - The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands. (CVE-2014-0102) - Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. (CVE-2014-0131) - The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced. (CVE-2014-0155) - The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application. (CVE-2014-1438) - The help function in net/netfilter/nf_nat_irc.c in the Linux kernel before 3.12.8 allows remote attackers to obtain sensitive information from kernel memory by establishing an IRC DCC session in which incorrect packet data is transmitted during use of the NAT mangle feature. (CVE-2014-1690) - The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets. (CVE-2014-2309) - net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function. (CVE-2014-2523) - It was found that the try_to_unmap_cluster() function in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id127146
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127146
    titleNewStart CGSL MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0004)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from ZTE advisory NS-SA-2019-0004. The text
    # itself is copyright (C) ZTE, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(127146);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/24 11:01:33");
    
      script_cve_id(
        "CVE-2013-2888",
        "CVE-2013-2889",
        "CVE-2013-2892",
        "CVE-2013-2930",
        "CVE-2013-4127",
        "CVE-2013-4162",
        "CVE-2013-4163",
        "CVE-2013-4343",
        "CVE-2013-4348",
        "CVE-2013-4350",
        "CVE-2013-4387",
        "CVE-2013-4563",
        "CVE-2013-4579",
        "CVE-2013-4587",
        "CVE-2013-6367",
        "CVE-2013-6368",
        "CVE-2013-6376",
        "CVE-2013-6378",
        "CVE-2013-6380",
        "CVE-2013-6382",
        "CVE-2013-7026",
        "CVE-2013-7266",
        "CVE-2013-7267",
        "CVE-2013-7268",
        "CVE-2013-7269",
        "CVE-2013-7270",
        "CVE-2013-7271",
        "CVE-2014-0049",
        "CVE-2014-0055",
        "CVE-2014-0069",
        "CVE-2014-0077",
        "CVE-2014-0100",
        "CVE-2014-0101",
        "CVE-2014-0102",
        "CVE-2014-0131",
        "CVE-2014-0155",
        "CVE-2014-1438",
        "CVE-2014-1690",
        "CVE-2014-2309",
        "CVE-2014-2523",
        "CVE-2014-3122",
        "CVE-2014-3601",
        "CVE-2014-3610",
        "CVE-2014-4014",
        "CVE-2014-6416",
        "CVE-2014-8480",
        "CVE-2014-8989",
        "CVE-2015-2041",
        "CVE-2015-2042",
        "CVE-2015-7550",
        "CVE-2016-3713",
        "CVE-2016-8399",
        "CVE-2017-6353",
        "CVE-2017-7184",
        "CVE-2017-7541",
        "CVE-2017-7542",
        "CVE-2017-7558",
        "CVE-2017-11176",
        "CVE-2017-14106",
        "CVE-2017-1000111",
        "CVE-2017-1000112"
      );
    
      script_name(english:"NewStart CGSL MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0004)");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote machine is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The remote NewStart CGSL host, running version MAIN 5.04, has kernel packages installed that are affected by multiple
    vulnerabilities:
    
      - Multiple array index errors in drivers/hid/hid-core.c in
        the Human Interface Device (HID) subsystem in the Linux
        kernel through 3.11 allow physically proximate attackers
        to execute arbitrary code or cause a denial of service
        (heap memory corruption) via a crafted device that
        provides an invalid Report ID. (CVE-2013-2888)
    
      - drivers/hid/hid-zpff.c in the Human Interface Device
        (HID) subsystem in the Linux kernel through 3.11, when
        CONFIG_HID_ZEROPLUS is enabled, allows physically
        proximate attackers to cause a denial of service (heap-
        based out-of-bounds write) via a crafted device.
        (CVE-2013-2889)
    
      - drivers/hid/hid-pl.c in the Human Interface Device (HID)
        subsystem in the Linux kernel through 3.11, when
        CONFIG_HID_PANTHERLORD is enabled, allows physically
        proximate attackers to cause a denial of service (heap-
        based out-of-bounds write) via a crafted device.
        (CVE-2013-2892)
    
      - The perf_trace_event_perm function in
        kernel/trace/trace_event_perf.c in the Linux kernel
        before 3.12.2 does not properly restrict access to the
        perf subsystem, which allows local users to enable
        function tracing via a crafted application.
        (CVE-2013-2930)
    
      - Use-after-free vulnerability in the
        vhost_net_set_backend function in drivers/vhost/net.c in
        the Linux kernel through 3.10.3 allows local users to
        cause a denial of service (OOPS and system crash) via
        vectors involving powering on a virtual machine.
        (CVE-2013-4127)
    
      - The udp_v6_push_pending_frames function in
        net/ipv6/udp.c in the IPv6 implementation in the Linux
        kernel through 3.10.3 makes an incorrect function call
        for pending data, which allows local users to cause a
        denial of service (BUG and system crash) via a crafted
        application that uses the UDP_CORK option in a
        setsockopt system call. (CVE-2013-4162)
    
      - The ip6_append_data_mtu function in
        net/ipv6/ip6_output.c in the IPv6 implementation in the
        Linux kernel through 3.10.3 does not properly maintain
        information about whether the IPV6_MTU setsockopt option
        had been specified, which allows local users to cause a
        denial of service (BUG and system crash) via a crafted
        application that uses the UDP_CORK option in a
        setsockopt system call. (CVE-2013-4163)
    
      - Use-after-free vulnerability in drivers/net/tun.c in the
        Linux kernel through 3.11.1 allows local users to gain
        privileges by leveraging the CAP_NET_ADMIN capability
        and providing an invalid tuntap interface name in a
        TUNSETIFF ioctl call. (CVE-2013-4343)
    
