Vulnerabilities > CVE-2014-5472 - Improper Input Validation vulnerability in Linux Kernel

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry.

Vulnerable Configurations

Part Description Count
OS
Linux
2075

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-1272.NASL
    descriptionThe remote Oracle Linux host is missing a security update for one or more kernel-related packages.
    last seen2020-06-01
    modified2020-06-02
    plugin id85097
    published2015-07-30
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/85097
    titleOracle Linux 6 : kernel (ELSA-2015-1272)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Oracle Linux Security Advisory ELSA-2015-1272.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(85097);
      script_version("2.3");
      script_cvs_date("Date: 2018/09/17 21:46:53");
    
      script_cve_id(
        "CVE-2011-5321",
        "CVE-2012-6657",
        "CVE-2014-3184",
        "CVE-2014-3185",
        "CVE-2014-3215",
        "CVE-2014-3610",
        "CVE-2014-3611",
        "CVE-2014-3645",
        "CVE-2014-3646",
        "CVE-2014-3673",
        "CVE-2014-3687",
        "CVE-2014-3688",
        "CVE-2014-3690",
        "CVE-2014-3940",
        "CVE-2014-4652",
        "CVE-2014-4656",
        "CVE-2014-5471",
        "CVE-2014-5472",
        "CVE-2014-6410",
        "CVE-2014-7822",
        "CVE-2014-7825",
        "CVE-2014-7826",
        "CVE-2014-7841",
        "CVE-2014-8133",
        "CVE-2014-8159",
        "CVE-2014-8369",
        "CVE-2014-8709",
        "CVE-2014-8884",
        "CVE-2014-9322",
        "CVE-2014-9419",
        "CVE-2014-9420",
        "CVE-2014-9529",
        "CVE-2014-9584",
        "CVE-2014-9585",
        "CVE-2014-9683",
        "CVE-2015-0239",
        "CVE-2015-1593",
        "CVE-2015-1805",
        "CVE-2015-2830",
        "CVE-2015-2922",
        "CVE-2015-3331",
        "CVE-2015-3339",
        "CVE-2015-3636"
      );
    
      script_name(english:"Oracle Linux 6 : kernel (ELSA-2015-1272)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Oracle Linux host is missing one or more security updates.");
      script_set_attribute(attribute:"description", value:
    "The remote Oracle Linux host is missing a security update for one or
    more kernel-related packages.");
      script_set_attribute(attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2015-July/005242.html");
      script_set_attribute(attribute:"solution", value:"Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"EL6", reference:"kernel-2.6.32-573.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"kernel-abi-whitelists-2.6.32-573.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"kernel-debug-2.6.32-573.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"kernel-debug-devel-2.6.32-573.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"kernel-devel-2.6.32-573.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"kernel-doc-2.6.32-573.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"kernel-firmware-2.6.32-573.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"kernel-headers-2.6.32-573.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"perf-2.6.32-573.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"python-perf-2.6.32-573.el6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0812-1.NASL
    descriptionThe SUSE Linux Enterprise 10 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs have been fixed : CVE-2015-2041: A information leak in the llc2_timeout_table was fixed (bnc#919007). CVE-2014-9322: arch/x86/kernel/entry_64.S in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space (bnc#910251). CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the 1-clock-tests test suite (bnc#907818). CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel did not properly manage a certain backlog value, which allowed remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet (bnc#885422). CVE-2014-3673: The SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346). CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel might have allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). CVE-2014-1874: The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel allowed local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context (bnc#863335). CVE-2014-0181: The Netlink implementation in the Linux kernel did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051). CVE-2013-4299: Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel allowed remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device (bnc#846404). CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel did not initialize certain data structures, which allowed local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c (bnc#823260). CVE-2012-6657: The sock_setsockopt function in net/core/sock.c in the Linux kernel did not ensure that a keepalive action is associated with a stream socket, which allowed local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket (bnc#896779). CVE-2012-3400: Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel allowed remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem (bnc#769784). CVE-2012-2319: Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel allowed local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020 (bnc#760902). CVE-2012-2313: The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel did not restrict access to the SIOCSMIIREG command, which allowed local users to write data to an Ethernet adapter via an ioctl call (bnc#758813). CVE-2011-4132: The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allowed local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an
    last seen2020-06-01
    modified2020-06-02
    plugin id83723
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83723
    titleSUSE SLES10 Security Update : kernel (SUSE-SU-2015:0812-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2015:0812-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83723);
      script_version("2.21");
      script_cvs_date("Date: 2019/09/11 11:22:12");
    
      script_cve_id("CVE-2009-4020", "CVE-2011-1090", "CVE-2011-1163", "CVE-2011-1476", "CVE-2011-1477", "CVE-2011-1493", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1585", "CVE-2011-4127", "CVE-2011-4132", "CVE-2011-4913", "CVE-2011-4914", "CVE-2012-2313", "CVE-2012-2319", "CVE-2012-3400", "CVE-2012-6657", "CVE-2013-2147", "CVE-2013-4299", "CVE-2013-6405", "CVE-2013-6463", "CVE-2014-0181", "CVE-2014-1874", "CVE-2014-3184", "CVE-2014-3185", "CVE-2014-3673", "CVE-2014-3917", "CVE-2014-4652", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-4656", "CVE-2014-4667", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-9090", "CVE-2014-9322", "CVE-2014-9420", "CVE-2014-9584", "CVE-2015-2041");
      script_bugtraq_id(46766, 46878, 46935, 47007, 47009, 47185, 47381, 50663, 51176, 53401, 53965, 54279, 60280, 63183, 63999, 64669, 65459, 67034, 67699, 68162, 68163, 68164, 68170, 68224, 69396, 69428, 69768, 69781, 69803, 70883, 71250, 71685, 71717, 71883, 72729);
    
      script_name(english:"SUSE SLES10 Security Update : kernel (SUSE-SU-2015:0812-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 10 SP4 LTSS kernel was updated to receive
    various security and bugfixes.
    
    The following security bugs have been fixed :
    
    CVE-2015-2041: A information leak in the llc2_timeout_table was fixed
    (bnc#919007).
    
    CVE-2014-9322: arch/x86/kernel/entry_64.S in the Linux kernel did not
    properly handle faults associated with the Stack Segment (SS) segment
    register, which allowed local users to gain privileges by triggering
    an IRET instruction that leads to access to a GS Base address from the
    wrong space (bnc#910251).
    
    CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c
    in the Linux kernel did not properly handle faults associated with the
    Stack Segment (SS) segment register, which allowed local users to
    cause a denial of service (panic) via a modify_ldt system call, as
    demonstrated by sigreturn_32 in the 1-clock-tests test suite
    (bnc#907818).
    
    CVE-2014-4667: The sctp_association_free function in
    net/sctp/associola.c in the Linux kernel did not properly manage a
    certain backlog value, which allowed remote attackers to cause a
    denial of service (socket outage) via a crafted SCTP packet
    (bnc#885422).
    
    CVE-2014-3673: The SCTP implementation in the Linux kernel allowed
    remote attackers to cause a denial of service (system crash) via a
    malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and
    net/sctp/sm_statefuns.c (bnc#902346).
    
    CVE-2014-3185: Multiple buffer overflows in the
    command_port_read_callback function in drivers/usb/serial/whiteheat.c
    in the Whiteheat USB Serial Driver in the Linux kernel allowed
    physically proximate attackers to execute arbitrary code or cause a
    denial of service (memory corruption and system crash) via a crafted
    device that provides a large amount of (1) EHCI or (2) XHCI data
    associated with a bulk response (bnc#896391).
    
    CVE-2014-3184: The report_fixup functions in the HID subsystem in the
    Linux kernel might have allowed physically proximate attackers to
    cause a denial of service (out-of-bounds write) via a crafted device
    that provides a small report descriptor, related to (1)
    drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3)
    drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5)
    drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c
    (bnc#896390).
    
    CVE-2014-1874: The security_context_to_sid_core function in
    security/selinux/ss/services.c in the Linux kernel allowed local users
    to cause a denial of service (system crash) by leveraging the
    CAP_MAC_ADMIN capability to set a zero-length security context
    (bnc#863335).
    
    CVE-2014-0181: The Netlink implementation in the Linux kernel did not
    provide a mechanism for authorizing socket operations based on the
    opener of a socket, which allowed local users to bypass intended
    access restrictions and modify network configurations by using a
    Netlink socket for the (1) stdout or (2) stderr of a setuid program
    (bnc#875051).
    
    CVE-2013-4299: Interpretation conflict in
    drivers/md/dm-snap-persistent.c in the Linux kernel allowed remote
    authenticated users to obtain sensitive information or modify data via
    a crafted mapping to a snapshot block device (bnc#846404).
    
    CVE-2013-2147: The HP Smart Array controller disk-array driver and
    Compaq SMART2 controller disk-array driver in the Linux kernel did not
    initialize certain data structures, which allowed local users to
    obtain sensitive information from kernel memory via (1) a crafted
    IDAGETPCIINFO command for a /dev/ida device, related to the
    ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted
    CCISS_PASSTHRU32 command for a /dev/cciss device, related to the
    cciss_ioctl32_passthru function in drivers/block/cciss.c (bnc#823260).
    
    CVE-2012-6657: The sock_setsockopt function in net/core/sock.c in the
    Linux kernel did not ensure that a keepalive action is associated with
    a stream socket, which allowed local users to cause a denial of
    service (system crash) by leveraging the ability to create a raw
    socket (bnc#896779).
    
    CVE-2012-3400: Heap-based buffer overflow in the udf_load_logicalvol
    function in fs/udf/super.c in the Linux kernel allowed remote
    attackers to cause a denial of service (system crash) or possibly have
    unspecified other impact via a crafted UDF filesystem (bnc#769784).
    
    CVE-2012-2319: Multiple buffer overflows in the hfsplus filesystem
    implementation in the Linux kernel allowed local users to gain
    privileges via a crafted HFS plus filesystem, a related issue to
    CVE-2009-4020 (bnc#760902).
    
    CVE-2012-2313: The rio_ioctl function in
    drivers/net/ethernet/dlink/dl2k.c in the Linux kernel did not restrict
    access to the SIOCSMIIREG command, which allowed local users to write
    data to an Ethernet adapter via an ioctl call (bnc#758813).
    
    CVE-2011-4132: The cleanup_journal_tail function in the Journaling
    Block Device (JBD) functionality in the Linux kernel 2.6 allowed local
    users to cause a denial of service (assertion error and kernel oops)
    via an ext3 or ext4 image with an 'invalid log first block value'
    (bnc#730118).
    
