Vulnerabilities > CVE-2014-9420 - Resource Management Errors vulnerability in Linux Kernel
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2492-1.NASL description Andy Lutomirski discovered an information leak in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 81165 published 2015-02-04 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81165 title Ubuntu 12.04 LTS : linux vulnerabilities (USN-2492-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2492-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(81165); script_version("1.12"); script_cvs_date("Date: 2019/09/19 12:54:31"); script_cve_id("CVE-2014-8133", "CVE-2014-8559", "CVE-2014-9420"); script_bugtraq_id(70854, 71684, 71717); script_xref(name:"USN", value:"2492-1"); script_name(english:"Ubuntu 12.04 LTS : linux vulnerabilities (USN-2492-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133) A flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). (CVE-2014-8559) Prasad J Pandit reported a flaw in the rock_continue function of the Linux kernel's ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang). (CVE-2014-9420). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2492-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/10"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2014-8133", "CVE-2014-8559", "CVE-2014-9420"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2492-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-76-generic", pkgver:"3.2.0-76.111")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-76-generic-pae", pkgver:"3.2.0-76.111")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-76-highbank", pkgver:"3.2.0-76.111")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.2.0-76-virtual", pkgver:"3.2.0-76.111")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.2-generic / linux-image-3.2-generic-pae / etc"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1472.NASL description According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The hid_input_field() function in last seen 2020-03-19 modified 2019-05-13 plugin id 124796 published 2019-05-13 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124796 title EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1472) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124796); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19"); script_cve_id( "CVE-2013-2892", "CVE-2014-2568", "CVE-2014-7843", "CVE-2014-9420", "CVE-2014-9529", "CVE-2014-9730", "CVE-2016-2070", "CVE-2016-2383", "CVE-2016-3134", "CVE-2016-4568", "CVE-2016-6327", "CVE-2016-7915", "CVE-2016-9754", "CVE-2017-16525", "CVE-2017-18079", "CVE-2017-18204", "CVE-2017-7261", "CVE-2017-9605", "CVE-2018-1094", "CVE-2018-16276" ); script_bugtraq_id( 62049, 66348, 71082, 71717, 71880, 74964 ); script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1472)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization for ARM 64 host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The hid_input_field() function in 'drivers/hid/hid-core.c' in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device.(CVE-2016-7915i1/4%0 - The Linux kernel, before version 4.14.2, is vulnerable to a deadlock caused by fs/ocfs2/file.c:ocfs2_setattr(), as the function does not wait for DIO requests before locking the inode. This can be exploited by local users to cause a subsequent denial of service.(CVE-2017-18204i1/4%0 - The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call.(CVE-2017-9605i1/4%0 - Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.(CVE-2014-2568i1/4%0 - It was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service.(CVE-2014-9420i1/4%0 - An integer overflow vulnerability was found in the ring_buffer_resize() calculations in which a privileged user can adjust the size of the ringbuffer message size. These calculations can create an issue where the kernel memory allocator will not allocate the correct count of pages yet expect them to be usable. This can lead to the ftrace() output to appear to corrupt kernel memory and possibly be used for privileged escalation or more likely kernel panic.(CVE-2016-9754i1/4%0 - A symlink size validation was missing in Linux kernels built with UDF file system (CONFIG_UDF_FS) support, allowing the corruption of kernel memory. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash.(CVE-2014-9730i1/4%0 - In was found that in the Linux kernel, in vmw_surface_define_ioctl() function in 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file, a 'num_sizes' parameter is assigned a user-controlled value which is not checked if it is zero. This is used in a call to kmalloc() and later leads to dereferencing ZERO_SIZE_PTR, which in turn leads to a GPF and possibly to a kernel panic.(CVE-2017-7261i1/4%0 - A race condition flaw was found in the way the Linux kernel keys management subsystem performed key garbage collection. A local attacker could attempt accessing a key while it was being garbage collected, which would cause the system to crash.(CVE-2014-9529i1/4%0 - A flaw was found in the Linux kernel's implementation of i8042 serial ports. An attacker could cause a kernel panic if they are able to add and remove devices as the module is loaded.(CVE-2017-18079i1/4%0 - drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.(CVE-2013-2892i1/4%0 - The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary.(CVE-2014-7843i1/4%0 - A divide-by-zero vulnerability was found in a way the kernel processes TCP connections. The error can occur if a connection starts another cwnd reduction phase by setting tp-i1/4zprior_cwnd to the current cwnd (0) in tcp_init_cwnd_reduction(). A remote, unauthenticated attacker could use this flaw to crash the kernel (denial of service).(CVE-2016-2070i1/4%0 - The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.(CVE-2016-2383i1/4%0 - System using the infiniband support module ib_srpt were vulnerable to a denial of service by system crash by a local attacker who is able to abort writes to a device using this initiator.(CVE-2016-6327i1/4%0 - A security flaw was found in the Linux kernel in the mark_source_chains() function in 'net/ipv4/netfilter/ip_tables.c'. It is possible for a user-supplied 'ipt_entry' structure to have a large 'next_offset' field. This field is not bounds checked prior to writing to a counter value at the supplied offset.(CVE-2016-3134i1/4%0 - An out-of-bounds access issue was discovered in yurex_read() in drivers/usb/misc/yurex.c in the Linux kernel. A local attacker could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.(CVE-2018-16276i1/4%0 - drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call.(CVE-2016-4568i1/4%0 - The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel, before 4.13.8, allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.(CVE-2017-16525i1/4%0 - The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/xattr.c:ext4_xattr_inode_hash() function. An attacker could trick a legitimate user or a privileged attacker could exploit this to cause a NULL pointer dereference with a crafted ext4 image. (CVE-2018-1094) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1472 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?349d271e"); script_set_attribute(attribute:"solution", value: "Update the affected kernel packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-16276"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu); flag = 0; pkgs = ["kernel-4.19.28-1.2.117", "kernel-devel-4.19.28-1.2.117", "kernel-headers-4.19.28-1.2.117", "kernel-tools-4.19.28-1.2.117", "kernel-tools-libs-4.19.28-1.2.117", "kernel-tools-libs-devel-4.19.28-1.2.117", "perf-4.19.28-1.2.117", "python-perf-4.19.28-1.2.117"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-1272.NASL description The remote Oracle Linux host is missing a security update for one or more kernel-related packages. last seen 2020-06-01 modified 2020-06-02 plugin id 85097 published 2015-07-30 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85097 title Oracle Linux 6 : kernel (ELSA-2015-1272) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Oracle Linux Security Advisory ELSA-2015-1272. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(85097); script_version("2.3"); script_cvs_date("Date: 2018/09/17 21:46:53"); script_cve_id( "CVE-2011-5321", "CVE-2012-6657", "CVE-2014-3184", "CVE-2014-3185", "CVE-2014-3215", "CVE-2014-3610", "CVE-2014-3611", "CVE-2014-3645", "CVE-2014-3646", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-3690", "CVE-2014-3940", "CVE-2014-4652", "CVE-2014-4656", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-6410", "CVE-2014-7822", "CVE-2014-7825", "CVE-2014-7826", "CVE-2014-7841", "CVE-2014-8133", "CVE-2014-8159", "CVE-2014-8369", "CVE-2014-8709", "CVE-2014-8884", "CVE-2014-9322", "CVE-2014-9419", "CVE-2014-9420", "CVE-2014-9529", "CVE-2014-9584", "CVE-2014-9585", "CVE-2014-9683", "CVE-2015-0239", "CVE-2015-1593", "CVE-2015-1805", "CVE-2015-2830", "CVE-2015-2922", "CVE-2015-3331", "CVE-2015-3339", "CVE-2015-3636" ); script_name(english:"Oracle Linux 6 : kernel (ELSA-2015-1272)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote Oracle Linux host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Oracle Linux host is missing a security update for one or more kernel-related packages."); script_set_attribute(attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2015-July/005242.html"); script_set_attribute(attribute:"solution", value:"Update the affected kernel packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-abi-whitelists"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-firmware"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"kernel-2.6.32-573.el6")) flag++; if (rpm_check(release:"EL6", reference:"kernel-abi-whitelists-2.6.32-573.el6")) flag++; if (rpm_check(release:"EL6", reference:"kernel-debug-2.6.32-573.el6")) flag++; if (rpm_check(release:"EL6", reference:"kernel-debug-devel-2.6.32-573.el6")) flag++; if (rpm_check(release:"EL6", reference:"kernel-devel-2.6.32-573.el6")) flag++; if (rpm_check(release:"EL6", reference:"kernel-doc-2.6.32-573.el6")) flag++; if (rpm_check(release:"EL6", reference:"kernel-firmware-2.6.32-573.el6")) flag++; if (rpm_check(release:"EL6", reference:"kernel-headers-2.6.32-573.el6")) flag++; if (rpm_check(release:"EL6", reference:"perf-2.6.32-573.el6")) flag++; if (rpm_check(release:"EL6", reference:"python-perf-2.6.32-573.el6")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-0812-1.NASL description The SUSE Linux Enterprise 10 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs have been fixed : CVE-2015-2041: A information leak in the llc2_timeout_table was fixed (bnc#919007). CVE-2014-9322: arch/x86/kernel/entry_64.S in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space (bnc#910251). CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the 1-clock-tests test suite (bnc#907818). CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel did not properly manage a certain backlog value, which allowed remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet (bnc#885422). CVE-2014-3673: The SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346). CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel might have allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). CVE-2014-1874: The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel allowed local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context (bnc#863335). CVE-2014-0181: The Netlink implementation in the Linux kernel did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051). CVE-2013-4299: Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel allowed remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device (bnc#846404). CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel did not initialize certain data structures, which allowed local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c (bnc#823260). CVE-2012-6657: The sock_setsockopt function in net/core/sock.c in the Linux kernel did not ensure that a keepalive action is associated with a stream socket, which allowed local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket (bnc#896779). CVE-2012-3400: Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel allowed remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem (bnc#769784). CVE-2012-2319: Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel allowed local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020 (bnc#760902). CVE-2012-2313: The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel did not restrict access to the SIOCSMIIREG command, which allowed local users to write data to an Ethernet adapter via an ioctl call (bnc#758813). CVE-2011-4132: The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allowed local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an last seen 2020-06-01 modified 2020-06-02 plugin id 83723 published 2015-05-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83723 title SUSE SLES10 Security Update : kernel (SUSE-SU-2015:0812-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2015:0812-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(83723); script_version("2.21"); script_cvs_date("Date: 2019/09/11 11:22:12"); script_cve_id("CVE-2009-4020", "CVE-2011-1090", "CVE-2011-1163", "CVE-2011-1476", "CVE-2011-1477", "CVE-2011-1493", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1585", "CVE-2011-4127", "CVE-2011-4132", "CVE-2011-4913", "CVE-2011-4914", "CVE-2012-2313", "CVE-2012-2319", "CVE-2012-3400", "CVE-2012-6657", "CVE-2013-2147", "CVE-2013-4299", "CVE-2013-6405", "CVE-2013-6463", "CVE-2014-0181", "CVE-2014-1874", "CVE-2014-3184", "CVE-2014-3185", "CVE-2014-3673", "CVE-2014-3917", "CVE-2014-4652", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-4656", "CVE-2014-4667", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-9090", "CVE-2014-9322", "CVE-2014-9420", "CVE-2014-9584", "CVE-2015-2041"); script_bugtraq_id(46766, 46878, 46935, 47007, 47009, 47185, 47381, 50663, 51176, 53401, 53965, 54279, 60280, 63183, 63999, 64669, 65459, 67034, 67699, 68162, 68163, 68164, 68170, 68224, 69396, 69428, 69768, 69781, 69803, 70883, 71250, 71685, 71717, 71883, 72729); script_name(english:"SUSE SLES10 Security Update : kernel (SUSE-SU-2015:0812-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The SUSE Linux Enterprise 10 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs have been fixed : CVE-2015-2041: A information leak in the llc2_timeout_table was fixed (bnc#919007). CVE-2014-9322: arch/x86/kernel/entry_64.S in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space (bnc#910251). CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the 1-clock-tests test suite (bnc#907818). CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel did not properly manage a certain backlog value, which allowed remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet (bnc#885422). CVE-2014-3673: The SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346). CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel might have allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). CVE-2014-1874: The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel allowed local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context (bnc#863335). CVE-2014-0181: The Netlink implementation in the Linux kernel did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051). CVE-2013-4299: Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel allowed remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device (bnc#846404). CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel did not initialize certain data structures, which allowed local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c (bnc#823260). CVE-2012-6657: The sock_setsockopt function in net/core/sock.c in the Linux kernel did not ensure that a keepalive action is associated with a stream socket, which allowed local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket (bnc#896779). CVE-2012-3400: Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel allowed remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem (bnc#769784). CVE-2012-2319: Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel allowed local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020 (bnc#760902). CVE-2012-2313: The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel did not restrict access to the SIOCSMIIREG command, which allowed local users to write data to an Ethernet adapter via an ioctl call (bnc#758813). CVE-2011-4132: The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allowed local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an 'invalid log first block value' (bnc#730118). CVE-2011-4127: The Linux kernel did not properly restrict SG_IO ioctl calls, which allowed local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume (bnc#738400). CVE-2011-1585: The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel did not properly determine the associations between users and sessions, which allowed local users to bypass CIFS share authentication by leveraging a mount of a share by a different user (bnc#687812). CVE-2011-1494: Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel might have allowed local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow (bnc#685402). CVE-2011-1495: drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel did not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions (bnc#685402). CVE-2011-1493: Array index error in the rose_parse_national function in net/rose/rose_subr.c in the Linux kernel allowed remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by composing FAC_NATIONAL_DIGIS data that specifies a large number of digipeaters, and then sending this data to a ROSE socket (bnc#681175). CVE-2011-4913: The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel did not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allowed remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket (bnc#681175). CVE-2011-4914: The ROSE protocol implementation in the Linux kernel did not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket (bnc#681175). CVE-2011-1476: Integer underflow in the Open Sound System (OSS) subsystem in the Linux kernel on unspecified non-x86 platforms allowed local users to cause a denial of service (memory corruption) by leveraging write access to /dev/sequencer (bnc#681999). CVE-2011-1477: Multiple array index errors in sound/oss/opl3.c in the Linux kernel allowed local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer (bnc#681999). CVE-2011-1163: The osf_partition function in fs/partitions/osf.c in the Linux kernel did not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing (bnc#679812). CVE-2011-1090: The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel stored NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allowed local users to cause a denial of service (panic) via a crafted attempt to set an ACL (bnc#677286). CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image (bnc#912654). CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the Linux kernel did not restrict the number of Rock Ridge continuation entries, which allowed local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image (bnc#911325). CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel allowed local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry (bnc#892490). CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel allowed local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry (bnc#892490). CVE-2014-3917: kernel/auditsc.c in the Linux kernel, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allowed local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number (bnc#880484). CVE-2014-4652: Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel allowed local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access (bnc#883795). CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel did not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allowed local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call (bnc#883795). CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel did not properly maintain the user_ctl_count value, which allowed local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls (bnc#883795). CVE-2014-4653: sound/core/control.c in the ALSA control implementation in the Linux kernel did not ensure possession of a read/write lock, which allowed local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access (bnc#883795). CVE-2014-4656: Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel allowed local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function (bnc#883795). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=677286" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=679812" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=681175" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=681999" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=683282" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=685402" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=687812" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=730118" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=730200" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=738400" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=758813" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=760902" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=769784" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=823260" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=846404" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=853040" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=854722" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=863335" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=874307" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=875051" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=880484" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=883223" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=883795" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=885422" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=891844" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=892490" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=896390" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=896391" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=896779" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=902346" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=907818" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=908382" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=910251" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=911325" ); # https://download.suse.com/patch/finder/?keywords=15c960abc4733df91b510dfe4ba2ac6d script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0c2a8dc0" ); # https://download.suse.com/patch/finder/?keywords=2a99948c9c3be4a024a9fa4d408002be script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bb8d1095" ); # https://download.suse.com/patch/finder/?keywords=53c468d2b277f3335fcb5ddb08bda2e4 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0e08f301" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2011-1090/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2011-1163/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2011-1476/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2011-1477/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2011-1493/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2011-1494/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2011-1495/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2011-1585/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2011-4127/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2011-4132/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2011-4913/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2011-4914/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2012-2313/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2012-2319/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2012-3400/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2012-6657/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2013-2147/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2013-4299/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2013-6405/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2013-6463/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-0181/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-1874/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-3184/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-3185/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-3673/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-3917/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-4652/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-4653/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-4654/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-4655/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-4656/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-4667/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-5471/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-5472/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-9090/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-9322/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-9420/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-9584/" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2015-2041/" ); # https://www.suse.com/support/update/announcement/2015/suse-su-20150812-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0e1e8d12" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel packages" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-bigsmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kdump"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-kdumppae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-smp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vmi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-vmipae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xenpae"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:10"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/12/04"); script_set_attribute(attribute:"patch_publication_date", value:"2015/04/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLES10)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES10", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES10" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES10 SP4", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-debug-2.6.16.60-0.132.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-kdump-2.6.16.60-0.132.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-smp-2.6.16.60-0.132.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-xen-2.6.16.60-0.132.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-bigsmp-2.6.16.60-0.132.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-kdumppae-2.6.16.60-0.132.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-vmi-2.6.16.60-0.132.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-vmipae-2.6.16.60-0.132.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"x86_64", reference:"kernel-xenpae-2.6.16.60-0.132.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", reference:"kernel-default-2.6.16.60-0.132.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", reference:"kernel-source-2.6.16.60-0.132.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", reference:"kernel-syms-2.6.16.60-0.132.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-debug-2.6.16.60-0.132.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-kdump-2.6.16.60-0.132.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-smp-2.6.16.60-0.132.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-xen-2.6.16.60-0.132.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-bigsmp-2.6.16.60-0.132.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-kdumppae-2.6.16.60-0.132.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-vmi-2.6.16.60-0.132.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-vmipae-2.6.16.60-0.132.1")) flag++; if (rpm_check(release:"SLES10", sp:"4", cpu:"i586", reference:"kernel-xenpae-2.6.16.60-0.132.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }
NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL17543.NASL description The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image. last seen 2020-06-01 modified 2020-06-02 plugin id 86729 published 2015-11-05 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86729 title F5 Networks BIG-IP : Linux kernel vulnerability (SOL17543) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from F5 Networks BIG-IP Solution SOL17543. # # The text description of this plugin is (C) F5 Networks. # include("compat.inc"); if (description) { script_id(86729); script_version("2.6"); script_cvs_date("Date: 2019/01/04 10:03:40"); script_cve_id("CVE-2014-9420"); script_bugtraq_id(71717); script_name(english:"F5 Networks BIG-IP : Linux kernel vulnerability (SOL17543)"); script_summary(english:"Checks the BIG-IP version."); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image." ); script_set_attribute( attribute:"see_also", value:"https://support.f5.com/csp/article/K17543" ); script_set_attribute( attribute:"solution", value: "Upgrade to one of the non-vulnerable versions listed in the F5 Solution SOL17543." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager"); script_set_attribute(attribute:"patch_publication_date", value:"2015/11/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"F5 Networks Local Security Checks"); script_dependencies("f5_bigip_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport"); exit(0); } include("f5_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); version = get_kb_item("Host/BIG-IP/version"); if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP"); if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix"); if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules"); sol = "SOL17543"; vmatrix = make_array(); if (report_paranoia < 2) audit(AUDIT_PARANOID); # AFM vmatrix["AFM"] = make_array(); vmatrix["AFM"]["affected" ] = make_list("11.3.0-11.6.0"); vmatrix["AFM"]["unaffected"] = make_list("12.0.0"); # AM vmatrix["AM"] = make_array(); vmatrix["AM"]["affected" ] = make_list("11.4.0-11.6.0"); vmatrix["AM"]["unaffected"] = make_list("12.0.0"); # APM vmatrix["APM"] = make_array(); vmatrix["APM"]["affected" ] = make_list("11.0.0-11.6.0","10.1.0-10.2.4"); vmatrix["APM"]["unaffected"] = make_list("12.0.0"); # ASM vmatrix["ASM"] = make_array(); vmatrix["ASM"]["affected" ] = make_list("11.0.0-11.6.0","10.1.0-10.2.4"); vmatrix["ASM"]["unaffected"] = make_list("12.0.0"); # AVR vmatrix["AVR"] = make_array(); vmatrix["AVR"]["affected" ] = make_list("11.0.0-11.6.0"); vmatrix["AVR"]["unaffected"] = make_list("12.0.0"); # LC vmatrix["LC"] = make_array(); vmatrix["LC"]["affected" ] = make_list("11.0.0-11.6.0","10.1.0-10.2.4"); vmatrix["LC"]["unaffected"] = make_list("12.0.0"); # LTM vmatrix["LTM"] = make_array(); vmatrix["LTM"]["affected" ] = make_list("11.0.0-11.6.0","10.1.0-10.2.4"); vmatrix["LTM"]["unaffected"] = make_list("12.0.0"); # PEM vmatrix["PEM"] = make_array(); vmatrix["PEM"]["affected" ] = make_list("11.3.0-11.6.0"); vmatrix["PEM"]["unaffected"] = make_list("12.0.0"); if (bigip_is_affected(vmatrix:vmatrix, sol:sol)) { if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get()); else security_warning(0); exit(0); } else { tested = bigip_get_tested_modules(); audit_extra = "For BIG-IP module(s) " + tested + ","; if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version); else audit(AUDIT_HOST_NOT, "running any of the affected modules"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2517-1.NASL description A flaw was discovered in the Kernel Virtual Machine last seen 2020-06-01 modified 2020-06-02 plugin id 81570 published 2015-02-27 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81570 title Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2517-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2517-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(81570); script_version("1.16"); script_cvs_date("Date: 2019/09/18 12:31:44"); script_cve_id("CVE-2014-8133", "CVE-2014-8160", "CVE-2014-8559", "CVE-2014-8989", "CVE-2014-9419", "CVE-2014-9420", "CVE-2014-9428", "CVE-2014-9529", "CVE-2014-9584", "CVE-2014-9585", "CVE-2014-9683", "CVE-2015-0239"); script_bugtraq_id(70854, 71154, 71684, 71717, 71794, 71847, 71880, 71883, 71990, 72061, 72643, 72842); script_xref(name:"USN", value:"2517-1"); script_name(english:"Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2517-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133) A restriction bypass was discovered in iptables when conntrack rules are specified and the conntrack protocol handler module is not loaded into the Linux kernel. This flaw can cause the firewall rules on the system to be bypassed when conntrack rules are used. (CVE-2014-8160) A flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). (CVE-2014-8559) A flaw was discovered in how supplemental group memberships are handled in certain namespace scenarios. A local user could exploit this flaw to bypass file permission restrictions. (CVE-2014-8989) A flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419) Prasad J Pandit reported a flaw in the rock_continue function of the Linux kernel's ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang). (CVE-2014-9420) A flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced Meshing Protocol in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (mesh-node system crash) via fragmented packets. (CVE-2014-9428) A race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands. (CVE-2014-9529) A memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584) A flaw was discovered in the Address Space Layout Randomization (ASLR) of the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw makes it easier for a local user to bypass the ASLR protection mechanism. (CVE-2014-9585) Dmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file name decoding. A local unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2014-9683). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2517-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected linux-image-3.16-generic, linux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/10"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2014-8133", "CVE-2014-8160", "CVE-2014-8559", "CVE-2014-8989", "CVE-2014-9419", "CVE-2014-9420", "CVE-2014-9428", "CVE-2014-9529", "CVE-2014-9584", "CVE-2014-9585", "CVE-2014-9683", "CVE-2015-0239"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2517-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"linux-image-3.16.0-31-generic", pkgver:"3.16.0-31.41~14.04.1")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"linux-image-3.16.0-31-generic-lpae", pkgver:"3.16.0-31.41~14.04.1")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"linux-image-3.16.0-31-lowlatency", pkgver:"3.16.0-31.41~14.04.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc"); }
NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-301.NASL description The Linux kernel was updated to fix various bugs and security issues. Following security issues were fixed : - CVE-2014-8173: A NULL pointer dereference flaw was found in the way the Linux kernels madvise MADV_WILLNEED functionality handled page table locking. A local, unprivileged user could have used this flaw to crash the system. - CVE-2015-1593: A integer overflow reduced the effectiveness of the stack randomization on 64-bit systems. - CVE-2014-7822: A flaw was found in the way the Linux kernels splice() system call validated its parameters. On certain file systems, a local, unprivileged user could have used this flaw to write past the maximum file size, and thus crash the system. - CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel did not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which made it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address. - CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel used an improper paravirt_enabled setting for KVM guest kernels, which made it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. - CVE-2014-8160: net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel generated incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allowed remote attackers to bypass intended access restrictions via packets with disallowed port numbers. - CVE-2014-9529: Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel through did not properly maintain the semantics of rename_lock, which allowed local users to cause a denial of service (deadlock and system hang) via a crafted application. - CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the Linux kernel did not restrict the number of Rock Ridge continuation entries, which allowed local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image. - CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image. - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. Following bugs were fixed : - HID: usbhid: enable always-poll quirk for Elan Touchscreen 0103 (bnc#920901). - HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f (bnc#920901). - HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b (bnc#920901). - HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#920901). - HID: usbhid: fix PIXART optical mouse (bnc#920901). - HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#920901). - HID: usbhid: add always-poll quirk (bnc#920901). - storvsc: ring buffer failures may result in I/O freeze (bnc#914175). - mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process being killed (VM Functionality bnc#910150). - Input: evdev - fix EVIOCG(type) ioctl (bnc#904899). - mnt: Implicitly add MNT_NODEV on remount when it was implicitly added by mount (bsc#907988). - DocBook: Do not exceed argument list limit. - DocBook: Make mandocs parallel-safe. - mm: free compound page with correct order (bnc#913695). - udf: Check component length before reading it. - udf: Check path length when reading symlink. - udf: Verify symlink size before loading it. - udf: Verify i_size when loading inode. - xfs: remote attribute overwrite causes transaction overrun. last seen 2020-06-05 modified 2015-04-14 plugin id 82755 published 2015-04-14 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82755 title openSUSE Security Update : the Linux Kernel (openSUSE-2015-301) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2015-301. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(82755); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2014-7822", "CVE-2014-8134", "CVE-2014-8160", "CVE-2014-8173", "CVE-2014-8559", "CVE-2014-9419", "CVE-2014-9420", "CVE-2014-9529", "CVE-2014-9584", "CVE-2014-9585", "CVE-2015-1593"); script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2015-301)"); script_summary(english:"Check for the openSUSE-2015-301 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The Linux kernel was updated to fix various bugs and security issues. Following security issues were fixed : - CVE-2014-8173: A NULL pointer dereference flaw was found in the way the Linux kernels madvise MADV_WILLNEED functionality handled page table locking. A local, unprivileged user could have used this flaw to crash the system. - CVE-2015-1593: A integer overflow reduced the effectiveness of the stack randomization on 64-bit systems. - CVE-2014-7822: A flaw was found in the way the Linux kernels splice() system call validated its parameters. On certain file systems, a local, unprivileged user could have used this flaw to write past the maximum file size, and thus crash the system. - CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel did not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which made it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address. - CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel used an improper paravirt_enabled setting for KVM guest kernels, which made it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. - CVE-2014-8160: net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel generated incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allowed remote attackers to bypass intended access restrictions via packets with disallowed port numbers. - CVE-2014-9529: Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel through did not properly maintain the semantics of rename_lock, which allowed local users to cause a denial of service (deadlock and system hang) via a crafted application. - CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the Linux kernel did not restrict the number of Rock Ridge continuation entries, which allowed local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image. - CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image. - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. Following bugs were fixed : - HID: usbhid: enable always-poll quirk for Elan Touchscreen 0103 (bnc#920901). - HID: usbhid: enable always-poll quirk for Elan Touchscreen 016f (bnc#920901). - HID: usbhid: enable always-poll quirk for Elan Touchscreen 009b (bnc#920901). - HID: usbhid: add another mouse that needs QUIRK_ALWAYS_POLL (bnc#920901). - HID: usbhid: fix PIXART optical mouse (bnc#920901). - HID: usbhid: enable always-poll quirk for Elan Touchscreen (bnc#920901). - HID: usbhid: add always-poll quirk (bnc#920901). - storvsc: ring buffer failures may result in I/O freeze (bnc#914175). - mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process being killed (VM Functionality bnc#910150). - Input: evdev - fix EVIOCG(type) ioctl (bnc#904899). - mnt: Implicitly add MNT_NODEV on remount when it was implicitly added by mount (bsc#907988). - DocBook: Do not exceed argument list limit. - DocBook: Make mandocs parallel-safe. - mm: free compound page with correct order (bnc#913695). - udf: Check component length before reading it. - udf: Check path length when reading symlink. - udf: Verify symlink size before loading it. - udf: Verify i_size when loading inode. - xfs: remote attribute overwrite causes transaction overrun." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=903640" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=904899" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=907988" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=909078" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=910150" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=911325" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=911326" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=912202" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=912654" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=912705" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=913059" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=913695" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=914175" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=915322" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=917839" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=920901" ); script_set_attribute( attribute:"solution", value:"Update the affected the Linux Kernel packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-eppic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-eppic-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-gcore"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-gcore-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libipset3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libipset3-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-xend-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/10"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/04/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"cloop-2.639-11.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"cloop-debuginfo-2.639-11.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"cloop-debugsource-2.639-11.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-default-2.639_k3.11.10_29-11.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-default-debuginfo-2.639_k3.11.10_29-11.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-desktop-2.639_k3.11.10_29-11.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-desktop-debuginfo-2.639_k3.11.10_29-11.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-pae-2.639_k3.11.10_29-11.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-pae-debuginfo-2.639_k3.11.10_29-11.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-xen-2.639_k3.11.10_29-11.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-xen-debuginfo-2.639_k3.11.10_29-11.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"crash-7.0.2-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"crash-debuginfo-7.0.2-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"crash-debugsource-7.0.2-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"crash-devel-7.0.2-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"crash-eppic-7.0.2-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"crash-eppic-debuginfo-7.0.2-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"crash-gcore-7.0.2-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"crash-gcore-debuginfo-7.0.2-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-default-7.0.2_k3.11.10_29-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-default-debuginfo-7.0.2_k3.11.10_29-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-desktop-7.0.2_k3.11.10_29-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-desktop-debuginfo-7.0.2_k3.11.10_29-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-pae-7.0.2_k3.11.10_29-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-pae-debuginfo-7.0.2_k3.11.10_29-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-xen-7.0.2_k3.11.10_29-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-xen-debuginfo-7.0.2_k3.11.10_29-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-debugsource-1.28-16.