      - The skb_flow_dissect function in
        net/core/flow_dissector.c in the Linux kernel through
        3.12 allows remote attackers to cause a denial of
        service (infinite loop) via a small value in the IHL
        field of a packet with IPIP encapsulation.
        (CVE-2013-4348)
    
      - The IPv6 SCTP implementation in net/sctp/ipv6.c in the
        Linux kernel through 3.11.1 uses data structures and
        function calls that do not trigger an intended
        configuration of IPsec encryption, which allows remote
        attackers to obtain sensitive information by sniffing
        the network. (CVE-2013-4350)
    
      - net/ipv6/ip6_output.c in the Linux kernel through 3.11.4
        does not properly determine the need for UDP
        Fragmentation Offload (UFO) processing of small packets
        after the UFO queueing of a large packet, which allows
        remote attackers to cause a denial of service (memory
        corruption and system crash) or possibly have
        unspecified other impact via network traffic that
        triggers a large response packet. (CVE-2013-4387)
    
      - The udp6_ufo_fragment function in net/ipv6/udp_offload.c
        in the Linux kernel through 3.12, when UDP Fragmentation
        Offload (UFO) is enabled, does not properly perform a
        certain size comparison before inserting a fragment
        header, which allows remote attackers to cause a denial
        of service (panic) via a large IPv6 UDP packet, as
        demonstrated by use of the Token Bucket Filter (TBF)
        queueing discipline. (CVE-2013-4563)
    
      - The ath9k_htc_set_bssid_mask function in
        drivers/net/wireless/ath/ath9k/htc_drv_main.c in the
        Linux kernel through 3.12 uses a BSSID masking approach
        to determine the set of MAC addresses on which a Wi-Fi
        device is listening, which allows remote attackers to
        discover the original MAC address after spoofing by
        sending a series of packets to MAC addresses with
        certain bit manipulations. (CVE-2013-4579)
    
      - Array index error in the kvm_vm_ioctl_create_vcpu
        function in virt/kvm/kvm_main.c in the KVM subsystem in
        the Linux kernel through 3.12.5 allows local users to
        gain privileges via a large id value. (CVE-2013-4587)
    
      - The apic_get_tmcct function in arch/x86/kvm/lapic.c in
        the KVM subsystem in the Linux kernel through 3.12.5
        allows guest OS users to cause a denial of service
        (divide-by-zero error and host OS crash) via crafted
        modifications of the TMICT value. (CVE-2013-6367)
    
      - The KVM subsystem in the Linux kernel through 3.12.5
        allows local users to gain privileges or cause a denial
        of service (system crash) via a VAPIC synchronization
        operation involving a page-end address. (CVE-2013-6368)
    
      - The recalculate_apic_map function in
        arch/x86/kvm/lapic.c in the KVM subsystem in the Linux
        kernel through 3.12.5 allows guest OS users to cause a
        denial of service (host OS crash) via a crafted ICR
        write operation in x2apic mode. (CVE-2013-6376)
    
      - The lbs_debugfs_write function in
        drivers/net/wireless/libertas/debugfs.c in the Linux
        kernel through 3.12.1 allows local users to cause a
        denial of service (OOPS) by leveraging root privileges
        for a zero-length write operation. (CVE-2013-6378)
    
      - The aac_send_raw_srb function in
        drivers/scsi/aacraid/commctrl.c in the Linux kernel
        through 3.12.1 does not properly validate a certain size
        value, which allows local users to cause a denial of
        service (invalid pointer dereference) or possibly have
        unspecified other impact via an FSACTL_SEND_RAW_SRB
        ioctl call that triggers a crafted SRB command.
        (CVE-2013-6380)
    
      - Multiple buffer underflows in the XFS implementation in
        the Linux kernel through 3.12.1 allow local users to
        cause a denial of service (memory corruption) or
        possibly have unspecified other impact by leveraging the
        CAP_SYS_ADMIN capability for a (1)
        XFS_IOC_ATTRLIST_BY_HANDLE or (2)
        XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted
        length value, related to the xfs_attrlist_by_handle
        function in fs/xfs/xfs_ioctl.c and the
        xfs_compat_attrlist_by_handle function in
        fs/xfs/xfs_ioctl32.c. (CVE-2013-6382)
    
      - Multiple race conditions in ipc/shm.c in the Linux
        kernel before 3.12.2 allow local users to cause a denial
        of service (use-after-free and system crash) or possibly
        have unspecified other impact via a crafted application
        that uses shmctl IPC_RMID operations in conjunction with
        other shm system calls. (CVE-2013-7026)
    
      - The mISDN_sock_recvmsg function in
        drivers/isdn/mISDN/socket.c in the Linux kernel before
        3.12.4 does not ensure that a certain length value is
        consistent with the size of an associated data
        structure, which allows local users to obtain sensitive
        information from kernel memory via a (1) recvfrom, (2)
        recvmmsg, or (3) recvmsg system call. (CVE-2013-7266)
    
      - The atalk_recvmsg function in net/appletalk/ddp.c in the
        Linux kernel before 3.12.4 updates a certain length
        value without ensuring that an associated data structure
        has been initialized, which allows local users to obtain
        sensitive information from kernel memory via a (1)
        recvfrom, (2) recvmmsg, or (3) recvmsg system call.
        (CVE-2013-7267)
    
      - The ipx_recvmsg function in net/ipx/af_ipx.c in the
        Linux kernel before 3.12.4 updates a certain length
        value without ensuring that an associated data structure
        has been initialized, which allows local users to obtain
        sensitive information from kernel memory via a (1)
        recvfrom, (2) recvmmsg, or (3) recvmsg system call.
        (CVE-2013-7268)
    