    CVE-2011-4127: The Linux kernel did not properly restrict SG_IO ioctl
    calls, which allowed local users to bypass intended restrictions on
    disk read and write operations by sending a SCSI command to (1) a
    partition block device or (2) an LVM volume (bnc#738400).
    
    CVE-2011-1585: The cifs_find_smb_ses function in fs/cifs/connect.c in
    the Linux kernel did not properly determine the associations between
    users and sessions, which allowed local users to bypass CIFS share
    authentication by leveraging a mount of a share by a different user
    (bnc#687812).
    
    CVE-2011-1494: Integer overflow in the _ctl_do_mpt_command function in
    drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel might have
    allowed local users to gain privileges or cause a denial of service
    (memory corruption) via an ioctl call specifying a crafted value that
    triggers a heap-based buffer overflow (bnc#685402).
    
    CVE-2011-1495: drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel
    did not validate (1) length and (2) offset values before performing
    memory copy operations, which might allow local users to gain
    privileges, cause a denial of service (memory corruption), or obtain
    sensitive information from kernel memory via a crafted ioctl call,
    related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions
    (bnc#685402).
    
    CVE-2011-1493: Array index error in the rose_parse_national function
    in net/rose/rose_subr.c in the Linux kernel allowed remote attackers
    to cause a denial of service (heap memory corruption) or possibly have
    unspecified other impact by composing FAC_NATIONAL_DIGIS data that
    specifies a large number of digipeaters, and then sending this data to
    a ROSE socket (bnc#681175).
    
    CVE-2011-4913: The rose_parse_ccitt function in net/rose/rose_subr.c
    in the Linux kernel did not validate the FAC_CCITT_DEST_NSAP and
    FAC_CCITT_SRC_NSAP fields, which allowed remote attackers to (1) cause
    a denial of service (integer underflow, heap memory corruption, and
    panic) via a small length value in data sent to a ROSE socket, or (2)
    conduct stack-based buffer overflow attacks via a large length value
    in data sent to a ROSE socket (bnc#681175).
    
    CVE-2011-4914: The ROSE protocol implementation in the Linux kernel
    did not verify that certain data-length values are consistent with the
    amount of data sent, which might allow remote attackers to obtain
    sensitive information from kernel memory or cause a denial of service
    (out-of-bounds read) via crafted data to a ROSE socket (bnc#681175).
    
    CVE-2011-1476: Integer underflow in the Open Sound System (OSS)
    subsystem in the Linux kernel on unspecified non-x86 platforms allowed
    local users to cause a denial of service (memory corruption) by
    leveraging write access to /dev/sequencer (bnc#681999).
    
    CVE-2011-1477: Multiple array index errors in sound/oss/opl3.c in the
    Linux kernel allowed local users to cause a denial of service (heap
    memory corruption) or possibly gain privileges by leveraging write
    access to /dev/sequencer (bnc#681999).
    
    CVE-2011-1163: The osf_partition function in fs/partitions/osf.c in
    the Linux kernel did not properly handle an invalid number of
    partitions, which might allow local users to obtain potentially
    sensitive information from kernel heap memory via vectors related to
    partition-table parsing (bnc#679812).
    
    CVE-2011-1090: The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c
    in the Linux kernel stored NFSv4 ACL data in memory that is allocated
    by kmalloc but not properly freed, which allowed local users to cause
    a denial of service (panic) via a crafted attempt to set an ACL
    (bnc#677286).
    
    CVE-2014-9584: The parse_rock_ridge_inode_internal function in
    fs/isofs/rock.c in the Linux kernel did not validate a length value in
    the Extensions Reference (ER) System Use Field, which allowed local
    users to obtain sensitive information from kernel memory via a crafted
    iso9660 image (bnc#912654).
    
    CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the
    Linux kernel did not restrict the number of Rock Ridge continuation
    entries, which allowed local users to cause a denial of service
    (infinite loop, and system crash or hang) via a crafted iso9660 image
    (bnc#911325).
    
    CVE-2014-5471: Stack consumption vulnerability in the
    parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the
    Linux kernel allowed local users to cause a denial of service
    (uncontrolled recursion, and system crash or reboot) via a crafted
    iso9660 image with a CL entry referring to a directory entry that has
    a CL entry (bnc#892490).
    
    CVE-2014-5472: The parse_rock_ridge_inode_internal function in
    fs/isofs/rock.c in the Linux kernel allowed local users to cause a
    denial of service (unkillable mount process) via a crafted iso9660
    image with a self-referential CL entry (bnc#892490).
    
    CVE-2014-3917: kernel/auditsc.c in the Linux kernel, when
    CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allowed
    local users to obtain potentially sensitive single-bit values from
    kernel memory or cause a denial of service (OOPS) via a large value of
    a syscall number (bnc#880484).
    
    CVE-2014-4652: Race condition in the tlv handler functionality in the
    snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA
    control implementation in the Linux kernel allowed local users to
    obtain sensitive information from kernel memory by leveraging
    /dev/snd/controlCX access (bnc#883795).
    
    CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c
    in the ALSA control implementation in the Linux kernel did not check
    authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allowed
    local users to remove kernel controls and cause a denial of service
    (use-after-free and system crash) by leveraging /dev/snd/controlCX
    access for an ioctl call (bnc#883795).
    
    CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c
    in the ALSA control implementation in the Linux kernel did not
    properly maintain the user_ctl_count value, which allowed local users
    to cause a denial of service (integer overflow and limit bypass) by
    leveraging /dev/snd/controlCX access for a large number of
    SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls (bnc#883795).
    
    CVE-2014-4653: sound/core/control.c in the ALSA control implementation
    in the Linux kernel did not ensure possession of a read/write lock,
    which allowed local users to cause a denial of service
    (use-after-free) and obtain sensitive information from kernel memory
    by leveraging /dev/snd/controlCX access (bnc#883795).
    
    CVE-2014-4656: Multiple integer overflows in sound/core/control.c in
    the ALSA control implementation in the Linux kernel allowed local
    users to cause a denial of service by leveraging /dev/snd/controlCX
    access, related to (1) index values in the snd_ctl_add function and
    (2) numid values in the snd_ctl_remove_numid_conflict function
    (bnc#883795).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=677286"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=679812"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=681175"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=681999"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=683282"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=685402"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=687812"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=730118"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=730200"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=738400"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=758813"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=760902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=769784"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=823260"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=846404"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=853040"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=854722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=863335"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=874307"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=875051"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=880484"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=883223"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=883795"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=885422"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=891844"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=892490"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=896390"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=896391"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=896779"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=902346"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=907818"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=908382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=910251"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=911325"
      );
      # https://download.suse.com/patch/finder/?keywords=15c960abc4733df91b510dfe4ba2ac6d
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0c2a8dc0"
      );
      # https://download.suse.com/patch/finder/?keywords=2a99948c9c3be4a024a9fa4d408002be
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bb8d1095"
      );
      # https://download.suse.com/patch/finder/?keywords=53c468d2b277f3335fcb5ddb08bda2e4
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0e08f301"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-1090/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-1163/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-1476/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-1477/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-1493/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-1494/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-1495/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-1585/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-4127/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-4132/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-4913/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2011-4914/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2012-2313/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2012-2319/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2012-3400/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2012-6657/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2013-2147/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2013-4299/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2013-6405/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2013-6463/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-0181/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-1874/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3184/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3185/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3673/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-3917/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-4652/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-4653/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-4654/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-4655/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-4656/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-4667/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-5471/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-5472/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-9090/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-9322/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-9420/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-9584/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-2041/"
      );
      # https://www.suse.com/support/update/announcement/2015/suse-su-20150812-1.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0e1e8d12"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-bigsmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kdumppae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-smp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vmi");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vmipae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xenpae");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/12/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES10)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES10", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES10" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES10 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-debug-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-kdump-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-smp-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-xen-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-bigsmp-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-kdumppae-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-vmi-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-vmipae-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-xenpae-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"kernel-default-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"kernel-source-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", reference:"kernel-syms-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-debug-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-kdump-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-smp-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-xen-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-bigsmp-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-kdumppae-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-vmi-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-vmipae-2.6.16.60-0.132.1")) flag++;
    if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-xenpae-2.6.16.60-0.132.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0695.NASL
    descriptionUpdated kernel packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id81906
    published2015-03-18
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81906
    titleRHEL 6 : kernel (RHSA-2015:0695)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2015:0695. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81906);
      script_version("1.15");
      script_cvs_date("Date: 2019/10/24 15:35:39");
    
      script_cve_id("CVE-2013-2596", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-7841", "CVE-2014-8159");
      script_xref(name:"RHSA", value:"2015:0695");
    
      script_name(english:"RHEL 6 : kernel (RHSA-2015:0695)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix multiple security issues and two bugs
    are now available for Red Hat Enterprise Linux 6.2 Advanced Update
    Support.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * A flaw was found in the way the Linux kernel's SCTP implementation
    validated INIT chunks when performing Address Configuration Change
    (ASCONF). A remote attacker could use this flaw to crash the system by
    sending a specially crafted SCTP packet to trigger a NULL pointer
    dereference on the system. (CVE-2014-7841, Important)
    
    * It was found that the Linux kernel's Infiniband subsystem did not
    properly sanitize input parameters while registering memory regions
    from user space via the (u)verbs API. A local user with access to a
    /dev/infiniband/uverbsX device could use this flaw to crash the system
    or, potentially, escalate their privileges on the system.
    (CVE-2014-8159, Important)
    
    * An integer overflow flaw was found in the way the Linux kernel's
    Frame Buffer device implementation mapped kernel memory to user space
    via the mmap syscall. A local user able to access a frame buffer
    device file (/dev/fb*) could possibly use this flaw to escalate their
    privileges on the system. (CVE-2013-2596, Important)
    
    * It was found that the parse_rock_ridge_inode_internal() function of
    the Linux kernel's ISOFS implementation did not correctly check
    relocated directories when processing Rock Ridge child link (CL) tags.
    An attacker with physical access to the system could use a specially
    crafted ISO image to crash the system or, potentially, escalate their
    privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low)
    
    Red Hat would like to thank Mellanox for reporting the CVE-2014-8159
    issue. The CVE-2014-7841 issue was discovered by Liu Wei of Red Hat.
    