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-default-1.28_k3.11.10_29-16.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-default-debuginfo-1.28_k3.11.10_29-16.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-desktop-1.28_k3.11.10_29-16.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-desktop-debuginfo-1.28_k3.11.10_29-16.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-pae-1.28_k3.11.10_29-16.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-pae-debuginfo-1.28_k3.11.10_29-16.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-xen-1.28_k3.11.10_29-16.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-xen-debuginfo-1.28_k3.11.10_29-16.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ipset-6.21.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ipset-debuginfo-6.21.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ipset-debugsource-6.21.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ipset-devel-6.21.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-default-6.21.1_k3.11.10_29-2.23.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-default-debuginfo-6.21.1_k3.11.10_29-2.23.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-desktop-6.21.1_k3.11.10_29-2.23.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-desktop-debuginfo-6.21.1_k3.11.10_29-2.23.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-pae-6.21.1_k3.11.10_29-2.23.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-pae-debuginfo-6.21.1_k3.11.10_29-2.23.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-xen-6.21.1_k3.11.10_29-2.23.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-xen-debuginfo-6.21.1_k3.11.10_29-2.23.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-1.4.20.3-13.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-debuginfo-1.4.20.3-13.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-debugsource-1.4.20.3-13.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-default-1.4.20.3_k3.11.10_29-13.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-default-debuginfo-1.4.20.3_k3.11.10_29-13.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-desktop-1.4.20.3_k3.11.10_29-13.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-desktop-debuginfo-1.4.20.3_k3.11.10_29-13.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-pae-1.4.20.3_k3.11.10_29-13.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-pae-debuginfo-1.4.20.3_k3.11.10_29-13.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-xen-1.4.20.3_k3.11.10_29-13.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-xen-debuginfo-1.4.20.3_k3.11.10_29-13.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-base-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-base-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-debugsource-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-devel-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-devel-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kernel-devel-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kernel-source-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kernel-source-vanilla-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"kernel-syms-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libipset3-6.21.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"libipset3-debuginfo-6.21.1-2.23.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-1.58-19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-debuginfo-1.58-19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-debugsource-1.58-19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-kmp-default-1.58_k3.11.10_29-19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-kmp-default-debuginfo-1.58_k3.11.10_29-19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-kmp-desktop-1.58_k3.11.10_29-19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-kmp-desktop-debuginfo-1.58_k3.11.10_29-19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-kmp-pae-1.58_k3.11.10_29-19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-kmp-pae-debuginfo-1.58_k3.11.10_29-19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-0.44-258.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-debuginfo-0.44-258.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-debugsource-0.44-258.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-kmp-default-0.44_k3.11.10_29-258.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-kmp-default-debuginfo-0.44_k3.11.10_29-258.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-kmp-desktop-0.44_k3.11.10_29-258.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-kmp-desktop-debuginfo-0.44_k3.11.10_29-258.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-kmp-pae-0.44_k3.11.10_29-258.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-kmp-pae-debuginfo-0.44_k3.11.10_29-258.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"python-virtualbox-4.2.28-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"python-virtualbox-debuginfo-4.2.28-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-debugsource-20130607-2.20.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-default-20130607_k3.11.10_29-2.20.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-default-debuginfo-20130607_k3.11.10_29-2.20.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-desktop-20130607_k3.11.10_29-2.20.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-desktop-debuginfo-20130607_k3.11.10_29-2.20.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-pae-20130607_k3.11.10_29-2.20.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-pae-debuginfo-20130607_k3.11.10_29-2.20.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-xen-20130607_k3.11.10_29-2.20.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-xen-debuginfo-20130607_k3.11.10_29-2.20.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-4.2.28-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-debuginfo-4.2.28-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-debugsource-4.2.28-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-devel-4.2.28-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-default-4.2.28_k3.11.10_29-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-default-debuginfo-4.2.28_k3.11.10_29-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-desktop-4.2.28_k3.11.10_29-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-desktop-debuginfo-4.2.28_k3.11.10_29-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-pae-4.2.28_k3.11.10_29-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-pae-debuginfo-4.2.28_k3.11.10_29-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-tools-4.2.28-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-tools-debuginfo-4.2.28-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-x11-4.2.28-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-x11-debuginfo-4.2.28-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-default-4.2.28_k3.11.10_29-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-default-debuginfo-4.2.28_k3.11.10_29-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-desktop-4.2.28_k3.11.10_29-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-desktop-debuginfo-4.2.28_k3.11.10_29-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-pae-4.2.28_k3.11.10_29-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-pae-debuginfo-4.2.28_k3.11.10_29-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-qt-4.2.28-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-qt-debuginfo-4.2.28-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-websrv-4.2.28-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-websrv-debuginfo-4.2.28-2.28.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-debugsource-4.3.3_04-37.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-devel-4.3.3_04-37.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-default-4.3.3_04_k3.11.10_29-37.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-default-debuginfo-4.3.3_04_k3.11.10_29-37.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-desktop-4.3.3_04_k3.11.10_29-37.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-desktop-debuginfo-4.3.3_04_k3.11.10_29-37.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-pae-4.3.3_04_k3.11.10_29-37.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-pae-debuginfo-4.3.3_04_k3.11.10_29-37.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-libs-4.3.3_04-37.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-libs-debuginfo-4.3.3_04-37.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-tools-domU-4.3.3_04-37.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xen-tools-domU-debuginfo-4.3.3_04-37.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-2.3-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-debuginfo-2.3-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-debugsource-2.3-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-default-2.3_k3.11.10_29-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-default-debuginfo-2.3_k3.11.10_29-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-desktop-2.3_k3.11.10_29-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-desktop-debuginfo-2.3_k3.11.10_29-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-pae-2.3_k3.11.10_29-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-pae-debuginfo-2.3_k3.11.10_29-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-xen-2.3_k3.11.10_29-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-xen-debuginfo-2.3_k3.11.10_29-2.19.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-base-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-base-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-debugsource-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-devel-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-devel-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-base-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-base-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-debugsource-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-devel-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-devel-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-base-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-base-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-debugsource-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-devel-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-devel-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-base-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-base-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-debugsource-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-devel-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-devel-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-base-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-base-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-debugsource-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-devel-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-devel-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-vanilla-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-vanilla-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-vanilla-debugsource-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-vanilla-devel-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-vanilla-devel-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-base-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-base-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-debugsource-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-devel-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-devel-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-base-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-base-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-debugsource-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-devel-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-devel-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-base-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-base-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-debugsource-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-devel-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-devel-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-base-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-base-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-debugsource-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-devel-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-devel-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-base-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-base-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-debugsource-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-devel-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-devel-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-base-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-base-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-debugsource-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-devel-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-devel-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-vanilla-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-vanilla-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-vanilla-debugsource-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-vanilla-devel-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-vanilla-devel-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-base-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-debugsource-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-devel-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-devel-debuginfo-3.11.10-29.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-4.3.3_04-37.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-doc-html-4.3.3_04-37.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-libs-32bit-4.3.3_04-37.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.3.3_04-37.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-tools-4.3.3_04-37.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-tools-debuginfo-4.3.3_04-37.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-xend-tools-4.3.3_04-37.1") ) flag++; if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-xend-tools-debuginfo-4.3.3_04-37.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cloop / cloop-debuginfo / cloop-debugsource / cloop-kmp-default / etc"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1137.NASL description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 84356 published 2015-06-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84356 title RHEL 7 : kernel (RHSA-2015:1137) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:1137. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(84356); script_version("2.20"); script_cvs_date("Date: 2019/10/24 15:35:40"); script_cve_id("CVE-2014-9420", "CVE-2014-9529", "CVE-2014-9584", "CVE-2015-1573", "CVE-2015-1593", "CVE-2015-1805", "CVE-2015-2830"); script_bugtraq_id(72552); script_xref(name:"RHSA", value:"2015:1137"); script_name(english:"RHEL 7 : kernel (RHSA-2015:1137)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1805, Important) * A race condition flaw was found in the way the Linux kernel keys management subsystem performed key garbage collection. A local attacker could attempt accessing a key while it was being garbage collected, which would cause the system to crash. (CVE-2014-9529, Moderate) * A flaw was found in the way the Linux kernel's 32-bit emulation implementation handled forking or closing of a task with an 'int80' entry. A local user could potentially use this flaw to escalate their privileges on the system. (CVE-2015-2830, Low) * It was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service. (CVE-2014-9420, Low) * An information leak flaw was found in the way the Linux kernel's ISO9660 file system implementation accessed data on an ISO9660 image with RockRidge Extension Reference (ER) records. An attacker with physical access to the system could use this flaw to disclose up to 255 bytes of kernel memory. (CVE-2014-9584, Low) * A flaw was found in the way the nft_flush_table() function of the Linux kernel's netfilter tables implementation flushed rules that were referencing deleted chains. A local user who has the CAP_NET_ADMIN capability could use this flaw to crash the system. (CVE-2015-1573, Low) * An integer overflow flaw was found in the way the Linux kernel randomized the stack for processes on certain 64-bit architecture systems, such as x86-64, causing the stack entropy to be reduced by four. (CVE-2015-1593, Low) Red Hat would like to thank Carl Henrik Lunde for reporting CVE-2014-9420 and CVE-2014-9584. The security impact of the CVE-2015-1805 issue was discovered by Red Hat. This update also fixes several bugs. Documentation for these changes is available from the following Knowledgebase article: https://access.redhat.com/articles/1469163 All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2015:1137" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-9529" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-9584" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-1805" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-9420" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-2830" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-1573" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-1593" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/25"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2014-9420", "CVE-2014-9529", "CVE-2014-9584", "CVE-2015-1573", "CVE-2015-1593", "CVE-2015-1805", "CVE-2015-2830"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2015:1137"); } else { __rpm_report = ksplice_reporting_text(); } } yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2015:1137"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"kernel-abi-whitelists-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-debuginfo-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-devel-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debuginfo-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debuginfo-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debuginfo-common-s390x-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-devel-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"kernel-doc-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-headers-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-debuginfo-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-devel-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-tools-debuginfo-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"perf-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"perf-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"perf-debuginfo-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"perf-debuginfo-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-perf-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-perf-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-perf-debuginfo-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-perf-debuginfo-3.10.0-229.7.2.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc"); } }
NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0037.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2016-0037 for details. last seen 2020-06-01 modified 2020-06-02 plugin id 90019 published 2016-03-18 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90019 title OracleVM 3.2 : kernel-uek (OVMSA-2016-0037) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2016-0037. # include("compat.inc"); if (description) { script_id(90019); script_version("2.8"); script_cvs_date("Date: 2019/09/27 13:00:35"); script_cve_id("CVE-2010-5313", "CVE-2012-3520", "CVE-2013-7421", "CVE-2014-3215", "CVE-2014-7842", "CVE-2014-8133", "CVE-2014-8159", "CVE-2014-9419", "CVE-2014-9420", "CVE-2014-9584", "CVE-2014-9585", "CVE-2014-9644", "CVE-2014-9683", "CVE-2014-9715", "CVE-2015-0239", "CVE-2015-1421", "CVE-2015-1593", "CVE-2015-2150", "CVE-2015-2830", "CVE-2015-2922", "CVE-2015-3331", "CVE-2015-3339", "CVE-2015-3636", "CVE-2015-5156", "CVE-2015-5307", "CVE-2015-5364", "CVE-2015-5366", "CVE-2015-5697", "CVE-2015-7613", "CVE-2015-7872", "CVE-2015-8104"); script_bugtraq_id(55152, 67341, 71078, 71363, 71684, 71717, 71794, 71883, 71990, 72320, 72322, 72356, 72607, 72643, 72842, 73014, 73060, 73699, 73953, 74235, 74243, 74315, 74450, 75510); script_name(english:"OracleVM 3.2 : kernel-uek (OVMSA-2016-0037)"); script_summary(english:"Checks the RPM output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2016-0037 for details." ); # https://oss.oracle.com/pipermail/oraclevm-errata/2016-March/000442.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8111de50" ); script_set_attribute( attribute:"solution", value:"Update the affected kernel-uek / kernel-uek-firmware packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek-firmware"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/03"); script_set_attribute(attribute:"patch_publication_date", value:"2016/03/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "3\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.2", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.2", reference:"kernel-uek-2.6.39-400.277.1.el5uek")) flag++; if (rpm_check(release:"OVS3.2", reference:"kernel-uek-firmware-2.6.39-400.277.1.el5uek")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-uek / kernel-uek-firmware"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DLA-155.NASL description This update fixes the CVEs described below. A further issue, CVE-2014-9419, was considered, but appears to require extensive changes with a consequent high risk of regression. It is now unlikely to be fixed in squeeze-lts. CVE-2013-6885 It was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh processors. A local user can use this flaw to mount a denial of service (system hang) via a crafted application. For more information please refer to the AMD CPU erratum 793 in http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide. pdf CVE-2014-7822 It was found that the splice() system call did not validate the given file offset and length. A local unprivileged user can use this flaw to cause filesystem corruption on ext4 filesystems, or possibly other effects. CVE-2014-8133 It was found that the espfix functionality can be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks for) and using it for stack. A local unprivileged user could potentially use this flaw to leak kernel stack addresses. CVE-2014-8134 It was found that the espfix functionality is wrongly disabled in a 32-bit KVM guest. A local unprivileged user could potentially use this flaw to leak kernel stack addresses. CVE-2014-8160 It was found that a netfilter (iptables or ip6tables) rule accepting packets to a specific SCTP, DCCP, GRE or UDPlite port/endpoint could result in incorrect connection tracking state. If only the generic connection tracking module (nf_conntrack) was loaded, and not the protocol-specific connection tracking module, this would allow access to any port/endpoint of the specified protocol. CVE-2014-9420 It was found that the ISO-9660 filesystem implementation (isofs) follows arbitrarily long chains, including loops, of Continuation Entries (CEs). This allows local users to mount a denial of service via a crafted disc image. CVE-2014-9584 It was found that the ISO-9660 filesystem implementation (isofs) does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted disc image. CVE-2014-9585 It was discovered that address randomisation for the vDSO in 64-bit processes is extremely biassed. A local unprivileged user could potentially use this flaw to bypass the ASLR protection mechanism. CVE-2015-1421 It was found that the SCTP implementation could free authentication state while it was still in use, resulting in heap corruption. This could allow remote users to cause a denial of service or privilege escalation. CVE-2015-1593 It was found that address randomisation for the initial stack in 64-bit processes was limited to 20 rather than 22 bits of entropy. A local unprivileged user could potentially use this flaw to bypass the ASLR protection mechanism. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-03-26 plugin id 82138 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82138 title Debian DLA-155-1 : linux-2.6 security update code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-155-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(82138); script_version("1.12"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-6885", "CVE-2014-7822", "CVE-2014-8133", "CVE-2014-8134", "CVE-2014-8160", "CVE-2014-9420", "CVE-2014-9584", "CVE-2014-9585", "CVE-2015-1421", "CVE-2015-1593"); script_bugtraq_id(63983, 71650, 71684, 71717, 71883, 71990, 72061, 72347, 72356, 72607); script_name(english:"Debian DLA-155-1 : linux-2.6 security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes the CVEs described below. A further issue, CVE-2014-9419, was considered, but appears to require extensive changes with a consequent high risk of regression. It is now unlikely to be fixed in squeeze-lts. CVE-2013-6885 It was discovered that under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on AMD 16h 00h through 0Fh processors. A local user can use this flaw to mount a denial of service (system hang) via a crafted application. For more information please refer to the AMD CPU erratum 793 in http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide. pdf CVE-2014-7822 It was found that the splice() system call did not validate the given file offset and length. A local unprivileged user can use this flaw to cause filesystem corruption on ext4 filesystems, or possibly other effects. CVE-2014-8133 It was found that the espfix functionality can be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks for) and using it for stack. A local unprivileged user could potentially use this flaw to leak kernel stack addresses. CVE-2014-8134 It was found that the espfix functionality is wrongly disabled in a 32-bit KVM guest. A local unprivileged user could potentially use this flaw to leak kernel stack addresses. CVE-2014-8160 It was found that a netfilter (iptables or ip6tables) rule accepting packets to a specific SCTP, DCCP, GRE or UDPlite port/endpoint could result in incorrect connection tracking state. If only the generic connection tracking module (nf_conntrack) was loaded, and not the protocol-specific connection tracking module, this would allow access to any port/endpoint of the specified protocol. CVE-2014-9420 It was found that the ISO-9660 filesystem implementation (isofs) follows arbitrarily long chains, including loops, of Continuation Entries (CEs). This allows local users to mount a denial of service via a crafted disc image. CVE-2014-9584 It was found that the ISO-9660 filesystem implementation (isofs) does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted disc image. CVE-2014-9585 It was discovered that address randomisation for the vDSO in 64-bit processes is extremely biassed. A local unprivileged user could potentially use this flaw to bypass the ASLR protection mechanism. CVE-2015-1421 It was found that the SCTP implementation could free authentication state while it was still in use, resulting in heap corruption. This could allow remote users to cause a denial of service or privilege escalation. CVE-2015-1593 It was found that address randomisation for the initial stack in 64-bit processes was limited to 20 rather than 22 bits of entropy. A local unprivileged user could potentially use this flaw to bypass the ASLR protection mechanism. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d5360cb0" ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2015/02/msg00009.