      - The nr_recvmsg function in net/netrom/af_netrom.c in the
        Linux kernel before 3.12.4 updates a certain length
        value without ensuring that an associated data structure
        has been initialized, which allows local users to obtain
        sensitive information from kernel memory via a (1)
        recvfrom, (2) recvmmsg, or (3) recvmsg system call.
        (CVE-2013-7269)
    
      - The packet_recvmsg function in net/packet/af_packet.c in
        the Linux kernel before 3.12.4 updates a certain length
        value before ensuring that an associated data structure
        has been initialized, which allows local users to obtain
        sensitive information from kernel memory via a (1)
        recvfrom, (2) recvmmsg, or (3) recvmsg system call.
        (CVE-2013-7270)
    
      - The x25_recvmsg function in net/x25/af_x25.c in the
        Linux kernel before 3.12.4 updates a certain length
        value without ensuring that an associated data structure
        has been initialized, which allows local users to obtain
        sensitive information from kernel memory via a (1)
        recvfrom, (2) recvmmsg, or (3) recvmsg system call.
        (CVE-2013-7271)
    
      - Buffer overflow in the complete_emulated_mmio function
        in arch/x86/kvm/x86.c in the Linux kernel before 3.13.6
        allows guest OS users to execute arbitrary code on the
        host OS by leveraging a loop that triggers an invalid
        memory copy affecting certain cancel_work_item data.
        (CVE-2014-0049)
    
      - The get_rx_bufs function in drivers/vhost/net.c in the
        vhost-net subsystem in the Linux kernel package before
        2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6
        does not properly handle vhost_get_vq_desc errors, which
        allows guest OS users to cause a denial of service (host
        OS crash) via unspecified vectors. (CVE-2014-0055)
    
      - The cifs_iovec_write function in fs/cifs/file.c in the
        Linux kernel through 3.13.5 does not properly handle
        uncached write operations that copy fewer than the
        requested number of bytes, which allows local users to
        obtain sensitive information from kernel memory, cause a
        denial of service (memory corruption and system crash),
        or possibly gain privileges via a writev system call
        with a crafted pointer. (CVE-2014-0069)
    
      - drivers/vhost/net.c in the Linux kernel before 3.13.10,
        when mergeable buffers are disabled, does not properly
        validate packet lengths, which allows guest OS users to
        cause a denial of service (memory corruption and host OS
        crash) or possibly gain privileges on the host OS via
        crafted packets, related to the handle_rx and
        get_rx_bufs functions. (CVE-2014-0077)
    
      - Race condition in the inet_frag_intern function in
        net/ipv4/inet_fragment.c in the Linux kernel through
        3.13.6 allows remote attackers to cause a denial of
        service (use-after-free error) or possibly have
        unspecified other impact via a large series of
        fragmented ICMP Echo Request packets to a system with a
        heavy CPU load. (CVE-2014-0100)
    
      - A flaw was found in the way the Linux kernel processed
        an authenticated COOKIE_ECHO chunk during the
        initialization of an SCTP connection. A remote attacker
        could use this flaw to crash the system by initiating a
        specially crafted SCTP handshake in order to trigger a
        NULL pointer dereference on the system. (CVE-2014-0101)
    
      - The keyring_detect_cycle_iterator function in
        security/keys/keyring.c in the Linux kernel through
        3.13.6 does not properly determine whether keyrings are
        identical, which allows local users to cause a denial of
        service (OOPS) via crafted keyctl commands.
        (CVE-2014-0102)
    
      - Use-after-free vulnerability in the skb_segment function
        in net/core/skbuff.c in the Linux kernel through 3.13.6
        allows attackers to obtain sensitive information from
        kernel memory by leveraging the absence of a certain
        orphaning operation. (CVE-2014-0131)
    
      - The ioapic_deliver function in virt/kvm/ioapic.c in the
        Linux kernel through 3.14.1 does not properly validate
        the kvm_irq_delivery_to_apic return value, which allows
        guest OS users to cause a denial of service (host OS
        crash) via a crafted entry in the redirection table of
        an I/O APIC. NOTE: the affected code was moved to the
        ioapic_service function before the vulnerability was
        announced. (CVE-2014-0155)
    
      - The restore_fpu_checking function in
        arch/x86/include/asm/fpu-internal.h in the Linux kernel
        before 3.12.8 on the AMD K7 and K8 platforms does not
        clear pending exceptions before proceeding to an EMMS
        instruction, which allows local users to cause a denial
        of service (task kill) or possibly gain privileges via a
        crafted application. (CVE-2014-1438)
    
      - The help function in net/netfilter/nf_nat_irc.c in the
        Linux kernel before 3.12.8 allows remote attackers to
        obtain sensitive information from kernel memory by
        establishing an IRC DCC session in which incorrect
        packet data is transmitted during use of the NAT mangle
        feature. (CVE-2014-1690)
    
      - The ip6_route_add function in net/ipv6/route.c in the
        Linux kernel through 3.13.6 does not properly count the
        addition of routes, which allows remote attackers to
        cause a denial of service (memory consumption) via a
        flood of ICMPv6 Router Advertisement packets.
        (CVE-2014-2309)
    
      - net/netfilter/nf_conntrack_proto_dccp.c in the Linux
        kernel through 3.13.6 uses a DCCP header pointer
        incorrectly, which allows remote attackers to cause a
        denial of service (system crash) or possibly execute
        arbitrary code via a DCCP packet that triggers a call to
        the (1) dccp_new, (2) dccp_packet, or (3) dccp_error
        function. (CVE-2014-2523)
    