    This update also fixes the following bugs :
    
    * Previously, certain network device drivers did not accept ethtool
    commands right after they were loaded. As a consequence, the current
    setting of the specified device driver was not applied and an error
    message was returned. The ETHTOOL_DELAY variable has been added, which
    makes sure the ethtool utility waits for some time before it tries to
    apply the options settings, thus fixing the bug. (BZ#1138299)
    
    * During the memory allocation for a new socket to communicate to the
    server, the rpciod daemon released a clean page which needed to be
    committed. However, the commit was queueing indefinitely as the commit
    could only be provided with a socket connection. As a consequence, a
    deadlock occurred in rpciod. This update sets the PF_FSTRANS flag on
    the work queue task prior to the socket allocation, and adds the
    nfs_release_page check for the flag when deciding whether to make a
    commit call, thus fixing this bug. (BZ#1192326)
    
    All kernel users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. The system
    must be rebooted for this update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2015:0695"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-5472"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-5471"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-2596"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-7841"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-8159"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/03/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6\.2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.2", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-2596", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-7841", "CVE-2014-8159");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2015:0695");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2015:0695";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-debug-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-debug-debuginfo-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-debug-devel-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-debuginfo-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-devel-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", reference:"kernel-doc-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", reference:"kernel-firmware-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-headers-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"perf-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"perf-debuginfo-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"python-perf-2.6.32-220.60.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"python-perf-debuginfo-2.6.32-220.60.2.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc");
      }
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2014-1997.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important) * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id80088
    published2014-12-18
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80088
    titleCentOS 6 : kernel (CESA-2014:1997)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2014:1997 and 
    # CentOS Errata and Security Advisory 2014:1997 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(80088);
      script_version("1.10");
      script_cvs_date("Date: 2020/01/06");
    
      script_cve_id("CVE-2012-6657", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-6410", "CVE-2014-9322");
      script_bugtraq_id(69396, 69428, 69799, 69803, 70766, 70768, 70883, 71685);
      script_xref(name:"RHSA", value:"2014:1997");
    
      script_name(english:"CentOS 6 : kernel (CESA-2014:1997)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix multiple security issues and several
    bugs are now available for Red Hat Enterprise Linux 6.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * A flaw was found in the way the Linux kernel handled GS segment
    register base switching when recovering from a #SS (stack segment)
    fault on an erroneous return to user space. A local, unprivileged user
    could use this flaw to escalate their privileges on the system.
    (CVE-2014-9322, Important)
    
    * A flaw was found in the way the Linux kernel's SCTP implementation
    handled malformed or duplicate Address Configuration Change Chunks
    (ASCONF). A remote attacker could use either of these flaws to crash
    the system. (CVE-2014-3673, CVE-2014-3687, Important)
    
    * A flaw was found in the way the Linux kernel's SCTP implementation
    handled the association's output queue. A remote attacker could send
    specially crafted packets that would cause the system to use an
    excessive amount of memory, leading to a denial of service.
    (CVE-2014-3688, Important)
    
    * A stack overflow flaw caused by infinite recursion was found in the
    way the Linux kernel's UDF file system implementation processed
    indirect ICBs. An attacker with physical access to the system could
    use a specially crafted UDF image to crash the system. (CVE-2014-6410,
    Low)
    
    * It was found that the Linux kernel's networking implementation did
    not correctly handle the setting of the keepalive socket option on raw
    sockets. A local user able to create a raw socket could use this flaw
    to crash the system. (CVE-2012-6657, Low)
    
    * It was found that the parse_rock_ridge_inode_internal() function of
    the Linux kernel's ISOFS implementation did not correctly check
    relocated directories when processing Rock Ridge child link (CL) tags.
    An attacker with physical access to the system could use a specially
    crafted ISO image to crash the system or, potentially, escalate their
    privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low)
    
    Red Hat would like to thank Andy Lutomirski for reporting
    CVE-2014-9322. The CVE-2014-3673 issue was discovered by Liu Wei of
    Red Hat.
    
    Bug fixes :
    
    * This update fixes a race condition issue between the
    sock_queue_err_skb function and sk_forward_alloc handling in the
    socket error queue (MSG_ERRQUEUE), which could occasionally cause the
    kernel, for example when using PTP, to incorrectly track allocated
    memory for the error queue, in which case a traceback would occur in
    the system log. (BZ#1155427)
    
    * The zcrypt device driver did not detect certain crypto cards and the
    related domains for crypto adapters on System z and s390x
    architectures. Consequently, it was not possible to run the system on
    new crypto hardware. This update enables toleration mode for such
    devices so that the system can make use of newer crypto hardware.
    (BZ#1158311)
    
    * After mounting and unmounting an XFS file system several times
    consecutively, the umount command occasionally became unresponsive.
    This was caused by the xlog_cil_force_lsn() function that was not
    waiting for completion as expected. With this update,
    xlog_cil_force_lsn() has been modified to correctly wait for
    completion, thus fixing this bug. (BZ#1158325)
    
    * When using the ixgbe adapter with disabled LRO and the tx-usec or
    rs-usec variables set to 0, transmit interrupts could not be set lower
    than the default of 8 buffered tx frames. Consequently, a delay of TCP
    transfer occurred. The restriction of a minimum of 8 buffered frames
    has been removed, and the TCP delay no longer occurs. (BZ#1158326)
    
    * The offb driver has been updated for the QEMU standard VGA adapter,
    fixing an incorrect displaying of colors issue. (BZ#1158328)
    
    * Under certain circumstances, when a discovered MTU expired, the IPv6
    connection became unavailable for a short period of time. This bug has
    been fixed, and the connection now works as expected. (BZ#1161418)
    
    * A low throughput occurred when using the dm-thin driver to write to
    unprovisioned or shared chunks for a thin pool with the chunk size
    bigger than the max_sectors_kb variable. (BZ#1161420)
    
    * Large write workloads on thin LVs could cause the iozone and
    smallfile utilities to terminate unexpectedly. (BZ#1161421)"
      );
      # https://lists.centos.org/pipermail/centos-announce/2014-December/020838.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fd6a20a8"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-3673");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/12/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", reference:"kernel-2.6.32-504.3.3.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-abi-whitelists-2.6.32-504.3.3.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-debug-2.6.32-504.3.3.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-debug-devel-2.6.32-504.3.3.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-devel-2.6.32-504.3.3.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-doc-2.6.32-504.3.3.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-firmware-2.6.32-504.3.3.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-headers-2.6.32-504.3.3.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"perf-2.6.32-504.3.3.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"python-perf-2.6.32-504.3.3.el6")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0782.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id82636
    published2015-04-08
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82636
    titleRHEL 6 : kernel (RHSA-2015:0782)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2015:0782. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(82636);
      script_version("1.14");
      script_cvs_date("Date: 2019/10/24 15:35:39");
    
      script_cve_id("CVE-2013-2596", "CVE-2014-3690", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-8159", "CVE-2014-8884", "CVE-2015-1421");
      script_xref(name:"RHSA", value:"2015:0782");
    
      script_name(english:"RHEL 6 : kernel (RHSA-2015:0782)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated kernel packages that fix multiple security issues and several
    bugs are now available for Red Hat Enterprise Linux 6.5 Extended
    Update Support.
    
    Red Hat Product Security has rated this update as having Important
    security impact. Common Vulnerability Scoring System (CVSS) base
    scores, which give detailed severity ratings, are available for each
    vulnerability from the CVE links in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    * It was found that the Linux kernel's Infiniband subsystem did not
    properly sanitize input parameters while registering memory regions
    from user space via the (u)verbs API. A local user with access to a
    /dev/infiniband/uverbsX device could use this flaw to crash the system
    or, potentially, escalate their privileges on the system.
    (CVE-2014-8159, Important)
    
    * A use-after-free flaw was found in the way the Linux kernel's SCTP
    implementation handled authentication key reference counting during
    INIT collisions. A remote attacker could use this flaw to crash the
    system or, potentially, escalate their privileges on the system.
    (CVE-2015-1421, Important)
    
    * An integer overflow flaw was found in the way the Linux kernel's
    Frame Buffer device implementation mapped kernel memory to user space
    via the mmap syscall. A local user able to access a frame buffer
    device file (/dev/fb*) could possibly use this flaw to escalate their
    privileges on the system. (CVE-2013-2596, Important)
    
    * It was found that the Linux kernel's KVM implementation did not
    ensure that the host CR4 control register value remained unchanged
    across VM entries on the same virtual CPU. A local, unprivileged user
    could use this flaw to cause a denial of service on the system.
    (CVE-2014-3690, Moderate)
    
    * It was found that the parse_rock_ridge_inode_internal() function of
    the Linux kernel's ISOFS implementation did not correctly check
    relocated directories when processing Rock Ridge child link (CL) tags.
    An attacker with physical access to the system could use a specially
    crafted ISO image to crash the system or, potentially, escalate their
    privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low)
    
    * A stack-based buffer overflow flaw was found in the
    TechnoTrend/Hauppauge DEC USB device driver. A local user with write
    access to the corresponding device could use this flaw to crash the
    kernel or, potentially, elevate their privileges on the system.
    (CVE-2014-8884, Low)
    
    Red Hat would like to thank Mellanox for reporting CVE-2014-8159, and
    Andy Lutomirski for reporting CVE-2014-3690. The CVE-2015-1421 issue
    was discovered by Sun Baoliang of Red Hat.
    
    This update also fixes the following bugs :
    
    * Previously, a NULL pointer check that is needed to prevent an oops
    in the nfs_async_inode_return_delegation() function was removed. As a
    consequence, a NFS4 client could terminate unexpectedly. The missing
    NULL pointer check has been added back, and NFS4 client no longer
    crashes in this situation. (BZ#1187638)
    
    * Due to unbalanced multicast join and leave processing, the attempt
    to leave a multicast group that had not previously completed a join
    became unresponsive. This update resolves multiple locking issues in
    the IPoIB multicast code that allowed multicast groups to be left
    before the joining was entirely completed. Now, multicast join and
    leave failures or lockups no longer occur in the described situation.
    (BZ#1187663)
    
    * A failure to leave a multicast group which had previously been
    joined prevented the attempt to unregister from the 'sa' service.
    Multiple locking issues in the IPoIB multicast join and leave
    processing have been fixed so that leaving a group that has completed
    its join process is successful. As a result, attempts to unregister
    from the 'sa' service no longer lock up due to leaked resources.
    (BZ#1187665)
    
    * Due to a regression, when large reads which partially extended
    beyond the end of the underlying device were done, the raw driver
    returned the EIO error code instead of returning a short read covering
    the valid part of the device. The underlying source code has been
    patched, and the raw driver now returns a short read for the remainder
    of the device. (BZ#1195746)
    