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze-lts/linux-2.6" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firmware-linux-free"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-doc-2.6.32"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-486"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686-bigmem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-amd64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-i386"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-amd64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-openvz"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-vserver"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-xen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-amd64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686-bigmem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-amd64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-amd64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-486"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-libc-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-manual-2.6.32"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-patch-debian-2.6.32"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-source-2.6.32"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-support-2.6.32-5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-tools-2.6.32"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-686"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-amd64"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/28"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"firmware-linux-free", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-base", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-doc-2.6.32", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-486", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-686", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-686-bigmem", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-amd64", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-i386", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-amd64", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-openvz", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-vserver", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-xen", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-openvz-686", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-openvz-amd64", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-686", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-686-bigmem", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-amd64", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-xen-686", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-xen-amd64", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-486", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686-bigmem", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686-bigmem-dbg", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-amd64", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-amd64-dbg", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-686", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-686-dbg", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-amd64", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-amd64-dbg", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686-bigmem", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686-bigmem-dbg", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-amd64", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-amd64-dbg", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-686", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-686-dbg", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-amd64", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-amd64-dbg", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-libc-dev", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-manual-2.6.32", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-patch-debian-2.6.32", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-source-2.6.32", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-support-2.6.32-5", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"linux-tools-2.6.32", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"xen-linux-system-2.6.32-5-xen-686", reference:"2.6.32-48squeeze11")) flag++; if (deb_check(release:"6.0", prefix:"xen-linux-system-2.6.32-5-xen-amd64", reference:"2.6.32-48squeeze11")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-027.NASL description Multiple vulnerabilities has been found and corrected in the Linux kernel : The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association last seen 2020-06-01 modified 2020-06-02 plugin id 80578 published 2015-01-19 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80578 title Mandriva Linux Security Advisory : kernel (MDVSA-2015:027) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2015:027. # The text itself is copyright (C) Mandriva S.A. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(80578); script_version("1.7"); script_cvs_date("Date: 2019/08/02 13:32:56"); script_cve_id("CVE-2014-3688", "CVE-2014-6416", "CVE-2014-6417", "CVE-2014-6418", "CVE-2014-7841", "CVE-2014-7842", "CVE-2014-8133", "CVE-2014-8884", "CVE-2014-9090", "CVE-2014-9322", "CVE-2014-9419", "CVE-2014-9420", "CVE-2014-9529", "CVE-2014-9584", "CVE-2014-9585"); script_bugtraq_id(69805, 70393, 70395, 70768, 71078, 71081, 71097, 71250, 71684, 71685, 71717, 71794, 71880, 71883, 71990); script_xref(name:"MDVSA", value:"2015:027"); script_name(english:"Mandriva Linux Security Advisory : kernel (MDVSA-2015:027)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities has been found and corrected in the Linux kernel : The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (CVE-2014-3688=. Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket (CVE-2014-6416). net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket (CVE-2014-6417). net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph Monitor (CVE-2014-6418). The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (CVE-2014-7841). Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313 (CVE-2014-7842). arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value (CVE-2014-8133). Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call (CVE-2014-8884). The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite (CVE-2014-9090). arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space (CVE-2014-9322). The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address (CVE-2014-9419). The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image (CVE-2014-9420). Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key (CVE-2014-9529). The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image (CVE-2014-9584). The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD (CVE-2014-9585). The updated packages provides a solution for these security issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cpupower"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-firmware"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cpupower-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cpupower0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2015/01/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"cpupower-3.4.105-2.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"kernel-firmware-3.4.105-2.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-headers-3.4.105-2.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-server-3.4.105-2.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-server-devel-3.4.105-2.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"kernel-source-3.4.105-2.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64cpupower-devel-3.4.105-2.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64cpupower0-3.4.105-2.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"perf-3.4.105-2.1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1139.NASL description Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 84358 published 2015-06-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84358 title RHEL 7 : kernel-rt (RHSA-2015:1139) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2015:1139. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(84358); script_version("2.9"); script_cvs_date("Date: 2019/10/24 15:35:40"); script_cve_id("CVE-2014-9420", "CVE-2014-9529", "CVE-2014-9584", "CVE-2015-1573", "CVE-2015-1593", "CVE-2015-1805", "CVE-2015-2830"); script_xref(name:"RHSA", value:"2015:1139"); script_name(english:"RHEL 7 : kernel-rt (RHSA-2015:1139)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1805, Important) * A race condition flaw was found in the way the Linux kernel keys management subsystem performed key garbage collection. A local attacker could attempt accessing a key while it was being garbage collected, which would cause the system to crash. (CVE-2014-9529, Moderate) * A flaw was found in the way the Linux kernel's 32-bit emulation implementation handled forking or closing of a task with an 'int80' entry. A local user could potentially use this flaw to escalate their privileges on the system. (CVE-2015-2830, Low) * It was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service. (CVE-2014-9420, Low) * An information leak flaw was found in the way the Linux kernel's ISO9660 file system implementation accessed data on an ISO9660 image with RockRidge Extension Reference (ER) records. An attacker with physical access to the system could use this flaw to disclose up to 255 bytes of kernel memory. (CVE-2014-9584, Low) * A flaw was found in the way the nft_flush_table() function of the Linux kernel's netfilter tables implementation flushed rules that were referencing deleted chains. A local user who has the CAP_NET_ADMIN capability could use this flaw to crash the system. (CVE-2015-1573, Low) * An integer overflow flaw was found in the way the Linux kernel randomized the stack for processes on certain 64-bit architecture systems, such as x86-64, causing the stack entropy to be reduced by four. (CVE-2015-1593, Low) Red Hat would like to thank Carl Henrik Lunde for reporting CVE-2014-9420 and CVE-2014-9584. The security impact of CVE-2015-1805 was discovered by Red Hat. The kernel-rt packages have been upgraded to version 3.10.0-229.7.2, which provides a number of bug fixes and enhancements over the previous version, including : * storvsc: get rid of overly verbose warning messages * storvsc: force discovery of LUNs that may have been removed * storvsc: in responce to a scan event, scan the hos * storvsc: NULL pointer dereference fix * futex: Mention key referencing differences between shared and private futexes * futex: Ensure get_futex_key_refs() always implies a barrier * kernel module: set nx before marking module MODULE_STATE_COMING * kernel module: Clean up ro/nx after early module load failures * btrfs: make xattr replace operations atomic * megaraid_sas: revert: Add release date and update driver version * radeon: fix kernel segfault in hwmonitor (BZ#1223955) Bug fix : * There is an XFS optimization that depended on a spinlock to disable preemption using the preempt_disable() function. When CONFIG_PREEMPT_RT is enabled on realtime kernels, spinlocks do not disable preemption while held, so the XFS critical section was not protected from preemption. Systems on the Realtime kernel-rt could lock up in this XFS optimization when a task that locked all the counters was then preempted by a realtime task, causing all callers of that lock to block indefinitely. This update disables the optimization when building a kernel with CONFIG_PREEMPT_RT_FULL enabled. (BZ#1223955) All kernel-rt users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2015:1139" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-9420" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-9529" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2014-9584" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-1573" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-1593" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-1805" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2015-2830" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/25"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); include("ksplice.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2014-9420", "CVE-2014-9529", "CVE-2014-9584", "CVE-2015-1573", "CVE-2015-1593", "CVE-2015-1805", "CVE-2015-2830"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2015:1139"); } else { __rpm_report = ksplice_reporting_text(); } } yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2015:1139"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-3.10.0-229.7.2.rt56.141.6.el7_1")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debug-3.10.0-229.7.2.rt56.141.6.el7_1")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debug-devel-3.10.0-229.7.2.rt56.141.6.el7_1")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-devel-3.10.0-229.7.2.rt56.141.6.el7_1")) flag++; if (rpm_check(release:"RHEL7", reference:"kernel-rt-doc-3.10.0-229.7.2.rt56.141.6.el7_1")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-trace-3.10.0-229.7.2.rt56.141.6.el7_1")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-trace-devel-3.10.0-229.7.2.rt56.141.6.el7_1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-rt / kernel-rt-debug / kernel-rt-debug-devel / etc"); } }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2518-1.NASL description A flaw was discovered in the Kernel Virtual Machine last seen 2020-06-01 modified 2020-06-02 plugin id 81571 published 2015-02-27 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81571 title Ubuntu 14.10 : linux vulnerabilities (USN-2518-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2518-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(81571); script_version("1.15"); script_cvs_date("Date: 2019/09/18 12:31:44"); script_cve_id("CVE-2014-8133", "CVE-2014-8160", "CVE-2014-8559", "CVE-2014-8989", "CVE-2014-9419", "CVE-2014-9420", "CVE-2014-9428", "CVE-2014-9529", "CVE-2014-9584", "CVE-2014-9585", "CVE-2014-9683", "CVE-2015-0239"); script_bugtraq_id(70854, 71154, 71684, 71717, 71794, 71847, 71880, 71883, 71990, 72061, 72643); script_xref(name:"USN", value:"2518-1"); script_name(english:"Ubuntu 14.10 : linux vulnerabilities (USN-2518-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133) A restriction bypass was discovered in iptables when conntrack rules are specified and the conntrack protocol handler module is not loaded into the Linux kernel. This flaw can cause the firewall rules on the system to be bypassed when conntrack rules are used. (CVE-2014-8160) A flaw was discovered with file renaming in the linux kernel. A local user could exploit this flaw to cause a denial of service (deadlock and system hang). (CVE-2014-8559) A flaw was discovered in how supplemental group memberships are handled in certain namespace scenarios. A local user could exploit this flaw to bypass file permission restrictions. (CVE-2014-8989) A flaw was discovered in how Thread Local Storage (TLS) is handled by the task switching function in the Linux kernel for x86_64 based machines. A local user could exploit this flaw to bypass the Address Space Layout Radomization (ASLR) protection mechanism. (CVE-2014-9419) Prasad J Pandit reported a flaw in the rock_continue function of the Linux kernel's ISO 9660 CDROM file system. A local user could exploit this flaw to cause a denial of service (system crash or hang). (CVE-2014-9420) A flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced Meshing Protocol in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (mesh-node system crash) via fragmented packets. (CVE-2014-9428) A race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands. (CVE-2014-9529) A memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584) A flaw was discovered in the Address Space Layout Randomization (ASLR) of the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw makes it easier for a local user to bypass the ASLR protection mechanism. (CVE-2014-9585) Dmitry Chernenkov discovered a buffer overflow in eCryptfs' encrypted file name decoding. A local unprivileged user could exploit this flaw to cause a denial of service (system crash) or potentially gain administrative privileges. (CVE-2014-9683). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2518-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected linux-image-3.16-generic, linux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/10"); script_set_attribute(attribute:"patch_publication_date", value:"2015/02/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2014-8133", "CVE-2014-8160", "CVE-2014-8559", "CVE-2014-8989", "CVE-2014-9419", "CVE-2014-9420", "CVE-2014-9428", "CVE-2014-9529", "CVE-2014-9584", "CVE-2014-9585", "CVE-2014-9683", "CVE-2015-0239"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2518-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"14.10", pkgname:"linux-image-3.16.0-31-generic", pkgver:"3.16.0-31.41")) flag++; if (ubuntu_check(osver:"14.10", pkgname:"linux-image-3.16.0-31-generic-lpae", pkgver:"3.16.0-31.41")) flag++; if (ubuntu_check(osver:"14.10", pkgname:"linux-image-3.16.0-31-lowlatency", pkgver:"3.16.0-31.41")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc"); }