      - It was found that the try_to_unmap_cluster() function in
        the Linux kernel's Memory Managment subsystem did not
        properly handle page locking in certain cases, which
        could potentially trigger the BUG_ON() macro in the
        mlock_vma_page() function. A local, unprivileged user
        could use this flaw to crash the system. (CVE-2014-3122)
    
      - A flaw was found in the way the Linux kernel's
        kvm_iommu_map_pages() function handled IOMMU mapping
        failures. A privileged user in a guest with an assigned
        host device could use this flaw to crash the host.
        (CVE-2014-3601)
    
      - It was found that KVM's Write to Model Specific Register
        (WRMSR) instruction emulation would write non-canonical
        values passed in by the guest to certain MSRs in the
        host's context. A privileged guest user could use this
        flaw to crash the host. (CVE-2014-3610)
    
      - The capabilities implementation in the Linux kernel
        before 3.14.8 does not properly consider that namespaces
        are inapplicable to inodes, which allows local users to
        bypass intended chmod restrictions by first creating a
        user namespace, as demonstrated by setting the setgid
        bit on a file with group ownership of root.
        (CVE-2014-4014)
    
      - Buffer overflow in net/ceph/auth_x.c in Ceph, as used in
        the Linux kernel before 3.16.3, allows remote attackers
        to cause a denial of service (memory corruption and
        panic) or possibly have unspecified other impact via a
        long unencrypted auth ticket. (CVE-2014-6416)
    
      - The instruction decoder in arch/x86/kvm/emulate.c in the
        KVM subsystem in the Linux kernel before 3.18-rc2 lacks
        intended decoder-table flags for certain RIP-relative
        instructions, which allows guest OS users to cause a
        denial of service (NULL pointer dereference and host OS
        crash) via a crafted application. (CVE-2014-8480)
    
      - The Linux kernel through 3.17.4 does not properly
        restrict dropping of supplemental group memberships in
        certain namespace scenarios, which allows local users to
        bypass intended file permissions by leveraging a POSIX
        ACL containing an entry for the group category that is
        more restrictive than the entry for the other category,
        aka a negative groups issue, related to
        kernel/groups.c, kernel/uid16.c, and
        kernel/user_namespace.c. (CVE-2014-8989)
    
      - net/llc/sysctl_net_llc.c in the Linux kernel before 3.19
        uses an incorrect data type in a sysctl table, which
        allows local users to obtain potentially sensitive
        information from kernel memory or possibly have
        unspecified other impact by accessing a sysctl entry.
        (CVE-2015-2041)
    
      - net/rds/sysctl.c in the Linux kernel before 3.19 uses an
        incorrect data type in a sysctl table, which allows
        local users to obtain potentially sensitive information
        from kernel memory or possibly have unspecified other
        impact by accessing a sysctl entry. (CVE-2015-2042)
    
      - A NULL-pointer dereference flaw was found in the kernel,
        which is caused by a race between revoking a user-type
        key and reading from it. The issue could be triggered by
        an unprivileged user with a local account, causing the
        kernel to crash (denial of service). (CVE-2015-7550)
    
      - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in
        the Linux kernel before 4.6.1 supports MSR 0x2f8, which
        allows guest OS users to read or write to the
        kvm_arch_vcpu data structure, and consequently obtain
        sensitive information or cause a denial of service
        (system crash), via a crafted ioctl call.
        (CVE-2016-3713)
    
      - A flaw was found in the Linux networking subsystem where
        a local attacker with CAP_NET_ADMIN capabilities could
        cause an out-of-bounds memory access by creating a
        smaller-than-expected ICMP header and sending to its
        destination via sendto(). (CVE-2016-8399)
    
      - A race condition issue was found in the way the raw
        packet socket implementation in the Linux kernel
        networking subsystem handled synchronization. A local
        user able to open a raw packet socket (requires the
        CAP_NET_RAW capability) could use this to waste
        resources in the kernel's ring buffer or possibly cause
        an out-of-bounds read on the heap leading to a system
        crash. (CVE-2017-1000111)
    
      - An exploitable memory corruption flaw was found in the
        Linux kernel. The append path can be erroneously
        switched from UFO to non-UFO in ip_ufo_append_data()
        when building an UFO packet with MSG_MORE option. If
        unprivileged user namespaces are available, this flaw
        can be exploited to gain root privileges.
        (CVE-2017-1000112)
    
      - A use-after-free flaw was found in the Netlink
        functionality of the Linux kernel networking subsystem.
        Due to the insufficient cleanup in the mq_notify
        function, a local attacker could potentially use this
        flaw to escalate their privileges on the system.
        (CVE-2017-11176)
    
      - A divide-by-zero vulnerability was found in the
        __tcp_select_window function in the Linux kernel. This
        can result in a kernel panic causing a local denial of
        service. (CVE-2017-14106)
    
      - It was found that the code in net/sctp/socket.c in the
        Linux kernel through 4.10.1 does not properly restrict
        association peel-off operations during certain wait
        states, which allows local users to cause a denial of
        service (invalid unlock and double free) via a
        multithreaded application. This vulnerability was
        introduced by CVE-2017-5986 fix (commit 2dcab5984841).
        (CVE-2017-6353)
    
      - Out-of-bounds kernel heap access vulnerability was found
        in xfrm, kernel's IP framework for transforming packets.
        An error dealing with netlink messages from an
        unprivileged user leads to arbitrary read/write and
        privilege escalation. (CVE-2017-7184)
    