    All kernel users are advised to upgrade to these updated packages,
    which contain backported patches to correct these issues. The system
    must be rebooted for this update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2015:0782"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-5472"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-5471"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-2596"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-3690"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-8884"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-8159"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-1421"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/04/12");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/04/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6\.5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.5", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-2596", "CVE-2014-3690", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-8159", "CVE-2014-8884", "CVE-2015-1421");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2015:0782");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2015:0782";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", reference:"kernel-abi-whitelists-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-debug-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-debug-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-debug-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-debug-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-debug-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-debug-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-debug-devel-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-debug-devel-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-debug-devel-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-debuginfo-common-i686-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-debuginfo-common-s390x-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-devel-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-devel-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-devel-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", reference:"kernel-doc-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", reference:"kernel-firmware-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"kernel-headers-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-headers-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"kernel-headers-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-kdump-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-kdump-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"kernel-kdump-devel-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"perf-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"perf-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"perf-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"perf-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"perf-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"perf-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"python-perf-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"python-perf-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"python-perf-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"i686", reference:"python-perf-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"s390x", reference:"python-perf-debuginfo-2.6.32-431.53.2.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"5", cpu:"x86_64", reference:"python-perf-debuginfo-2.6.32-431.53.2.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-BIGSMP-201409-140924.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed : - The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call. (bnc#882804). (CVE-2014-1739) - mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call. (bnc#883518). (CVE-2014-4171) - arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. (bnc#883724). (CVE-2014-4508) - The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. (bnc#885422). (CVE-2014-4667) - The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. (bnc#887082). (CVE-2014-4943) - The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. (bnc#889173). (CVE-2014-5077) - Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. (bnc#892490). (CVE-2014-5471) - The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. (bnc#892490). (CVE-2014-5472) - Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. (bnc#871797). (CVE-2014-2706) - The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (bnc#882639). (CVE-2014-4027) - The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. (bnc#880892). (CVE-2014-3153) - Avoid infinite loop when processing indirect ICBs (bnc#896689) The following non-security bugs have been fixed:. (CVE-2014-6410) - ACPI / PAD: call schedule() when need_resched() is true. (bnc#866911) - ACPI: Fix bug when ACPI reset register is implemented in system memory. (bnc#882900) - ACPI: Limit access to custom_method. (bnc#884333) - ALSA: hda - Enabling Realtek ALC 671 codec. (bnc#891746) - Add option to automatically enforce module signatures when in Secure Boot mode. (bnc#884333) - Add secure_modules() call. (bnc#884333) - Add wait_on_atomic_t() and wake_up_atomic_t(). (bnc#880344) - Backported new patches of Lock down functions for UEFI secure boot Also updated series.conf and removed old patches. - Btrfs: Return EXDEV for cross file system snapshot. - Btrfs: abort the transaction when we does not find our extent ref. - Btrfs: avoid warning bomb of btrfs_invalidate_inodes. - Btrfs: cancel scrub on transaction abortion. - Btrfs: correctly set profile flags on seqlock retry. - Btrfs: does not check nodes for extent items. - Btrfs: fix a possible deadlock between scrub and transaction committing. - Btrfs: fix corruption after write/fsync failure + fsync + log recovery. (bnc#894200) - Btrfs: fix csum tree corruption, duplicate and outdated checksums. (bnc#891619) - Btrfs: fix double free in find_lock_delalloc_range. - Btrfs: fix possible memory leak in btrfs_create_tree(). - Btrfs: fix use of uninit
    last seen2020-06-05
    modified2014-10-23
    plugin id78651
    published2014-10-23
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78651
    titleSuSE 11.3 Security Update : Linux kernel (SAT Patch Number 9750)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(78651);
      script_version("1.10");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2013-1979", "CVE-2014-1739", "CVE-2014-2706", "CVE-2014-3153", "CVE-2014-4027", "CVE-2014-4171", "CVE-2014-4508", "CVE-2014-4667", "CVE-2014-4943", "CVE-2014-5077", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-6410");
    
      script_name(english:"SuSE 11.3 Security Update : Linux kernel (SAT Patch Number 9750)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to
    fix various bugs and security issues.
    
    The following security bugs have been fixed :
    
      - The media_device_enum_entities function in
        drivers/media/media-device.c in the Linux kernel before
        3.14.6 does not initialize a certain data structure,
        which allows local users to obtain sensitive information
        from kernel memory by leveraging /dev/media0 read access
        for a MEDIA_IOC_ENUM_ENTITIES ioctl call. (bnc#882804).
        (CVE-2014-1739)
    
      - mm/shmem.c in the Linux kernel through 3.15.1 does not
        properly implement the interaction between range
        notification and hole punching, which allows local users
        to cause a denial of service (i_mutex hold) by using the
        mmap system call to access a hole, as demonstrated by
        interfering with intended shmem activity by blocking
        completion of (1) an MADV_REMOVE madvise call or (2) an
        FALLOC_FL_PUNCH_HOLE fallocate call. (bnc#883518).
        (CVE-2014-4171)
    
      - arch/x86/kernel/entry_32.S in the Linux kernel through
        3.15.1 on 32-bit x86 platforms, when syscall auditing is
        enabled and the sep CPU feature flag is set, allows
        local users to cause a denial of service (OOPS and
        system crash) via an invalid syscall number, as
        demonstrated by number 1000. (bnc#883724).
        (CVE-2014-4508)
    
      - The sctp_association_free function in
        net/sctp/associola.c in the Linux kernel before 3.15.2
        does not properly manage a certain backlog value, which
        allows remote attackers to cause a denial of service
        (socket outage) via a crafted SCTP packet. (bnc#885422).
        (CVE-2014-4667)
    
      - The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux
        kernel through 3.15.6 allows local users to gain
        privileges by leveraging data-structure differences
        between an l2tp socket and an inet socket. (bnc#887082).
        (CVE-2014-4943)
    
      - The sctp_assoc_update function in net/sctp/associola.c
        in the Linux kernel through 3.15.8, when SCTP
        authentication is enabled, allows remote attackers to
        cause a denial of service (NULL pointer dereference and
        OOPS) by starting to establish an association between
        two endpoints immediately after an exchange of INIT and
        INIT ACK chunks to establish an earlier association
        between these endpoints in the opposite direction.
        (bnc#889173). (CVE-2014-5077)
    
      - Stack consumption vulnerability in the
        parse_rock_ridge_inode_internal function in
        fs/isofs/rock.c in the Linux kernel through 3.16.1
        allows local users to cause a denial of service
        (uncontrolled recursion, and system crash or reboot) via
        a crafted iso9660 image with a CL entry referring to a
        directory entry that has a CL entry. (bnc#892490).
        (CVE-2014-5471)
    
      - The parse_rock_ridge_inode_internal function in
        fs/isofs/rock.c in the Linux kernel through 3.16.1
        allows local users to cause a denial of service
        (unkillable mount process) via a crafted iso9660 image
        with a self-referential CL entry. (bnc#892490).
        (CVE-2014-5472)
    
      - Race condition in the mac80211 subsystem in the Linux
        kernel before 3.13.7 allows remote attackers to cause a
        denial of service (system crash) via network traffic
        that improperly interacts with the WLAN_STA_PS_STA state
        (aka power-save mode), related to sta_info.c and tx.c.
        (bnc#871797). (CVE-2014-2706)
    
      - The rd_build_device_space function in
        drivers/target/target_core_rd.c in the Linux kernel
        before 3.14 does not properly initialize a certain data
        structure, which allows local users to obtain sensitive
        information from ramdisk_mcp memory by leveraging access
        to a SCSI initiator. (bnc#882639). (CVE-2014-4027)
    
      - The futex_requeue function in kernel/futex.c in the
        Linux kernel through 3.14.5 does not ensure that calls
        have two different futex addresses, which allows local
        users to gain privileges via a crafted FUTEX_REQUEUE
        command that facilitates unsafe waiter modification.
        (bnc#880892). (CVE-2014-3153)
    
      - Avoid infinite loop when processing indirect ICBs
        (bnc#896689) The following non-security bugs have been
        fixed:. (CVE-2014-6410)
    
      - ACPI / PAD: call schedule() when need_resched() is true.
        (bnc#866911)
    
      - ACPI: Fix bug when ACPI reset register is implemented in
        system memory. (bnc#882900)
    
      - ACPI: Limit access to custom_method. (bnc#884333)
    
      - ALSA: hda - Enabling Realtek ALC 671 codec. (bnc#891746)
    
      - Add option to automatically enforce module signatures
        when in Secure Boot mode. (bnc#884333)
    
      - Add secure_modules() call. (bnc#884333)
    
      - Add wait_on_atomic_t() and wake_up_atomic_t().
        (bnc#880344)
    
      - Backported new patches of Lock down functions for UEFI
        secure boot Also updated series.conf and removed old
        patches.
    
      - Btrfs: Return EXDEV for cross file system snapshot.
    
      - Btrfs: abort the transaction when we does not find our
        extent ref.
    
      - Btrfs: avoid warning bomb of btrfs_invalidate_inodes.
    
      - Btrfs: cancel scrub on transaction abortion.
    
      - Btrfs: correctly set profile flags on seqlock retry.
    
      - Btrfs: does not check nodes for extent items.
    
      - Btrfs: fix a possible deadlock between scrub and
        transaction committing.
    
      - Btrfs: fix corruption after write/fsync failure + fsync
        + log recovery. (bnc#894200)
    
      - Btrfs: fix csum tree corruption, duplicate and outdated
        checksums. (bnc#891619)
    
      - Btrfs: fix double free in find_lock_delalloc_range.
    
      - Btrfs: fix possible memory leak in btrfs_create_tree().
    
      - Btrfs: fix use of uninit 'ret' in
        end_extent_writepage().
    
      - Btrfs: free delayed node outside of root->inode_lock.
        (bnc#866864)
    
      - Btrfs: make DEV_INFO ioctl available to anyone.
    
      - Btrfs: make FS_INFO ioctl available to anyone.
    
      - Btrfs: make device scan less noisy.
    
      - Btrfs: make sure there are not any read requests before
        stopping workers.
    
      - Btrfs: more efficient io tree navigation on
        wait_extent_bit.
    
      - Btrfs: output warning instead of error when loading free
        space cache failed.
    
      - Btrfs: retrieve more info from FS_INFO ioctl.
    
      - Btrfs: return EPERM when deleting a default subvolume.
        (bnc#869934)
    
      - Btrfs: unset DCACHE_DISCONNECTED when mounting default
        subvol. (bnc#866615)
    
      - Btrfs: use right type to get real comparison.
    
      - Btrfs: wake up @scrub_pause_wait as much as we can.
    
      - Btrfs: wake up transaction thread upon remount.
    