NASL family Scientific Linux Local Security Checks NASL id SL_20150623_KERNEL_ON_SL7_X.NASL description * It was found that the Linux kernel last seen 2020-03-18 modified 2015-07-06 plugin id 84536 published 2015-07-06 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84536 title Scientific Linux Security Update : kernel on SL7.x x86_64 (20150623) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(84536); script_version("2.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25"); script_cve_id("CVE-2014-9420", "CVE-2014-9529", "CVE-2014-9584", "CVE-2015-1573", "CVE-2015-1593", "CVE-2015-1805", "CVE-2015-2830"); script_name(english:"Scientific Linux Security Update : kernel on SL7.x x86_64 (20150623)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "* It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1805, Important) * A race condition flaw was found in the way the Linux kernel keys management subsystem performed key garbage collection. A local attacker could attempt accessing a key while it was being garbage collected, which would cause the system to crash. (CVE-2014-9529, Moderate) * A flaw was found in the way the Linux kernel's 32-bit emulation implementation handled forking or closing of a task with an 'int80' entry. A local user could potentially use this flaw to escalate their privileges on the system. (CVE-2015-2830, Low) * It was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service. (CVE-2014-9420, Low) * An information leak flaw was found in the way the Linux kernel's ISO9660 file system implementation accessed data on an ISO9660 image with RockRidge Extension Reference (ER) records. An attacker with physical access to the system could use this flaw to disclose up to 255 bytes of kernel memory. (CVE-2014-9584, Low) * A flaw was found in the way the nft_flush_table() function of the Linux kernel's netfilter tables implementation flushed rules that were referencing deleted chains. A local user who has the CAP_NET_ADMIN capability could use this flaw to crash the system. (CVE-2015-1573, Low) * An integer overflow flaw was found in the way the Linux kernel randomized the stack for processes on certain 64-bit architecture systems, such as x86-64, causing the stack entropy to be reduced by four. (CVE-2015-1593, Low) This update also fixes several bugs. Documentation for these changes is available from the following Knowledgebase article : The system must be rebooted for this update to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1506&L=scientific-linux-errata&F=&S=&P=13468 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?db2f80bb" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/26"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"SL7", reference:"kernel-abi-whitelists-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"SL7", reference:"kernel-doc-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-debuginfo-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-debuginfo-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-3.10.0-229.7.2.el7")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-debuginfo-3.10.0-229.7.2.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc"); }
NASL family Scientific Linux Local Security Checks NASL id SL_20150609_KERNEL_ON_SL6_X.NASL description * It was found that the Linux kernel last seen 2020-03-18 modified 2015-06-10 plugin id 84078 published 2015-06-10 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84078 title Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20150609) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-058.NASL description Multiple vulnerabilities has been found and corrected in the Linux kernel : The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644 (CVE-2013-7421). arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU (CVE-2014-3690). arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value (CVE-2014-8133). net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers (CVE-2014-8160). The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a negative groups issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c (CVE-2014-8989). The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address (CVE-2014-9419). The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image (CVE-2014-9420). The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows remote attackers to cause a denial of service (mesh-node system crash) via fragmented packets (CVE-2014-9428). Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key (CVE-2014-9529). The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image (CVE-2014-9584). The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD (CVE-2014-9585). The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421 (CVE-2014-9644). Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename (CVE-2014-9683). The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction (CVE-2015-0239). The updated packages provides a solution for these security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 81941 published 2015-03-19 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81941 title Mandriva Linux Security Advisory : kernel (MDVSA-2015:058) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0069.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - x86_64, vdso: Fix the vdso address randomization algorithm (Andy Lutomirski) [Orabug: 21226729] (CVE-2014-9585) - isofs: Fix infinite looping over CE entries (Jan Kara) [Orabug: 21225975] (CVE-2014-9420) - x86_64, switch_to: Load TLS descriptors before switching DS and ES (Andy Lutomirski) [Orabug: 21225937] (CVE-2014-9419) - xen-netfront: use correct linear area after linearizing an skb (David Vrabel) [Orabug: 21209908] - sched: Prevent divide by zero when cpu power calculation is 0 (Todd Vierling) [Orabug: 21123125] last seen 2020-06-01 modified 2020-06-02 plugin id 84141 published 2015-06-12 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84141 title OracleVM 3.3 : kernel-uek (OVMSA-2015-0069) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-1137.NASL description From Red Hat Security Advisory 2015:1137 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 84352 published 2015-06-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84352 title Oracle Linux 7 : kernel (ELSA-2015-1137) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1483.NASL description According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the Linux kernel last seen 2020-03-19 modified 2019-05-13 plugin id 124807 published 2019-05-13 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124807 title EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1483) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-0178-1.NASL description The SUSE Linux Enterprise 12 kernel was updated to 3.12.36 to receive various security and bugfixes. Following security bugs were fixed : - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 did not properly maintain the semantics of rename_lock, which allowed local users to cause a denial of service (deadlock and system hang) via a crafted application (bnc#903640). - CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 did not restrict the number of Rock Ridge continuation entries, which allowed local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image (bnc#906545 911325). - CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors did not ensure that the value in the CR4 control register remained the same after a VM entry, which allowed host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU (bnc#902232). - CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that triggered an incorrect uncork within the side-effect interpreter (bnc#902349). - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD (bnc#912705). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 83678 published 2015-05-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83678 title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:0178-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-1081.NASL description From Red Hat Security Advisory 2015:1081 : Updated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 84073 published 2015-06-10 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84073 title Oracle Linux 6 : kernel (ELSA-2015-1081) NASL family Fedora Local Security Checks NASL id FEDORA_2015-0517.NASL description The 3.17.8 stable update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-01-12 plugin id 80452 published 2015-01-12 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80452 title Fedora 21 : kernel-3.17.8-300.fc21 (2015-0517) NASL family SuSE Local Security Checks NASL id SUSE_11_KERNEL-150306.NASL description The SUSE Linux Enterprise 11 SP3 kernel has been updated to receive various security and bugfixes. New features enabled : - The Ceph and rbd remote network block device drivers are now enabled and supported, to serve as client for SUSE Enterprise Storage 1.0. (FATE#318328) - Support to selected Bay Trail CPUs used in Point of Service Hardware was enabled. (FATE#317933) - Broadwell Legacy Audio, HDMI Audio and DisplayPort Audio support (Audio Driver: HD-A HDMI/DP Audio/HDA Analog/DSP) was enabled. (FATE#317347) The following security bugs have been fixed : - An integer overflow in the stack randomization on 64-bit systems lead to less effective stack ASLR on those systems. (bsc#917839). (CVE-2015-1593) - iptables rules could be bypassed if the specific network protocol module was not loaded, allowing e.g. SCTP to bypass the firewall if the sctp protocol was not enabled. (bsc#913059). (CVE-2014-8160) - A flaw was found in the way the Linux kernels splice() system call validated its parameters. On certain file systems, a local, unprivileged user could have used this flaw to write past the maximum file size, and thus crash the system. (bnc#915322). (CVE-2014-7822) - The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel did not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which made it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address. (bnc#911326). (CVE-2014-9419) - The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image. (bnc#912654). (CVE-2014-9584) - The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. (bnc#912705). (CVE-2014-9585) - The d_walk function in fs/dcache.c in the Linux kernel did not properly maintain the semantics of rename_lock, which allowed local users to cause a denial of service (deadlock and system hang) via a crafted application. (bnc#903640). (CVE-2014-8559) - The rock_continue function in fs/isofs/rock.c in the Linux kernel did not restrict the number of Rock Ridge continuation entries, which allowed local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image (bsc#911325). (CVE-2014-9420) - The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel used an improper paravirt_enabled setting for KVM guest kernels, which made it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value (bnc#907818 909077 909078). (CVE-2014-8134) - The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel miscalculated the number of pages during the handling of a mapping failure, which allowed guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601 (bsc#902675). (CVE-2014-8369) - arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel on Intel processors did not ensure that the value in the CR4 control register remains the same after a VM entry, which allowed host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU. (bnc#902232). (CVE-2014-3690) - Race condition in arch/x86/kvm/x86.c in the Linux kernel allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313. (bnc#905312). (CVE-2014-7842) - The Netlink implementation in the Linux kernel did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program. (bnc#875051). (CVE-2014-0181) - The SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an associations output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. (bnc#902351). (CVE-2014-3688) - The pivot_root implementation in fs/namespace.c in the Linux kernel did not properly interact with certain locations of a chroot directory, which allowed local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call. (bnc#900644). (CVE-2014-7970) - The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. (bnc#902349, bnc#904899). (CVE-2014-3687) The following non-security bugs have been fixed : - ACPI idle: permit sparse C-state sub-state numbers (bnc#908550,FATE#317933). - ALSA : hda - not use assigned converters for all unused pins (FATE#317933). - ALSA: hda - Add Device IDs for Intel Wildcat Point-LP PCH (FATE#317347). - ALSA: hda - Fix onboard audio on Intel H97/Z97 chipsets (FATE#317347). - ALSA: hda - add PCI IDs for Intel BayTrail (FATE#317347). - ALSA: hda - add PCI IDs for Intel Braswell (FATE#317347). - ALSA: hda - add codec ID for Braswell display audio codec (FATE#317933). - ALSA: hda - add codec ID for Broadwell display audio codec (FATE#317933). - ALSA: hda - add codec ID for Valleyview2 display codec (FATE#317933). - ALSA: hda - define is_haswell() to check if a display audio codec is Haswell (FATE#317933). - ALSA: hda - hdmi: Re-setup pin and infoframe on plug-in on all codecs (FATE#317933). - ALSA: hda - not choose assigned converters for unused pins of Valleyview (FATE#317933). - ALSA: hda - rename function not_share_unassigned_cvt() (FATE#317933). - ALSA: hda - unmute pin amplifier in infoframe setup for Haswell (FATE#317933). - ALSA: hda - verify pin:converter connection on unsol event for HSW and VLV (FATE#317933). - ALSA: hda - verify pin:cvt connection on preparing a stream for Intel HDMI codec (FATE#317933). - ALSA: hda/hdmi - apply Valleyview fix-ups to Cherryview display codec (FATE#317933). - ALSA: hda/hdmi - apply all Haswell fix-ups to Broadwell display codec (FATE#317933). - ALSA: hda_intel: Add Device IDs for Intel Sunrise Point PCH (FATE#317347). - ALSA: hda_intel: Add DeviceIDs for Sunrise Point-LP (FATE#317347). - Add support for AdvancedSilicon HID multitouch screen (2149:36b1) (FATE#317933). - Disable switching to bootsplash at oops/panic. (bnc#877593) - Do not trigger congestion wait on dirty-but-not-writeout pages (VM Performance, bnc#909093, bnc#910517). - Fix HDIO_DRIVE_* ioctl() regression. (bnc#833588, bnc#905799) - Fix Module.supported handling for external modules. (bnc#905304) - Fix zero freq if frequency is requested too quickly in a row. (bnc#908572) - Fix zero freq if frequency is requested too quickly in a row. (bnc#908572) - Fixup kABI after patches.fixes/writeback-do-not-sync-data-dirtied-after-s ync-start.patch. (bnc#833820) - Force native backlight for HP POS machines (bnc#908551,FATE#317933). - HID: use multi input quirk for 22b9:2968 (FATE#317933). - IPoIB: Use a private hash table for path lookup in xmit path (bsc#907196). - Import kabi files from kernel 3.0.101-0.40 - KEYS: Fix stale key registration at error path. (bnc#908163) - NFS: Add sequence_priviliged_ops for nfs4_proc_sequence(). (bnc#864401) - NFS: do not use STABLE writes during writeback. (bnc#816099) - NFSv4.1 handle DS stateid errors. (bnc#864401) - NFSv4.1: Do not decode skipped layoutgets. (bnc#864411) - NFSv4.1: Fix a race in the pNFS return-on-close code. (bnc#864409) - NFSv4.1: Fix an ABBA locking issue with session and state serialisation. (bnc#864409) - NFSv4.1: We must release the sequence id when we fail to get a session slot. (bnc#864401) - NFSv4: Do not accept delegated opens when a delegation recall is in effect. (bnc#864409) - NFSv4: Ensure correct locking when accessing the last seen 2020-06-01 modified 2020-06-02 plugin id 82020 published 2015-03-24 reporter This script is Copyright (C) 2015 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82020 title SuSE 11.3 Security Update : Linux Kernel (SAT Patch Numbers 10412 / 10415 / 10416) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2515-1.NASL description A flaw was discovered in the Kernel Virtual Machine last seen 2020-06-01 modified 2020-06-02 plugin id 81568 published 2015-02-27 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81568 title Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-1137.NASL description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 84346 published 2015-06-24 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84346 title CentOS 7 : kernel (CESA-2015:1137) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2490-1.NASL description Andy Lutomirski discovered an information leak in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 81163 published 2015-02-04 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81163 title Ubuntu 10.04 LTS : linux vulnerabilities (USN-2490-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-302.NASL description The Linux kernel was updated to fix bugs and security issues : Following security issues were fixed: CVE-2015-2830: A flaw was found in the way the Linux kernels 32-bit emulation implementation handled forking or closing of a task with an int80 entry. A local user could have potentially used this flaw to escalate their privileges on the system. CVE-2015-2042: A kernel information leak in rds sysctl files was fixed. CVE-2014-9683: Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename. CVE-2015-0275: A BUG_ON in ext4 was fixed which could be triggered by local users. CVE-2015-2666: A buffer overflow when loading microcode files into the kernel could be used by the administrator to execute code in the kernel, bypassing secure boot measures. - CVE-2015-1421: Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel allowed remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. - CVE-2015-2150: XSA-120: Guests were permitted to modify all bits of the PCI command register of passed through cards, which could lead to Host system crashes. - CVE-2015-0777: The XEN usb backend could leak information to the guest system due to copying uninitialized memory. - CVE-2015-1593: A integer overflow reduced the effectiveness of the stack randomization on 64-bit systems. - CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel did not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which made it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address. - CVE-2014-9428: The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel used an incorrect length field during a calculation of an amount of memory, which allowed remote attackers to cause a denial of service (mesh-node system crash) via fragmented packets. - CVE-2014-8160: net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel generated incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allowed remote attackers to bypass intended access restrictions via packets with disallowed port numbers. - CVE-2014-9529: Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. - CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the Linux kernel did not restrict the number of Rock Ridge continuation entries, which allowed local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image. - CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image. - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel through did not properly maintain the semantics of rename_lock, which allowed local users to cause a denial of service (deadlock and system hang) via a crafted application. - CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel used an improper paravirt_enabled setting for KVM guest kernels, which made it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. Following bugs were fixed : - powerpc/pci: Fix IO space breakage after of_pci_range_to_resource() change (bnc#922542). - cifs: fix use-after-free bug in find_writable_file (bnc#909477). - usb: Do not allow usb_alloc_streams on unconfigured devices (bsc#920581). - fuse: honour max_read and max_write in direct_io mode (bnc#918954). - switch iov_iter_get_pages() to passing maximal number of pages (bnc#918954). - bcache: fix a livelock in btree lock v2 (bnc#910440) (bnc#910440). Updated because another version went upstream - drm/i915: Initialise userptr mmu_notifier serial to 1 (bnc#918970). - NFS: Don last seen 2020-06-05 modified 2015-04-14 plugin id 82756 published 2015-04-14 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82756 title openSUSE Security Update : Linux Kernel (openSUSE-2015-302) NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-0652-1.NASL description The SUSE Linux Enterprise 11 Service Pack 1 LTSS kernel was updated to fix security issues on kernels on the x86_64 architecture. The following security bugs have been fixed : - CVE-2013-4299: Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allowed remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device (bnc#846404). - CVE-2014-8160: SCTP firewalling failed until the SCTP module was loaded (bnc#913059). - CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image (bnc#912654). - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD (bnc#912705). - CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 did not restrict the number of Rock Ridge continuation entries, which allowed local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image (bnc#911325). - CVE-2014-0181: The Netlink implementation in the Linux kernel through 3.14.1 did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051). - CVE-2010-5313: Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 allowed L2 guest OS users to cause a denial of service (L1 guest OS crash) via a crafted instruction that triggers an L2 emulation failure report, a similar issue to CVE-2014-7842 (bnc#907822). - CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313 (bnc#905312). - CVE-2014-3688: The SCTP implementation in the Linux kernel before 3.17.4 allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an associations output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351). - CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter (bnc#902349). - CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346). - CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (bnc#905100). - CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets (bnc#904700). - CVE-2013-7263: The Linux kernel before 3.12.4 updated certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c (bnc#857643). - CVE-2012-6657: The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 did not ensure that a keepalive action is associated with a stream socket, which allowed local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket (bnc#896779). - CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). - CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 83708 published 2015-05-20 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83708 title SUSE SLES11 Security Update : kernel (SUSE-SU-2015:0652-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2516-3.NASL description USN-2516-1 fixed vulnerabilities in the Linux kernel, and the fix in USN-2516-2 was incomplete. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. A flaw was discovered in the Kernel Virtual Machine last seen 2020-06-01 modified 2020-06-02 plugin id 81646 published 2015-03-05 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81646 title Ubuntu 14.04 LTS : linux vulnerabilities (USN-2516-3) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1138.NASL description Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 84357 published 2015-06-24 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84357 title RHEL 6 : MRG (RHSA-2015:1138) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-1081.NASL description Updated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 84091 published 2015-06-11 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84091 title CentOS 6 : kernel (CESA-2015:1081) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2515-2.NASL description USN-2515-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. A flaw was discovered in the Kernel Virtual Machine last seen 2020-06-01 modified 2020-06-02 plugin id 81645 published 2015-03-05 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81645 title Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-2) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-3041.NASL description Description of changes: kernel-uek [3.8.13-68.3.2.el7uek] - x86_64, vdso: Fix the vdso address randomization algorithm (Andy Lutomirski) [Orabug: 21226729] {CVE-2014-9585} - isofs: Fix infinite looping over CE entries (Jan Kara) [Orabug: 21225975] {CVE-2014-9420} - x86_64, switch_to(): Load TLS descriptors before switching DS and ES (Andy Lutomirski) [Orabug: 21225937] {CVE-2014-9419} last seen 2020-06-01 modified 2020-06-02 plugin id 84108 published 2015-06-11 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84108 title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3041) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2516-2.NASL description USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. A flaw was discovered in the Kernel Virtual Machine last seen 2020-06-01 modified 2020-06-02 plugin id 81590 published 2015-03-02 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81590 title Ubuntu 14.04 LTS : linux vulnerability (USN-2516-2) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2491-1.NASL description Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register in the x86 architecture. A local attacker could exploit this flaw to gain administrative privileges. (CVE-2014-9322) Lars Bull reported a race condition in the PIT (programmable interrupt timer) emulation in the KVM (Kernel Virtual Machine) subsystem of the Linux kernel. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host. (CVE-2014-3611) Lars Bull and Nadav Amit reported a flaw in how KVM (the Kernel Virtual Machine) handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host. (CVE-2014-3610) Andy Lutomirski discovered an information leak in the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 81164 published 2015-02-04 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81164 title Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2491-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1081.NASL description Updated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 84075 published 2015-06-10 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84075 title RHEL 6 : kernel (RHSA-2015:1081) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-3042.NASL description Description of changes: [2.6.39-400.250.5.el6uek] - x86_64, vdso: Fix the vdso address randomization algorithm (Andy Lutomirski) [Orabug: 21226730] {CVE-2014-9585} - isofs: Fix infinite looping over CE entries (Jan Kara) [Orabug: 21225976] {CVE-2014-9420} - x86_64, switch_to(): Load TLS descriptors before switching DS and ES (Andy Lutomirski) [Orabug: 21225938] {CVE-2014-9419} [2.6.39-400.250.4.el6uek] - IB/ipoib: Disable TSO in connected mode (Yuval Shaia) [Orabug: 20637991] [2.6.39-400.250.3.el6uek] - af_unix: dont send SCM_CREDENTIALS by default (Eric Dumazet) [Orabug: 20604916] - scm: Capture the full credentials of the scm sender (Tim Chen) [Orabug: 20604916] - af_unix: limit recursion level (Eric Dumazet) [Orabug: 20604916] - af_unix: Allow credentials to work across user and pid namespaces. (Eric W. Biederman) [Orabug: 20604916] - scm: Capture the full credentials of the scm sender. (Eric W. Biederman) [Orabug: 20604916] - BUG_ON(lockres->l_level != DLM_LOCK_EX !checkpointed) tripped in ocfs2_ci_checkpointed (Tariq Saeed) [Orabug: 20189959] - sched: Prevent divide by zero when cpu power calculation is 0 (Todd Vierling) [Orabug: 17936435] last seen 2020-06-01 modified 2020-06-02 plugin id 84109 published 2015-06-11 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84109 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3042) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-3043.NASL description Description of changes: kernel-uek [2.6.32-400.37.5.el6uek] - x86_64, vdso: Fix the vdso address randomization algorithm (Andy Lutomirski) [Orabug: 21226731] {CVE-2014-9585} - isofs: Fix infinite looping over CE entries (Jan Kara) [Orabug: 21225977] {CVE-2014-9420} - x86_64, switch_to(): Load TLS descriptors before switching DS and ES (Andy Lutomirski) [Orabug: 21225939] {CVE-2014-9419} last seen 2020-06-01 modified 2020-06-02 plugin id 84110 published 2015-06-11 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84110 title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3043) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2516-1.NASL description A flaw was discovered in the Kernel Virtual Machine last seen 2020-06-01 modified 2020-06-02 plugin id 81569 published 2015-02-27 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81569 title Ubuntu 14.04 LTS : linux vulnerabilities (USN-2516-1) NASL family Fedora Local Security Checks NASL id FEDORA_2015-0515.NASL description The 3.17.8 stable update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-01-13 plugin id 80465 published 2015-01-13 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80465 title Fedora 20 : kernel-3.17.8-200.fc20 (2015-0515)
Redhat
advisories |
| ||||||||||||
rpms |
|
References
- http://www.openwall.com/lists/oss-security/2014/12/25/4
- https://bugzilla.redhat.com/show_bug.cgi?id=1175235
- https://github.com/torvalds/linux/commit/f54e18f1b831c92f6512d2eedb224cd63d607d3d
- http://secunia.com/advisories/62801
- http://www.ubuntu.com/usn/USN-2492-1
- http://www.ubuntu.com/usn/USN-2518-1
- http://www.ubuntu.com/usn/USN-2515-1
- http://www.ubuntu.com/usn/USN-2516-1
- http://www.ubuntu.com/usn/USN-2493-1
- http://www.ubuntu.com/usn/USN-2490-1
- http://www.ubuntu.com/usn/USN-2517-1
- http://www.ubuntu.com/usn/USN-2491-1
- http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:058
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147864.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147973.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html
- https://source.android.com/security/bulletin/2017-01-01.html
- http://rhn.redhat.com/errata/RHSA-2015-1138.html
- http://rhn.redhat.com/errata/RHSA-2015-1137.html
- http://rhn.redhat.com/errata/RHSA-2015-1081.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f54e18f1b831c92f6512d2eedb224cd63d607d3d