      - Kernel memory corruption due to a buffer overflow was
        found in brcmf_cfg80211_mgmt_tx() function in Linux
        kernels from v3.9-rc1 to v4.13-rc1. The vulnerability
        can be triggered by sending a crafted NL80211_CMD_FRAME
        packet via netlink. This flaw is unlikely to be
        triggered remotely as certain userspace code is needed
        for this. An unprivileged local user could use this flaw
        to induce kernel memory corruption on the system,
        leading to a crash. Due to the nature of the flaw,
        privilege escalation cannot be fully ruled out, although
        it is unlikely. (CVE-2017-7541)
    
      - An integer overflow vulnerability in
        ip6_find_1stfragopt() function was found. A local
        attacker that has privileges (of CAP_NET_RAW) to open
        raw socket can cause an infinite loop inside the
        ip6_find_1stfragopt() function. (CVE-2017-7542)
    
      - A kernel data leak due to an out-of-bound read was found
        in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill()
        and sctp_get_sctp_info() functions present since version
        4.7-rc1 through version 4.13. A data leak happens when
        these functions fill in sockaddr data structures used to
        export socket's diagnostic information. As a result, up
        to 100 bytes of the slab data could be leaked to a
        userspace. (CVE-2017-7558)
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2019-0004");
      script_set_attribute(attribute:"solution", value:
    "Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for
    more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-2523");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"NewStart CGSL Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/ZTE-CGSL/release");
    if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
    
    if (release !~ "CGSL MAIN 5.04")
      audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 5.04');
    
    if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
    
    flag = 0;
    
    pkgs = {
      "CGSL MAIN 5.04": [
        "kernel-3.10.0-693.5.2.el7.cgsl2058",
        "kernel-abi-whitelists-3.10.0-693.5.2.el7.cgsl2058",
        "kernel-debug-3.10.0-693.5.2.el7.cgsl2058",
        "kernel-debug-debuginfo-3.10.0-693.5.2.el7.cgsl2058",
        "kernel-debug-devel-3.10.0-693.5.2.el7.cgsl2058",
        "kernel-debuginfo-3.10.0-693.5.2.el7.cgsl2058",
        "kernel-debuginfo-common-x86_64-3.10.0-693.5.2.el7.cgsl2058",
        "kernel-devel-3.10.0-693.5.2.el7.cgsl2058",
        "kernel-doc-3.10.0-693.5.2.el7.cgsl2058",
        "kernel-headers-3.10.0-693.5.2.el7.cgsl2058",
        "kernel-tools-3.10.0-693.5.2.el7.cgsl2058",
        "kernel-tools-debuginfo-3.10.0-693.5.2.el7.cgsl2058",
        "kernel-tools-libs-3.10.0-693.5.2.el7.cgsl2058",
        "kernel-tools-libs-devel-3.10.0-693.5.2.el7.cgsl2058",
        "perf-3.10.0-693.5.2.el7.cgsl2058",
        "perf-debuginfo-3.10.0-693.5.2.el7.cgsl2058",
        "python-perf-3.10.0-693.5.2.el7.cgsl2058",
        "python-perf-debuginfo-3.10.0-693.5.2.el7.cgsl2058"
      ]
    };
    pkg_list = pkgs[release];
    
    foreach (pkg in pkg_list)
      if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1480.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id124804
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124804
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1480)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124804);
      script_version("1.5");
      script_cvs_date("Date: 2020/01/17");
    
      script_cve_id(
        "CVE-2014-3153",
        "CVE-2014-3181",
        "CVE-2014-3182",
        "CVE-2014-3184",
        "CVE-2014-3185",
        "CVE-2014-3534",
        "CVE-2014-3601",
        "CVE-2014-3610",
        "CVE-2014-3611",
        "CVE-2014-3631",
        "CVE-2014-3645",
        "CVE-2014-3646",
        "CVE-2014-3647",
        "CVE-2014-3673",
        "CVE-2014-3687",
        "CVE-2014-3688",
        "CVE-2014-3690",
        "CVE-2014-3917",
        "CVE-2014-3940",
        "CVE-2014-4014",
        "CVE-2014-4027"
      );
      script_bugtraq_id(
        67699,
        67786,
        67906,
        67985,
        67988,
        68159,
        68940,
        69489,
        69768,
        69770,
        69779,
        69781,
        70095,
        70691,
        70742,
        70743,
        70745,
        70746,
        70748,
        70766,
        70768,
        70883
      );
    
      script_name(english:"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1480)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization installation on the remote host is affected by
    the following vulnerabilities :
    
      - A flaw was found in the way the Linux kernel's futex
        subsystem handled the requeuing of certain Priority
        Inheritance (PI) futexes. A local, unprivileged user
        could use this flaw to escalate their privileges on the
        system.(CVE-2014-3153)
    
      - An out-of-bounds write flaw was found in the way the
        Apple Magic Mouse/Trackpad multi-touch driver handled
        Human Interface Device (HID) reports with an invalid
        size. An attacker with physical access to the system
        could use this flaw to crash the system or,
        potentially, escalate their privileges on the
        system.(CVE-2014-3181)
    
      - An out-of-bounds read flaw was found in the way the
        Logitech Unifying receiver driver handled HID reports
        with an invalid device_index value. An attacker with
        physical access to the system could use this flaw to
        crash the system or, potentially, escalate their
        privileges on the system.(CVE-2014-3182)
    
      - Multiple out-of-bounds write flaws were found in the
        way the Cherry Cymotion keyboard driver, KYE/Genius
        device drivers, Logitech device drivers, Monterey
        Genius KB29E keyboard driver, Petalynx Maxter remote
        control driver, and Sunplus wireless desktop driver
        handled HID reports with an invalid report descriptor
        size. An attacker with physical access to the system
        could use either of these flaws to write data past an
        allocated memory buffer.(CVE-2014-3184)
    