      - CacheFiles: Add missing retrieval completions.
        (bnc#880344)
    
      - CacheFiles: Does not try to dump the index key if the
        cookie has been cleared. (bnc#880344)
    
      - CacheFiles: Downgrade the requirements passed to the
        allocator. (bnc#880344)
    
      - CacheFiles: Fix the marking of cached pages.
        (bnc#880344)
    
      - CacheFiles: Implement invalidation. (bnc#880344)
    
      - CacheFiles: Make some debugging statements conditional.
        (bnc#880344)
    
      - Drivers: hv: util: Fix a bug in the KVP code.
        (bnc#886840)
    
      - Drivers: hv: vmbus: Fix a bug in the channel callback
        dispatch code. (bnc#886840)
    
      - FS-Cache: Add transition to handle invalidate
        immediately after lookup. (bnc#880344)
    
      - FS-Cache: Check that there are no read ops when cookie
        relinquished. (bnc#880344)
    
      - FS-Cache: Clear remaining page count on retrieval
        cancellation. (bnc#880344)
    
      - FS-Cache: Convert the object event ID #defines into an
        enum. (bnc#880344)
    
      - FS-Cache: Does not sleep in page release if __GFP_FS is
        not set. (bnc#880344)
    
      - FS-Cache: Does not use spin_is_locked() in assertions.
        (bnc#880344)
    
      - FS-Cache: Exclusive op submission can BUG if there is
        been an I/O error. (bnc#880344)
    
      - FS-Cache: Fix __wait_on_atomic_t() to call the action
        func if the counter != 0. (bnc#880344)
    
      - FS-Cache: Fix object state machine to have separate work
        and wait states. (bnc#880344)
    
      - FS-Cache: Fix operation state management and accounting.
        (bnc#880344)
    
      - FS-Cache: Fix signal handling during waits. (bnc#880344)
    
      - FS-Cache: Initialise the object event mask with the
        calculated mask. (bnc#880344)
    
      - FS-Cache: Limit the number of I/O error reports for a
        cache. (bnc#880344)
    
      - FS-Cache: Make cookie relinquishment wait for
        outstanding reads. (bnc#880344)
    
      - FS-Cache: Mark cancellation of in-progress operation.
        (bnc#880344)
    
      - FS-Cache: One of the write operation paths doeses not
        set the object state. (bnc#880344)
    
      - FS-Cache: Provide proper invalidation. (bnc#880344)
    
      - FS-Cache: Simplify cookie retention for fscache_objects,
        fixing oops. (bnc#880344)
    
      - FS-Cache: The retrieval remaining-pages counter needs to
        be atomic_t. (bnc#880344)
    
      - FS-Cache: Uninline fscache_object_init(). (bnc#880344)
    
      - FS-Cache: Wrap checks on object state. (bnc#880344)
    
      - HID: usbhid: add always-poll quirk. (bnc#888607)
    
      - HID: usbhid: enable always-poll quirk for Elan
        Touchscreen. (bnc#888607)
    
      - IB/iser: Add TIMEWAIT_EXIT event handling. (bnc#890297)
    
      - Ignore 'flags' change to event_constraint. (bnc#876114)
    
      - Ignore data_src/weight changes to perf_sample_data.
        (bnc#876114)
    
      - NFS: Allow more operations in an NFSv4.1 request.
        (bnc#890513)
    
      - NFS: Clean up helper function nfs4_select_rw_stateid().
        (bnc#888968)
    
      - NFS: Does not copy read delegation stateids in setattr.
        (bnc#888968)
    
      - NFS: Does not use a delegation to open a file when
        returning that delegation. (bnc#888968, bnc#892200,
        bnc#893596, bnc#893496)
    
      - NFS: Fixes for NFS RCU-walk support in line with code
        going upstream
    
      - NFS: Use FS-Cache invalidation. (bnc#880344)
    
      - NFS: allow lockless access to access_cache. (bnc#866130)
    
      - NFS: avoid mountpoint being displayed as ' (deleted)' in
        /proc/mounts. (bnc#888591)
    
      - NFS: nfs4_do_open should add negative results to the
        dcache. (bnc#866130)
    
      - NFS: nfs_migrate_page() does not wait for FS-Cache to
        finish with a page. (bnc#880344)
    
      - NFS: nfs_open_revalidate: only evaluate parent if it
        will be used. (bnc#866130)
    
      - NFS: prepare for RCU-walk support but pushing tests
        later in code. (bnc#866130)
    
      - NFS: support RCU_WALK in nfs_permission(). (bnc#866130)
    
      - NFS: teach nfs_lookup_verify_inode to handle LOOKUP_RCU.
        (bnc#866130)
    
      - NFS: teach nfs_neg_need_reval to understand LOOKUP_RCU.
        (bnc#866130)
    
      - NFSD: Does not hand out delegations for 30 seconds after
        recalling them. (bnc#880370)
    
      - NFSv4 set open access operation call flag in
        nfs4_init_opendata_res. (bnc#888968, bnc#892200,
        bnc#893596, bnc#893496)
    
      - NFSv4: Add a helper for encoding opaque data.
        (bnc#888968)
    
      - NFSv4: Add a helper for encoding stateids. (bnc#888968)
    
      - NFSv4: Add helpers for basic copying of stateids.
        (bnc#888968)
    
      - NFSv4: Clean up nfs4_select_rw_stateid(). (bnc#888968)
    
      - NFSv4: Fix the return value of nfs4_select_rw_stateid.
        (bnc#888968)
    
      - NFSv4: Rename nfs4_copy_stateid(). (bnc#888968)
    
      - NFSv4: Resend the READ/WRITE RPC call if a stateid
        change causes an error. (bnc#888968)
    
      - NFSv4: Simplify the struct nfs4_stateid. (bnc#888968)
    
      - NFSv4: The stateid must remain the same for replayed RPC
        calls. (bnc#888968)
    
      - NFSv4: nfs4_stateid_is_current should return 'true' for
        an invalid stateid. (bnc#888968)
    
      - One more fix for kABI breakage.
    
      - PCI: Lock down BAR access when module security is
        enabled. (bnc#884333)
    
      - PCI: enable MPS 'performance' setting to properly handle
        bridge MPS. (bnc#883376)
    
      - PM / Hibernate: Add memory_rtree_find_bit function.
        (bnc#860441)
    
      - PM / Hibernate: Create a Radix-Tree to store memory
        bitmap. (bnc#860441)
    
      - PM / Hibernate: Implement position keeping in radix
        tree. (bnc#860441)
    
      - PM / Hibernate: Iterate over set bits instead of PFNs in
        swsusp_free(). (bnc#860441)
    
      - PM / Hibernate: Remove the old memory-bitmap
        implementation. (bnc#860441)
    
      - PM / Hibernate: Touch Soft Lockup Watchdog in
        rtree_next_node. (bnc#860441)
    
      - Restrict /dev/mem and /dev/kmem when module loading is
        restricted. (bnc#884333)
    
      - Reuse existing 'state' field to indicate
        PERF_X86_EVENT_PEBS_LDLAT. (bnc#876114)
    
      - USB: handle LPM errors during device suspend correctly.
        (bnc#849123)
    
      - Update kabi files to reflect fscache change.
        (bnc#880344)
    
      - Update x86_64 config files: re-enable SENSORS_W83627EHF.
        (bnc#891281)
    
      - VFS: Make more complete truncate operation available to
        CacheFiles. (bnc#880344)
    
      - [FEAT NET1222] ib_uverbs: Allow explicit mmio trigger
        (FATE#83366, ltc#83367).
    
      - acpi: Ignore acpi_rsdp kernel parameter when module
        loading is restricted. (bnc#884333)
    
      - af_iucv: correct cleanup if listen backlog is full
        (bnc#885262, LTC#111728).
    
      - asus-wmi: Restrict debugfs interface when module loading
        is restricted. (bnc#884333)
    
      - autofs4: allow RCU-walk to walk through autofs4.
        (bnc#866130)
    
      - autofs4: avoid taking fs_lock during rcu-walk.
        (bnc#866130)
    
      - autofs4: does not take spinlock when not needed in
        autofs4_lookup_expiring. (bnc#866130)
    
      - autofs4: factor should_expire() out of
        autofs4_expire_indirect. (bnc#866130)
    
      - autofs4: make 'autofs4_can_expire' idempotent.
        (bnc#866130)
    
      - autofs4: remove a redundant assignment. (bnc#866130)
    
      - autofs: fix lockref lookup. (bnc#888591)
    
      - be2net: add dma_mapping_error() check for
        dma_map_page(). (bnc#881759)
    
      - block: add cond_resched() to potentially long running
        ioctl discard loop. (bnc#884725)
    
      - block: fix race between request completion and timeout
        handling. (bnc#881051)
    
      - cdc-ether: clean packet filter upon probe. (bnc#876017)
    
      - cpuset: Fix memory allocator deadlock. (bnc#876590)
    
      - crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not
        all archs have them, but some are FIPS certified, with
        some kernel support.
    
      - crypto: fips - only panic on bad/missing crypto mod
        signatures. (bnc#887503)
    
      - crypto: testmgr - allow aesni-intel and
        ghash_clmulni-intel in fips mode. (bnc#889451)
    
      - dasd: validate request size before building CCW/TCW
        (bnc#891087, LTC#114068).
    
      - dm mpath: fix race condition between multipath_dtr and
        pg_init_done. (bnc#826486)
    
      - dm-mpath: fix panic on deleting sg device. (bnc#870161)
    
      - drm/ast: AST2000 cannot be detected correctly.
        (bnc#895983)
    
      - drm/ast: Actually load DP501 firmware when required.
        (bnc#895608 / bnc#871134)
    
      - drm/ast: Add missing entry to dclk_table[].
    
      - drm/ast: Add reduced non reduced mode parsing for wide
        screen mode. (bnc#892723)
    
      - drm/ast: initial DP501 support (v0.2). (bnc#871134)
    
      - drm/ast: open key before detect chips. (bnc#895983)
    
      - drm/i915: Fix up cpt pixel multiplier enable sequence.
        (bnc#879304)
    
      - drm/i915: Only apply DPMS to the encoder if enabled.
        (bnc#893064)
    
      - drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver
        init. (bnc#869055)
    
      - drm/i915: create functions for the 'unclaimed register'
        checks. (bnc#869055)
    
      - drm/i915: use FPGA_DBG for the 'unclaimed register'
        checks. (bnc#869055)
    
      - drm/mgag200: Initialize data needed to map fbdev memory.
        (bnc#806990)
    
      - e1000e: enable support for new device IDs. (bnc#885509)
    
      - fs/fscache: remove spin_lock() from the condition in
        while(). (bnc#880344)
    
      - hibernate: Disable in a signed modules environment.
        (bnc#884333)
    
      - hugetlb: does not use ERR_PTR with VM_FAULT* values
    
      - ibmvscsi: Abort init sequence during error recovery.
        (bnc#885382)
    
      - ibmvscsi: Add memory barriers for send / receive.
        (bnc#885382)
    
      - inet: add a redirect generation id in inetpeer.
        (bnc#860593)
    
      - inetpeer: initialize ->redirect_genid in inet_getpeer().
        (bnc#860593)
    
      - ipv6: tcp: fix tcp_v6_conn_request(). (bnc#887645)
    
      - kabi: hide bnc#860593 changes of struct
        inetpeer_addr_base. (bnc#860593)
    
      - kernel: 3215 tty hang (bnc#891087, LTC#114562).
    