      - A memory corruption flaw was found in the way the USB
        ConnectTech WhiteHEAT serial driver processed
        completion commands sent via USB Request Blocks
        buffers. An attacker with physical access to the system
        could use this flaw to crash the system or,
        potentially, escalate their privileges on the
        system.(CVE-2014-3185)
    
      - It was found that Linux kernel's ptrace subsystem did
        not properly sanitize the address-space-control bits
        when the program-status word (PSW) was being set. On
        IBM S/390 systems, a local, unprivileged user could use
        this flaw to set address-space-control bits to the
        kernel space, and thus gain read and write access to
        kernel memory.(CVE-2014-3534)
    
      - A flaw was found in the way the Linux kernel's
        kvm_iommu_map_pages() function handled IOMMU mapping
        failures. A privileged user in a guest with an assigned
        host device could use this flaw to crash the
        host.(CVE-2014-3601)
    
      - It was found that KVM's Write to Model Specific
        Register (WRMSR) instruction emulation would write
        non-canonical values passed in by the guest to certain
        MSRs in the host's context. A privileged guest user
        could use this flaw to crash the host.(CVE-2014-3610)
    
      - A race condition flaw was found in the way the Linux
        kernel's KVM subsystem handled PIT (Programmable
        Interval Timer) emulation. A guest user who has access
        to the PIT I/O ports could use this flaw to crash the
        host.(CVE-2014-3611)
    
      - A flaw was found in the way the Linux kernel's keys
        subsystem handled the termination condition in the
        associative array garbage collection functionality. A
        local, unprivileged user could use this flaw to crash
        the system.(CVE-2014-3631)
    
      - It was found that the Linux kernel's KVM subsystem did
        not handle the VM exits gracefully for the invept
        (Invalidate Translations Derived from EPT)
        instructions. On hosts with an Intel processor and
        invept VM exit support, an unprivileged guest user
        could use these instructions to crash the
        guest.(CVE-2014-3645)
    
      - It was found that the Linux kernel's KVM subsystem did
        not handle the VM exits gracefully for the invvpid
        (Invalidate Translations Based on VPID) instructions.
        On hosts with an Intel processor and invppid VM exit
        support, an unprivileged guest user could use these
        instructions to crash the guest.(CVE-2014-3646)
    
      - A flaw was found in the way the Linux kernel's KVM
        subsystem handled non-canonical addresses when
        emulating instructions that change the RIP (for
        example, branches or calls). A guest user with access
        to an I/O or MMIO region could use this flaw to crash
        the guest.(CVE-2014-3647)
    
      - A flaw was found in the way the Linux kernel's Stream
        Control Transmission Protocol (SCTP) implementation
        handled malformed Address Configuration Change Chunks
        (ASCONF). A remote attacker could use either of these
        flaws to crash the system.(CVE-2014-3673)
    
      - A flaw was found in the way the Linux kernel's Stream
        Control Transmission Protocol (SCTP) implementation
        handled duplicate Address Configuration Change Chunks
        (ASCONF). A remote attacker could use either of these
        flaws to crash the system.(CVE-2014-3687)
    
      - A flaw was found in the way the Linux kernel's Stream
        Control Transmission Protocol (SCTP) implementation
        handled the association's output queue. A remote
        attacker could send specially crafted packets that
        would cause the system to use an excessive amount of
        memory, leading to a denial of service.(CVE-2014-3688)
    
      - It was found that the Linux kernel's KVM implementation
        did not ensure that the host CR4 control register value
        remained unchanged across VM entries on the same
        virtual CPU. A local, unprivileged user could use this
        flaw to cause a denial of service on the
        system.(CVE-2014-3690)
    
      - An out-of-bounds memory access flaw was found in the
        Linux kernel's system call auditing implementation. On
        a system with existing audit rules defined, a local,
        unprivileged user could use this flaw to leak kernel
        memory to user space or, potentially, crash the
        system.(CVE-2014-3917)
    
      - A flaw was found in the way Linux kernel's Transparent
        Huge Pages (THP) implementation handled non-huge page
        migration. A local, unprivileged user could use this
        flaw to crash the kernel by migrating transparent
        hugepages.(CVE-2014-3940)
    
      - The capabilities implementation in the Linux kernel
        before 3.14.8 does not properly consider that
        namespaces are inapplicable to inodes, which allows
        local users to bypass intended chmod restrictions by
        first creating a user namespace, as demonstrated by
        setting the setgid bit on a file with group ownership
        of root.(CVE-2014-4014)
    
      - An information leak flaw was found in the RAM Disks
        Memory Copy (rd_mcp) backend driver of the iSCSI Target
        subsystem of the Linux kernel. A privileged user could
        use this flaw to leak the contents of kernel memory to
        an iSCSI initiator remote client.(CVE-2014-4027)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1480
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fae85682");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3631");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Android Towelroot Futex Requeue Kernel Exploit');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/13");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-3.10.0-862.14.1.6_42",
            "kernel-devel-3.10.0-862.14.1.6_42",
            "kernel-headers-3.10.0-862.14.1.6_42",
            "kernel-tools-3.10.0-862.14.1.6_42",
            "kernel-tools-libs-3.10.0-862.14.1.6_42",
            "kernel-tools-libs-devel-3.10.0-862.14.1.6_42",
            "perf-3.10.0-862.14.1.6_42",
            "python-perf-3.10.0-862.14.1.6_42"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1471.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.(CVE-2013-2889i1/4%0 - The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.(CVE-2014-4014i1/4%0 - The function drivers/usb/core/config.c in the Linux kernel, allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.(CVE-2017-16531i1/4%0 - The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call.(CVE-2016-2545i1/4%0 - A flaw was found in the Linux kernel where the deletion of a file or directory could trigger an unmount and reveal data under a mount point. This flaw was inadvertently introduced with the new feature of being able to lazily unmount a mount tree when using file system user namespaces.(CVE-2015-4176i1/4%0 - The do_shmat function in ipc/shm.c in the Linux kernel, through 4.9.12, does not restrict the address calculated by a certain rounding operation. This allows privileged local users to map page zero and, consequently, bypass a protection mechanism that exists for the mmap system call. This is possible by making crafted shmget and shmat system calls in a privileged context.(CVE-2017-5669i1/4%0 - In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel, before 4.13, local users can cause a denial of service (use-after-free and BUG) or possibly have unspecified other impact by leveraging differences in skb handling between hns_nic_net_xmit_hw and hns_nic_net_xmit.(CVE-2017-18218i1/4%0 - The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced.(CVE-2014-0155i1/4%0 - A flaw was found in the way the Linux kernel
    last seen2020-03-19
    modified2019-05-13
    plugin id124795
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124795
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1471)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124795);
      script_version("1.24");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");
    
      script_cve_id(
        "CVE-2013-2889",
        "CVE-2013-4345",
        "CVE-2013-7421",
        "CVE-2014-0155",
        "CVE-2014-3122",
        "CVE-2014-4014",
        "CVE-2015-3332",
        "CVE-2015-4176",
        "CVE-2016-2184",
        "CVE-2016-2545",
        "CVE-2016-2546",
        "CVE-2017-14340",
        "CVE-2017-16531",
        "CVE-2017-18218",
        "CVE-2017-18360",
        "CVE-2017-5669",
        "CVE-2018-10675",
        "CVE-2018-11232",
        "CVE-2018-18710",
        "CVE-2018-7480"
      );
      script_bugtraq_id(
        62042,
        62740,
        66688,
        67162,
        67988,
        72322,
        74232
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1471)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization for ARM 64 installation on the remote host is
    affected by the following vulnerabilities :
    
      - drivers/hid/hid-zpff.c in the Human Interface Device
        (HID) subsystem in the Linux kernel through 3.11, when
        CONFIG_HID_ZEROPLUS is enabled, allows physically
        proximate attackers to cause a denial of service
        (heap-based out-of-bounds write) via a crafted
        device.(CVE-2013-2889i1/4%0
    
      - The capabilities implementation in the Linux kernel
        before 3.14.8 does not properly consider that
        namespaces are inapplicable to inodes, which allows
        local users to bypass intended chmod restrictions by
        first creating a user namespace, as demonstrated by
        setting the setgid bit on a file with group ownership
        of root.(CVE-2014-4014i1/4%0
    
      - The function drivers/usb/core/config.c in the Linux
        kernel, allows local users to cause a denial of service
        (out-of-bounds read and system crash) or possibly have
        unspecified other impact via a crafted USB device,
        related to the USB_DT_INTERFACE_ASSOCIATION
        descriptor.(CVE-2017-16531i1/4%0
    
      - The snd_timer_interrupt function in sound/core/timer.c
        in the Linux kernel before 4.4.1 does not properly
        maintain a certain linked list, which allows local
        users to cause a denial of service (race condition and
        system crash) via a crafted ioctl
        call.(CVE-2016-2545i1/4%0
    
      - A flaw was found in the Linux kernel where the deletion
        of a file or directory could trigger an unmount and
        reveal data under a mount point. This flaw was
        inadvertently introduced with the new feature of being
        able to lazily unmount a mount tree when using file
        system user namespaces.(CVE-2015-4176i1/4%0
    
      - The do_shmat function in ipc/shm.c in the Linux kernel,
        through 4.9.12, does not restrict the address
        calculated by a certain rounding operation. This allows
        privileged local users to map page zero and,
        consequently, bypass a protection mechanism that exists
        for the mmap system call. This is possible by making
        crafted shmget and shmat system calls in a privileged
        context.(CVE-2017-5669i1/4%0
    
      - In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the
        Linux kernel, before 4.13, local users can cause a
        denial of service (use-after-free and BUG) or possibly
        have unspecified other impact by leveraging differences
        in skb handling between hns_nic_net_xmit_hw and
        hns_nic_net_xmit.(CVE-2017-18218i1/4%0
    
      - The ioapic_deliver function in virt/kvm/ioapic.c in the
        Linux kernel through 3.14.1 does not properly validate
        the kvm_irq_delivery_to_apic return value, which allows
        guest OS users to cause a denial of service (host OS
        crash) via a crafted entry in the redirection table of
        an I/O APIC. NOTE: the affected code was moved to the
        ioapic_service function before the vulnerability was
        announced.(CVE-2014-0155i1/4%0
    
      - A flaw was found in the way the Linux kernel's Crypto
        subsystem handled automatic loading of kernel modules.
        A local user could use this flaw to load any installed
        kernel module, and thus increase the attack surface of
        the running kernel.(CVE-2013-7421i1/4%0
    
      - Off-by-one error in the get_prng_bytes function in
        crypto/ansi_cprng.c in the Linux kernel through 3.11.4
        makes it easier for context-dependent attackers to
        defeat cryptographic protection mechanisms via multiple
        requests for small amounts of data, leading to improper
        management of the state of the consumed
        data.(CVE-2013-4345i1/4%0
    
      - sound/core/timer.c in the Linux kernel before 4.4.1
        uses an incorrect type of mutex, which allows local
        users to cause a denial of service (race condition,
        use-after-free, and system crash) via a crafted ioctl
        call.(CVE-2016-2546i1/4%0
    
      - The do_get_mempolicy function in mm/mempolicy.c in the
        Linux kernel before 4.12.9 allows local users to cause
        a denial of service (use-after-free) or possibly have
        unspecified other impact via crafted system
        calls.(CVE-2018-10675i1/4%0
    