      - kernel: fix data corruption when reading /proc/sysinfo
        (bnc#891087, LTC#114480).
    
      - kernel: fix kernel oops with load of fpc register
        (bnc#889061, LTC#113596).
    
      - kernel: sclp console tty reference counting (bnc#891087,
        LTC#115466).
    
      - kexec: Disable at runtime if the kernel enforces module
        loading restrictions. (bnc#884333)
    
      - md/raid6: avoid data corruption during recovery of
        double-degraded RAID6.
    
      - memcg, vmscan: Fix forced scan of anonymous pages
        (memory reclaim fix).
    
      - memcg: do not expose uninitialized mem_cgroup_per_node
        to world. (bnc#883096)
    
      - mm, hugetlb: add VM_NORESERVE check in
        vma_has_reserves()
    
      - mm, hugetlb: change variable name reservations to resv
    
      - mm, hugetlb: decrement reserve count if VM_NORESERVE
        alloc page cache
    
      - mm, hugetlb: defer freeing pages when gathering surplus
        pages
    
      - mm, hugetlb: do not use a page in page cache for cow
        optimization
    
      - mm, hugetlb: fix and clean-up node iteration code to
        alloc or free
    
      - mm, hugetlb: fix race in region tracking
    
      - mm, hugetlb: fix subpool accounting handling
    
      - mm, hugetlb: improve page-fault scalability
    
      - mm, hugetlb: improve, cleanup resv_map parameters
    
      - mm, hugetlb: move up the code which check availability
        of free huge page
    
      - mm, hugetlb: protect reserved pages when soft offlining
        a hugepage
    
      - mm, hugetlb: remove decrement_hugepage_resv_vma()
    
      - mm, hugetlb: remove redundant list_empty check in
        gather_surplus_pages()
    
      - mm, hugetlb: remove resv_map_put
    
      - mm, hugetlb: remove useless check about mapping type
    
      - mm, hugetlb: return a reserved page to a reserved pool
        if failed
    
      - mm, hugetlb: trivial commenting fix
    
      - mm, hugetlb: unify region structure handling
    
      - mm, hugetlb: unify region structure handling kabi
    
      - mm, hugetlb: use long vars instead of int in
        region_count() (Hugetlb Fault Scalability).
    
      - mm, hugetlb: use vma_resv_map() map types
    
      - mm, oom: fix badness score underflow. (bnc#884582,
        bnc#884767)
    
      - mm, oom: normalize oom scores to oom_score_adj scale
        only for userspace. (bnc#884582, bnc#884767)
    
      - mm, thp: do not allow thp faults to avoid cpuset
        restrictions. (bnc#888849)
    
      - net/mlx4_core: Load higher level modules according to
        ports type. (bnc#887680)
    
      - net/mlx4_core: Load the IB driver when the device
        supports IBoE. (bnc#887680)
    
      - net/mlx4_en: Fix a race between napi poll function and
        RX ring cleanup. (bnc#863586)
    
      - net/mlx4_en: Fix selftest failing on non 10G link speed.
        (bnc#888058)
    
      - net: fix checksumming features handling in output path.
        (bnc#891259)
    
      - pagecache_limit: batch large nr_to_scan targets.
        (bnc#895221)
    
      - pagecachelimit: reduce lru_lock congestion for heavy
        parallel reclaim fix. (bnc#895680)
    
      - perf/core: Add weighted samples. (bnc#876114)
    
      - perf/x86: Add flags to event constraints. (bnc#876114)
    
      - perf/x86: Add memory profiling via PEBS Load Latency.
        (bnc#876114)
    
      - perf: Add generic memory sampling interface.
        (bnc#876114)
    
      - qla2xxx: Avoid escalating the SCSI error handler if the
        command is not found in firmware. (bnc#859840)
    
      - qla2xxx: Clear loop_id for ports that are marked lost
        during fabric scanning. (bnc#859840)
    
      - qla2xxx: Does not check for firmware hung during the
        reset context for ISP82XX. (bnc#859840)
    
      - qla2xxx: Issue abort command for outstanding commands
        during cleanup when only firmware is alive. (bnc#859840)
    
      - qla2xxx: Reduce the time we wait for a command to
        complete during SCSI error handling. (bnc#859840)
    
      - qla2xxx: Set host can_queue value based on available
        resources. (bnc#859840)
    
      - restore smp_mb() in unlock_new_inode(). (bnc#890526)
    
      - s390/pci: introduce lazy IOTLB flushing for DMA unmap
        (bnc#889061, LTC#113725).
    
      - sched: fix the theoretical signal_wake_up() vs
        schedule() race. (bnc#876055)
    
      - sclp_vt220: Enable integrated ASCII console per default
        (bnc#885262, LTC#112035).
    
      - scsi_dh: use missing accessor 'scsi_device_from_queue'.
        (bnc#889614)
    
      - scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail.
        (bnc#887608)
    
      - scsiback: correct grant page unmapping.
    
      - scsiback: fix retry handling in __report_luns().
    
      - scsiback: free resources after error.
    
      - sunrpc/auth: allow lockless (rcu) lookup of credential
        cache. (bnc#866130)
    
      - supported.conf: remove external from drivers/net/veth.
        (bnc#889727)
    
      - supported.conf: support net/sched/act_police.ko.
        (bnc#890426)
    
      - tcp: adapt selected parts of RFC 5682 and PRR logic.
        (bnc#879921)
    
      - tg3: Change nvram command timeout value to 50ms.
        (bnc#855657)
    
      - tg3: Override clock, link aware and link idle mode
        during NVRAM dump. (bnc#855657)
    
      - tg3: Set the MAC clock to the fastest speed during boot
        code load. (bnc#855657)
    
      - usb: Does not enable LPM if the exit latency is zero.
        (bnc#832309)
    
      - usbcore: Does not log on consecutive debounce failures
        of the same port. (bnc#888105)
    
      - usbhid: fix PIXART optical mouse. (bnc#888607)
    
      - uswsusp: Disable when module loading is restricted.
        (bnc#884333)
    
      - vscsi: support larger transfer sizes. (bnc#774818)
    
      - writeback: Do not sync data dirtied after sync start.
        (bnc#833820)
    
      - x86 thermal: Delete power-limit-notification console
        messages. (bnc#882317)
    
      - x86 thermal: Disable power limit notification interrupt
        by default. (bnc#882317)
    
      - x86 thermal: Re-enable power limit notification
        interrupt by default. (bnc#882317)
    
      - x86, cpu hotplug: Fix stack frame warning in
        check_irq_vectors_for_cpu_disable(). (bnc#887418)
    
      - x86/UV: Add call to KGDB/KDB from NMI handler.
        (bnc#888847)
    
      - x86/UV: Add kdump to UV NMI handler. (bnc#888847)
    
      - x86/UV: Add summary of cpu activity to UV NMI handler.
        (bnc#888847)
    
      - x86/UV: Move NMI support. (bnc#888847)
    
      - x86/UV: Update UV support for external NMI signals.
        (bnc#888847)
    
      - x86/uv/nmi: Fix Sparse warnings. (bnc#888847)
    
      - x86: Add check for number of available vectors before
        CPU down. (bnc#887418)
    
      - x86: Lock down IO port access when module security is
        enabled. (bnc#884333)
    