      - A certain backport in the TCP Fast Open implementation
        for the Linux kernel before 3.18 does not properly
        maintain a count value, which allow local users to
        cause a denial of service (system crash) via the Fast
        Open feature, as demonstrated by visiting the
        chrome://flags/#enable-tcp-fast-open URL when using
        certain 3.10.x through 3.16.x kernel builds, including
        longterm-maintenance releases and ckt (aka Canonical
        Kernel Team) builds.(CVE-2015-3332i1/4%0
    
      - It was found that the try_to_unmap_cluster() function
        in the Linux kernel's Memory Managment subsystem did
        not properly handle page locking in certain cases,
        which could potentially trigger the BUG_ON() macro in
        the mlock_vma_page() function. A local, unprivileged
        user could use this flaw to crash the
        system.(CVE-2014-3122i1/4%0
    
      - The blkcg_init_queue function in block/blk-cgroup.c in
        the Linux kernel, before 4.11, allows local users to
        cause a denial of service (double free) or possibly
        have unspecified other impact by triggering a creation
        failure.(CVE-2018-7480i1/4%0
    
      - The create_fixed_stream_quirk function in
        sound/usb/quirks.c in the snd-usb-audio driver in the
        Linux kernel before 4.5.1 allows physically proximate
        attackers to cause a denial of service (NULL pointer
        dereference or double free, and system crash) via a
        crafted endpoints value in a USB device
        descriptor.(CVE-2016-2184i1/4%0
    
      - The etm_setup_aux function in
        drivers/hwtracing/coresight/coresight-etm-perf.c in the
        Linux kernel before 4.10.2 allows attackers to cause a
        denial of service (panic) because a parameter is
        incorrectly used as a local variable.(CVE-2018-11232i1/4%0
    
      - A division-by-zero in set_termios(), when debugging is
        enabled, was found in the Linux kernel. When the
        [io_ti] driver is loaded, a local unprivileged attacker
        can request incorrect high transfer speed in the
        change_port_settings() in the
        drivers/usb/serial/io_ti.c so that the divisor value
        becomes zero and causes a system crash resulting in a
        denial of service.(CVE-2017-18360i1/4%0
    
      - A flaw was found where the XFS filesystem code
        mishandles a user-settable inode flag in the Linux
        kernel prior to 4.14-rc1. This can cause a local denial
        of service via a kernel panic.(CVE-2017-14340i1/4%0
    
      - An issue was discovered in the Linux kernel through
        4.19. An information leak in cdrom_ioctl_select_disc in
        drivers/cdrom/cdrom.c could be used by local attackers
        to read kernel memory because a cast from unsigned long
        to int interferes with bounds
        checking.(CVE-2018-18710i1/4%0
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1471
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d86ae156");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/13");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-4.19.28-1.2.117",
            "kernel-devel-4.19.28-1.2.117",
            "kernel-headers-4.19.28-1.2.117",
            "kernel-tools-4.19.28-1.2.117",
            "kernel-tools-libs-4.19.28-1.2.117",
            "kernel-tools-libs-devel-4.19.28-1.2.117",
            "perf-4.19.28-1.2.117",
            "python-perf-4.19.28-1.2.117"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2014-368.NASL
    descriptionarch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value. The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root. ** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says
    last seen2020-06-01
    modified2020-06-02
    plugin id78311
    published2014-10-12
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78311
    titleAmazon Linux AMI : kernel (ALAS-2014-368)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2014-368.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78311);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/16 10:34:21");
    
      script_cve_id("CVE-2014-0206", "CVE-2014-4014", "CVE-2014-4508", "CVE-2014-4608");
      script_xref(name:"ALAS", value:"2014-368");
    
      script_name(english:"Amazon Linux AMI : kernel (ALAS-2014-368)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on
    32-bit x86 platforms, when syscall auditing is enabled and the sep CPU
    feature flag is set, allows local users to cause a denial of service
    (OOPS and system crash) via an invalid syscall number, as demonstrated
    by number 1000.
    
    Array index error in the aio_read_events_ring function in fs/aio.c in
    the Linux kernel through 3.15.1 allows local users to obtain sensitive
    information from kernel memory via a large head value.
    
    The capabilities implementation in the Linux kernel before 3.14.8 does
    not properly consider that namespaces are inapplicable to inodes,
    which allows local users to bypass intended chmod restrictions by
    first creating a user namespace, as demonstrated by setting the setgid
    bit on a file with group ownership of root.
    
    ** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe
    function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in
    the Linux kernel before 3.15.2 allow context-dependent attackers to
    cause a denial of service (memory corruption) via a crafted Literal
    Run. NOTE: the author of the LZO algorithms says 'the Linux kernel is
    *not* affected; media hype.'"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2014-368.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Run 'yum update kernel' to update your system. You will need to reboot
    your system in order for the new kernel to be running."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/09/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"kernel-3.10.48-55.140.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-debuginfo-3.10.48-55.140.amzn1")) flag++;
    if (rpm_check(release:"ALA", cpu:"i686", reference:"kernel-debuginfo-common-i686-3.10.48-55.140.amzn1")) flag++;
    if (rpm_check(release:"ALA", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.48-55.140.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-devel-3.10.48-55.140.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-doc-3.10.48-55.140.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-headers-3.10.48-55.140.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"perf-3.10.48-55.140.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"perf-debuginfo-3.10.48-55.140.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc");
    }
    

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:87007
last seen2017-11-19
modified2014-07-01
published2014-07-01
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-87007
titleLinux Kernel <= 3.13 - Local Privilege Escalation PoC (gid)