      - x86: Restrict MSR access when module loading is
        restricted. (bnc#884333)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=774818"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=806990"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=816708"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=826486"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=832309"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=849123"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=855657"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=859840"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=860441"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=860593"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=863586"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=866130"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=866615"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=866864"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=866911"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=869055"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=869934"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=870161"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=871797"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=876017"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=876055"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=876114"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=876590"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=879921"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=880344"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=880370"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=881051"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=881759"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=882317"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=882639"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=882804"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=882900"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=883376"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=883518"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=883724"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=884333"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=884582"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=884725"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=884767"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=885262"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=885382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=885422"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=885509"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=886840"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=887082"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=887503"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=887608"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=887645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=887680"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=888058"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=888105"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=888591"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=888607"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=888847"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=888849"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=888968"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=889061"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=889173"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=889451"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=889614"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=889727"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=890297"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=890426"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=890513"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=890526"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=891087"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=891259"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=891619"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=892200"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=892490"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=892723"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=893064"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=893496"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=893596"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=894200"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1979.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-1739.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-2706.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-3153.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-4027.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-4171.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-4508.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-4667.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-4943.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-5077.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-5471.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-5472.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2014-6410.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 9750.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Android "Towelroot" Futex Requeue Kernel Exploit');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:iscsitarget-kmp-bigsmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-bigsmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-bigsmp-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-bigsmp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ofed-kmp-bigsmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:oracleasm-kmp-bigsmp");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2014/09/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/23");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"kernel-bigsmp-devel-3.0.101-0.40.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"iscsitarget-kmp-bigsmp-1.4.20_3.0.101_0.40-0.38.83")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-bigsmp-3.0.101-0.40.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-bigsmp-base-3.0.101-0.40.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"kernel-bigsmp-devel-3.0.101-0.40.1")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"ofed-kmp-bigsmp-1.5.4.1_3.0.101_0.40-0.13.89")) flag++;
    if (rpm_check(release:"SLES11", sp:3, cpu:"x86_64", reference:"oracleasm-kmp-bigsmp-2.0.5_3.0.101_0.40-7.39.89")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0102.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id81070
    published2015-01-29
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81070
    titleRHEL 7 : kernel (RHSA-2015:0102)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2359-1.NASL
    descriptionJack Morgenstein reported a flaw in the page handling of the KVM (Kerenl Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. (CVE-2014-3601) Jason Gunthorpe reported a flaw with SCTP authentication in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (NULL pointer dereference and OOPS). (CVE-2014-5077) Chris Evans reported an flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id77821
    published2014-09-24
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77821
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-2359-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-9959.NASL
    descriptionThis update contains an important fix for NFS and a security fix for isofs CVE-2014-5471 and CVE-2014-5472. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-08-30
    plugin id77451
    published2014-08-30
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77451
    titleFedora 20 : kernel-3.15.10-201.fc20 (2014-9959)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-791.NASL
    descriptionThe openSUSE 12.3 kernel was updated to fix security issues : This will be the final kernel update for openSUSE 13.2 during its lifetime, which ends January 4th 2015. CVE-2014-9322: A local privilege escalation in the x86_64 32bit compatibility signal handling was fixed, which could be used by local attackers to crash the machine or execute code. CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite. CVE-2014-8133: Insufficient validation of TLS register usage could leak information from the kernel stack to userspace. CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. CVE-2014-8884: Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call. CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report. CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. CVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets. CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response. CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel might have allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c. CVE-2014-3182: Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel allowed physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value. CVE-2014-3181: Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event. CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. CVE-2013-7263: The Linux kernel updated certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. This update fixes the leak of the port number when using ipv6 sockets. (bsc#853040). CVE-2014-6410: The __udf_read_inode function in fs/udf/inode.c in the Linux kernel did not restrict the amount of ICB indirection, which allowed physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode. CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel allowed local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel allowed local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel allowed local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel, when SCTP authentication is enabled, allowed remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. CVE-2014-4171: mm/shmem.c in the Linux kernel did not properly implement the interaction between range notification and hole punching, which allowed local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call. CVE-2013-2888, CVE-2013-2889, CVE-2013-2890, CVE-2013-2891, CVE-2013-2892, CVE-2013-2893, CVE-2013-2894, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2898, CVE-2013-2899: Multiple issues in the Human Interface Device (HID) subsystem in the Linux kernel allowed physically proximate attackers to cause a denial of service or system crash via (heap-based out-of-bounds write) via a crafted device. (Not separately listed.) Other bugfixes : - xfs: mark all internal workqueues as freezable (bnc#899785). - target/rd: Refactor rd_build_device_space + rd_release_device_space (bnc#882639) - Enable CONFIG_ATH9K_HTC for armv7hl/omap2plus config (bnc#890624) - swiotlb: don
    last seen2020-06-05
    modified2014-12-22
    plugin id80150
    published2014-12-22
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80150
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-SU-2014:1669-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-793.NASL
    descriptionThe openSUSE 13.1 kernel was updated to fix security issues and bugs : Security issues fixed: CVE-2014-9322: A local privilege escalation in the x86_64 32bit compatibility signal handling was fixed, which could be used by local attackers to crash the machine or execute code. CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite. CVE-2014-8133: Insufficient validation of TLS register usage could leak information from the kernel stack to userspace. CVE-2014-0181: The Netlink implementation in the Linux kernel through 3.14.1 did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program. (bsc#875051) CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. CVE-2014-3688: The SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association
    last seen2020-06-05
    modified2014-12-22
    plugin id80152
    published2014-12-22
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80152
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-SU-2014:1677-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2355-1.NASL
    descriptionChris Evans reported an flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id77818
    published2014-09-24
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77818
    titleUbuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2355-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20150128_KERNEL_ON_SL7_X.NASL
    description - A flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2015-01-29
    plugin id81073
    published2015-01-29
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81073
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20150128)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-3107.NASL
    descriptionDescription of changes: [2.6.39-400.215.15.el6uek] - isofs: Fix unbounded recursion when processing relocated directories (Jan Kara) [Orabug: 20224060] {CVE-2014-5471} {CVE-2014-5472} - x86_64, traps: Stop using IST for #SS (Andy Lutomirski) [Orabug: 20224028] {CVE-2014-9090} {CVE-2014-9322}
    last seen2020-06-01
    modified2020-06-02
    plugin id80157
    published2014-12-22
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80157
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3107)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-3106.NASL
    descriptionDescription of changes: kernel-uek [3.8.13-55.1.2.el7uek] - isofs: Fix unbounded recursion when processing relocated directories (Jan Kara) [Orabug: 20224059] {CVE-2014-5471} {CVE-2014-5472} - x86_64, traps: Stop using IST for #SS (Andy Lutomirski) [Orabug: 20224027] {CVE-2014-9090} {CVE-2014-9322}
    last seen2020-06-01
    modified2020-06-02
    plugin id80156
    published2014-12-22
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80156
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3106)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20141216_KERNEL_ON_SL6_X.NASL
    description - A flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2014-12-18
    plugin id80099
    published2014-12-18
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80099
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20141216)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-103.NASL
    descriptionThis security upload has been prepared in cooperation of the Debian Kernel, Security and LTS Teams and features the upstream stable release 2.6.32.64 (see https://lkml.org/lkml/2014/11/23/181 for more information for that). It fixes the CVEs described below. Note: if you are using the openvz flavors, please consider three things: a.) we haven
    last seen2020-03-17
    modified2015-03-26
    plugin id82087
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82087
    titleDebian DLA-103-1 : linux-2.6 security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-1997.NASL
    descriptionFrom Red Hat Security Advisory 2014:1997 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important) * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id80070
    published2014-12-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80070
    titleOracle Linux 6 : kernel (ELSA-2014-1997)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0803.NASL
    descriptionUpdated kernel packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id82790
    published2015-04-15
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82790
    titleRHEL 6 : kernel (RHSA-2015:0803)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2014-201.NASL
    descriptionMultiple vulnerabilities has been found and corrected in the Linux kernel : The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings (CVE-2014-3122). Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event (CVE-2014-3181). Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value (CVE-2014-3182). The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (CVE-2014-3184). Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (CVE-2014-3185). Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report (CVE-2014-3186). arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call (CVE-2014-3534). The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages (CVE-2014-3601). The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction (CVE-2014-5077). The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a mount -o remount command within a user namespace (CVE-2014-5206). Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry (CVE-2014-5471). The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry (CVE-2014-5472). The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode (CVE-2014-6410). The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call (CVE-2014-7975). The updated packages provides a solution for these security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id78617
    published2014-10-22
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78617
    titleMandriva Linux Security Advisory : kernel (MDVSA-2014:201)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2014-3108.NASL
    descriptionDescription of changes: kernel-uek [2.6.32-400.36.13.el6uek] - net: guard tcp_set_keepalive() to tcp sockets (Eric Dumazet) [Orabug: 20224099] {CVE-2012-6657} - isofs: Fix unbounded recursion when processing relocated directories (Jan Kara) [Orabug: 20224061] {CVE-2014-5471} {CVE-2014-5472} - x86_64, traps: Stop using IST for #SS (Andy Lutomirski) [Orabug: 20224029] {CVE-2014-9090} {CVE-2014-9322}
    last seen2020-06-01
    modified2020-06-02
    plugin id80158
    published2014-12-22
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80158
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3108)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2015-0102.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id81089
    published2015-01-30
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81089
    titleCentOS 7 : kernel (CESA-2015:0102)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2354-1.NASL
    descriptionChris Evans reported an flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id77817
    published2014-09-24
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77817
    titleUbuntu 10.04 LTS : linux vulnerabilities (USN-2354-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1997.NASL
    descriptionUpdated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important) * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id80072
    published2014-12-17
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80072
    titleRHEL 6 : kernel (RHSA-2014:1997)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0057.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id99163
    published2017-04-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99163
    titleOracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-3012.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id81966
    published2015-03-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81966
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3012)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-10312.NASL
    descriptionUpdate to the latest upstream stable release, Linux v3.16.2. Various fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-09-23
    plugin id77787
    published2014-09-23
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77787
    titleFedora 21 : kernel-3.16.2-300.fc21 (2014-10312)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-0481-1.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 2 LTSS kernel has been updated to fix security issues on kernels on the x86_64 architecture. The following security bugs have been fixed : - CVE-2012-4398: The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application (bnc#779488). - CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c (bnc#835839). - CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (bnc#835839). - CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (bnc#835839). - CVE-2013-2929: The Linux kernel before 3.12.2 did not properly use the get_dumpable function, which allowed local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h (bnc#847652). - CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c (bnc#857643). - CVE-2014-0131: Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allowed attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation (bnc#867723). - CVE-2014-0181: The Netlink implementation in the Linux kernel through 3.14.1 did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051). - CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 did not properly count the addition of routes, which allowed remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets (bnc#867531). - CVE-2014-3181: Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event (bnc#896382). - CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might have allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). - CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). - CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report (bnc#896392). - CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages (bnc#892782). - CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192). - CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). - CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). - CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346). - CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter (bnc#902349). - CVE-2014-3688: The SCTP implementation in the Linux kernel before 3.17.4 allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an associations output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351). - CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors did not ensure that the value in the CR4 control register remains the same after a VM entry, which allowed host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU (bnc#902232). - CVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run (bnc#883948). - CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allowed local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (bnc#887082). - CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allowed local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry (bnc#892490). - CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allowed local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry (bnc#892490). - CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (bnc#904013). - CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (bnc#905100). - CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313 (bnc#905312). - CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which made it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value (bnc#909078). - CVE-2014-8369: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allowed guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601 (bnc#902675). - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 did not properly maintain the semantics of rename_lock, which allowed local users to cause a denial of service (deadlock and system hang) via a crafted application (bnc#903640). - CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets (bnc#904700). - CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image (bnc#912654). - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD (bnc#912705). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id83696
    published2015-05-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83696
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2015:0481-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KERNEL-140924.NASL
    descriptionThe SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed : - The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call. (bnc#882804). (CVE-2014-1739) - mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call. (bnc#883518). (CVE-2014-4171) - arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. (bnc#883724). (CVE-2014-4508) - The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. (bnc#885422). (CVE-2014-4667) - The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. (bnc#887082). (CVE-2014-4943) - The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. (bnc#889173). (CVE-2014-5077) - Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. (bnc#892490). (CVE-2014-5471) - The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. (bnc#892490). (CVE-2014-5472) - Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. (bnc#871797). (CVE-2014-2706) - The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (bnc#882639). (CVE-2014-4027) - The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. (bnc#880892). (CVE-2014-3153) - Avoid infinite loop when processing indirect ICBs (bnc#896689) The following non-security bugs have been fixed:. (CVE-2014-6410) - ACPI / PAD: call schedule() when need_resched() is true. (bnc#866911) - ACPI: Fix bug when ACPI reset register is implemented in system memory. (bnc#882900) - ACPI: Limit access to custom_method. (bnc#884333) - ALSA: hda - Enabling Realtek ALC 671 codec. (bnc#891746) - Add option to automatically enforce module signatures when in Secure Boot mode. (bnc#884333) - Add secure_modules() call. (bnc#884333) - Add wait_on_atomic_t() and wake_up_atomic_t(). (bnc#880344) - Backported new patches of Lock down functions for UEFI secure boot Also updated series.conf and removed old patches. - Btrfs: Return EXDEV for cross file system snapshot. - Btrfs: abort the transaction when we does not find our extent ref. - Btrfs: avoid warning bomb of btrfs_invalidate_inodes. - Btrfs: cancel scrub on transaction abortion. - Btrfs: correctly set profile flags on seqlock retry. - Btrfs: does not check nodes for extent items. - Btrfs: fix a possible deadlock between scrub and transaction committing. - Btrfs: fix corruption after write/fsync failure + fsync + log recovery. (bnc#894200) - Btrfs: fix csum tree corruption, duplicate and outdated checksums. (bnc#891619) - Btrfs: fix double free in find_lock_delalloc_range. - Btrfs: fix possible memory leak in btrfs_create_tree(). - Btrfs: fix use of uninit
    last seen2020-06-05
    modified2014-10-23
    plugin id78650
    published2014-10-23
    reporterThis script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78650
    titleSuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9746 / 9749 / 9751)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2358-1.NASL
    descriptionJack Morgenstein reported a flaw in the page handling of the KVM (Kerenl Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. (CVE-2014-3601) Jason Gunthorpe reported a flaw with SCTP authentication in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (NULL pointer dereference and OOPS). (CVE-2014-5077) Chris Evans reported an flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id77820
    published2014-09-24
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77820
    titleUbuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2358-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0290.NASL
    descriptionThe remote Oracle Linux host is missing a security update for one or more kernel-related packages.
    last seen2020-06-01
    modified2020-06-02
    plugin id81800
    published2015-03-13
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81800
    titleOracle Linux 7 : kernel (ELSA-2015-0290)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1481.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A race condition flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id124805
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124805
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1481)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1486.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel
    last seen2020-03-19
    modified2019-05-13
    plugin id124810
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124810
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1486)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2015-0040.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0040 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id82691
    published2015-04-10
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/82691
    titleOracleVM 3.3 : kernel-uek (OVMSA-2015-0040)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2015-0102.NASL
    descriptionFrom Red Hat Security Advisory 2015:0102 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id81067
    published2015-01-29
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81067
    titleOracle Linux 7 : kernel (ELSA-2015-0102)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1318.NASL
    descriptionUpdated Red Hat Enterprise MRG Realtime packages that fix multiple security issues and add one enhancement are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Realtime provides the highest levels of predictability for consistent low-latency response times to meet the needs of time-sensitive workloads. MRG Realtime also provides new levels of determinism by optimizing lengthy kernel code paths to ensure that they do not become bottlenecks. This allows for better prioritization of applications, resulting in consistent, predictable response times for high-priority applications. * An out-of-bounds write flaw was found in the way the Apple Magic Mouse/Trackpad multi-touch driver handled Human Interface Device (HID) reports with an invalid size. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3181, Moderate) * A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3185, Moderate) * A race condition flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id78006
    published2014-10-01
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/78006
    titleRHEL 6 : MRG (RHSA-2014:1318)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2356-1.NASL
    descriptionJack Morgenstein reported a flaw in the page handling of the KVM (Kerenl Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. (CVE-2014-3601) Chris Evans reported an flaw in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id77819
    published2014-09-24
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77819
    titleUbuntu 12.04 LTS : linux vulnerabilities (USN-2356-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2014-11008.NASL
    descriptionThe 3.14.19 stable update contains a number of important fixes across the tree. The 3.14.18 stable update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2014-09-30
    plugin id77974
    published2014-09-30
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77974
    titleFedora 19 : kernel-3.14.19-100.fc19 (2014-11008)

Redhat

advisories
  • rhsa
    idRHSA-2014:1318
  • rhsa
    idRHSA-2015:0102
  • rhsa
    idRHSA-2015:0695
  • rhsa
    idRHSA-2015:0782
  • rhsa
    idRHSA-2015:0803
rpms
  • kernel-rt-0:3.10.33-rt32.51.el6rt
  • kernel-rt-debug-0:3.10.33-rt32.51.el6rt
  • kernel-rt-debug-debuginfo-0:3.10.33-rt32.51.el6rt
  • kernel-rt-debug-devel-0:3.10.33-rt32.51.el6rt
  • kernel-rt-debuginfo-0:3.10.33-rt32.51.el6rt
  • kernel-rt-debuginfo-common-x86_64-0:3.10.33-rt32.51.el6rt
  • kernel-rt-devel-0:3.10.33-rt32.51.el6rt
  • kernel-rt-doc-0:3.10.33-rt32.51.el6rt
  • kernel-rt-firmware-0:3.10.33-rt32.51.el6rt
  • kernel-rt-trace-0:3.10.33-rt32.51.el6rt
  • kernel-rt-trace-debuginfo-0:3.10.33-rt32.51.el6rt
  • kernel-rt-trace-devel-0:3.10.33-rt32.51.el6rt
  • kernel-rt-vanilla-0:3.10.33-rt32.51.el6rt
  • kernel-rt-vanilla-debuginfo-0:3.10.33-rt32.51.el6rt
  • kernel-rt-vanilla-devel-0:3.10.33-rt32.51.el6rt
  • kernel-0:2.6.32-504.3.3.el6
  • kernel-abi-whitelists-0:2.6.32-504.3.3.el6
  • kernel-bootwrapper-0:2.6.32-504.3.3.el6
  • kernel-debug-0:2.6.32-504.3.3.el6
  • kernel-debug-debuginfo-0:2.6.32-504.3.3.el6
  • kernel-debug-devel-0:2.6.32-504.3.3.el6
  • kernel-debuginfo-0:2.6.32-504.3.3.el6
  • kernel-debuginfo-common-i686-0:2.6.32-504.3.3.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-504.3.3.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-504.3.3.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-504.3.3.el6
  • kernel-devel-0:2.6.32-504.3.3.el6
  • kernel-doc-0:2.6.32-504.3.3.el6
  • kernel-firmware-0:2.6.32-504.3.3.el6
  • kernel-headers-0:2.6.32-504.3.3.el6
  • kernel-kdump-0:2.6.32-504.3.3.el6
  • kernel-kdump-debuginfo-0:2.6.32-504.3.3.el6
  • kernel-kdump-devel-0:2.6.32-504.3.3.el6
  • perf-0:2.6.32-504.3.3.el6
  • perf-debuginfo-0:2.6.32-504.3.3.el6
  • python-perf-0:2.6.32-504.3.3.el6
  • python-perf-debuginfo-0:2.6.32-504.3.3.el6
  • kernel-0:3.10.0-123.20.1.el7
  • kernel-abi-whitelists-0:3.10.0-123.20.1.el7
  • kernel-bootwrapper-0:3.10.0-123.20.1.el7
  • kernel-debug-0:3.10.0-123.20.1.el7
  • kernel-debug-debuginfo-0:3.10.0-123.20.1.el7
  • kernel-debug-devel-0:3.10.0-123.20.1.el7
  • kernel-debuginfo-0:3.10.0-123.20.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-123.20.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-123.20.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-123.20.1.el7
  • kernel-devel-0:3.10.0-123.20.1.el7
  • kernel-doc-0:3.10.0-123.20.1.el7
  • kernel-headers-0:3.10.0-123.20.1.el7
  • kernel-kdump-0:3.10.0-123.20.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-123.20.1.el7
  • kernel-kdump-devel-0:3.10.0-123.20.1.el7
  • kernel-tools-0:3.10.0-123.20.1.el7
  • kernel-tools-debuginfo-0:3.10.0-123.20.1.el7
  • kernel-tools-libs-0:3.10.0-123.20.1.el7
  • kernel-tools-libs-devel-0:3.10.0-123.20.1.el7
  • perf-0:3.10.0-123.20.1.el7
  • perf-debuginfo-0:3.10.0-123.20.1.el7
  • python-perf-0:3.10.0-123.20.1.el7
  • python-perf-debuginfo-0:3.10.0-123.20.1.el7
  • kernel-0:2.6.32-220.60.2.el6
  • kernel-debug-0:2.6.32-220.60.2.el6
  • kernel-debug-debuginfo-0:2.6.32-220.60.2.el6
  • kernel-debug-devel-0:2.6.32-220.60.2.el6
  • kernel-debuginfo-0:2.6.32-220.60.2.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-220.60.2.el6
  • kernel-devel-0:2.6.32-220.60.2.el6
  • kernel-doc-0:2.6.32-220.60.2.el6
  • kernel-firmware-0:2.6.32-220.60.2.el6
  • kernel-headers-0:2.6.32-220.60.2.el6
  • perf-0:2.6.32-220.60.2.el6
  • perf-debuginfo-0:2.6.32-220.60.2.el6
  • python-perf-0:2.6.32-220.60.2.el6
  • python-perf-debuginfo-0:2.6.32-220.60.2.el6
  • kernel-0:2.6.32-431.53.2.el6
  • kernel-abi-whitelists-0:2.6.32-431.53.2.el6
  • kernel-bootwrapper-0:2.6.32-431.53.2.el6
  • kernel-debug-0:2.6.32-431.53.2.el6
  • kernel-debug-debuginfo-0:2.6.32-431.53.2.el6
  • kernel-debug-devel-0:2.6.32-431.53.2.el6
  • kernel-debuginfo-0:2.6.32-431.53.2.el6
  • kernel-debuginfo-common-i686-0:2.6.32-431.53.2.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-431.53.2.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-431.53.2.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-431.53.2.el6
  • kernel-devel-0:2.6.32-431.53.2.el6
  • kernel-doc-0:2.6.32-431.53.2.el6
  • kernel-firmware-0:2.6.32-431.53.2.el6
  • kernel-headers-0:2.6.32-431.53.2.el6
  • kernel-kdump-0:2.6.32-431.53.2.el6
  • kernel-kdump-debuginfo-0:2.6.32-431.53.2.el6
  • kernel-kdump-devel-0:2.6.32-431.53.2.el6
  • perf-0:2.6.32-431.53.2.el6
  • perf-debuginfo-0:2.6.32-431.53.2.el6
  • python-perf-0:2.6.32-431.53.2.el6
  • python-perf-debuginfo-0:2.6.32-431.53.2.el6
  • kernel-0:2.6.32-358.59.1.el6
  • kernel-bootwrapper-0:2.6.32-358.59.1.el6
  • kernel-debug-0:2.6.32-358.59.1.el6
  • kernel-debug-debuginfo-0:2.6.32-358.59.1.el6
  • kernel-debug-devel-0:2.6.32-358.59.1.el6
  • kernel-debuginfo-0:2.6.32-358.59.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-358.59.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-358.59.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-358.59.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-358.59.1.el6
  • kernel-devel-0:2.6.32-358.59.1.el6
  • kernel-doc-0:2.6.32-358.59.1.el6
  • kernel-firmware-0:2.6.32-358.59.1.el6
  • kernel-headers-0:2.6.32-358.59.1.el6
  • kernel-kdump-0:2.6.32-358.59.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-358.59.1.el6
  • kernel-kdump-devel-0:2.6.32-358.59.1.el6
  • perf-0:2.6.32-358.59.1.el6
  • perf-debuginfo-0:2.6.32-358.59.1.el6
  • python-perf-0:2.6.32-358.59.1.el6
  • python-perf-debuginfo-0:2.6.32-358.59.1.el6