Vulnerabilities > CVE-2016-4470

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
oracle
linux
novell
redhat
nessus

Summary

The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.

Vulnerable Configurations

Part Description Count
OS
Oracle
5
OS
Linux
2777
OS
Novell
1
OS
Redhat
10

Nessus

  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL55672042.NASL
    descriptionThe key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. (CVE-2016-4470)
    last seen2020-03-17
    modified2016-10-24
    plugin id94206
    published2016-10-24
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94206
    titleF5 Networks BIG-IP : Linux kernel vulnerability (K55672042)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from F5 Networks BIG-IP Solution K55672042.
    #
    # The text description of this plugin is (C) F5 Networks.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94206);
      script_version("2.12");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/09");
    
      script_cve_id("CVE-2016-4470");
    
      script_name(english:"F5 Networks BIG-IP : Linux kernel vulnerability (K55672042)");
      script_summary(english:"Checks the BIG-IP version.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote device is missing a vendor-supplied security patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The key_reject_and_link function in security/keys/key.c in the Linux
    kernel through 4.6.3 does not ensure that a certain data structure is
    initialized, which allows local users to cause a denial of service
    (system crash) via vectors involving a crafted keyctl request2
    command. (CVE-2016-4470)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://cve.mitre.org/cgi-bin/cvename.cgi?name=(CVE-2016-4470"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://support.f5.com/csp/article/K55672042"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade to one of the non-vulnerable versions listed in the F5
    Solution K55672042."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip");
      script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"F5 Networks Local Security Checks");
    
      script_dependencies("f5_bigip_detect.nbin");
      script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version");
    
      exit(0);
    }
    
    
    include("f5_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    version = get_kb_item("Host/BIG-IP/version");
    if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP");
    if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix");
    if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules");
    
    sol = "K55672042";
    vmatrix = make_array();
    
    # AFM
    vmatrix["AFM"] = make_array();
    vmatrix["AFM"]["affected"  ] = make_list("12.0.0-12.1.2","11.4.0-11.6.1");
    vmatrix["AFM"]["unaffected"] = make_list("13.0.0","12.1.2HF1","11.6.2","11.5.4HF3");
    
    # AM
    vmatrix["AM"] = make_array();
    vmatrix["AM"]["affected"  ] = make_list("12.0.0-12.1.2","11.4.0-11.6.1");
    vmatrix["AM"]["unaffected"] = make_list("13.0.0","12.1.2HF1","11.6.2","11.5.4HF3");
    
    # APM
    vmatrix["APM"] = make_array();
    vmatrix["APM"]["affected"  ] = make_list("12.0.0-12.1.2","11.4.0-11.6.1","11.2.1");
    vmatrix["APM"]["unaffected"] = make_list("13.0.0","12.1.2HF1","11.6.2","11.5.4HF3","10.2.1-10.2.4");
    
    # ASM
    vmatrix["ASM"] = make_array();
    vmatrix["ASM"]["affected"  ] = make_list("12.0.0-12.1.2","11.4.0-11.6.1","11.2.1");
    vmatrix["ASM"]["unaffected"] = make_list("13.0.0","12.1.2HF1","11.6.2","11.5.4HF3","10.2.1-10.2.4");
    
    # AVR
    vmatrix["AVR"] = make_array();
    vmatrix["AVR"]["affected"  ] = make_list("12.0.0-12.1.2","11.4.0-11.6.1","11.2.1");
    vmatrix["AVR"]["unaffected"] = make_list("13.0.0","12.1.2HF1","11.6.2","11.5.4HF3");
    
    # GTM
    vmatrix["GTM"] = make_array();
    vmatrix["GTM"]["affected"  ] = make_list("11.4.0-11.6.1","11.2.1");
    vmatrix["GTM"]["unaffected"] = make_list("11.6.2","11.5.4HF3","10.2.1-10.2.4");
    
    # LC
    vmatrix["LC"] = make_array();
    vmatrix["LC"]["affected"  ] = make_list("12.0.0-12.1.2","11.4.0-11.6.1","11.2.1");
    vmatrix["LC"]["unaffected"] = make_list("13.0.0","12.1.2HF1","11.6.2","11.5.4HF3","10.2.1-10.2.4");
    
    # LTM
    vmatrix["LTM"] = make_array();
    vmatrix["LTM"]["affected"  ] = make_list("12.0.0-12.1.2","11.4.0-11.6.1","11.2.1");
    vmatrix["LTM"]["unaffected"] = make_list("13.0.0","12.1.2HF1","11.6.2","11.5.4HF3","10.2.1-10.2.4");
    
    # PEM
    vmatrix["PEM"] = make_array();
    vmatrix["PEM"]["affected"  ] = make_list("12.0.0-12.1.2","11.4.0-11.6.1");
    vmatrix["PEM"]["unaffected"] = make_list("13.0.0","12.1.2HF1","11.6.2","11.5.4HF3");
    
    # PSM
    vmatrix["PSM"] = make_array();
    vmatrix["PSM"]["affected"  ] = make_list("11.4.0-11.4.1");
    vmatrix["PSM"]["unaffected"] = make_list("10.2.1-10.2.4");
    
    # WAM
    vmatrix["WAM"] = make_array();
    vmatrix["WAM"]["affected"  ] = make_list("11.2.1");
    vmatrix["WAM"]["unaffected"] = make_list("10.2.1-10.2.4");
    
    # WOM
    vmatrix["WOM"] = make_array();
    vmatrix["WOM"]["affected"  ] = make_list("11.2.1");
    vmatrix["WOM"]["unaffected"] = make_list("10.2.1-10.2.4");
    
    
    if (bigip_is_affected(vmatrix:vmatrix, sol:sol))
    {
      if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = bigip_get_tested_modules();
      audit_extra = "For BIG-IP module(s) " + tested + ",";
      if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);
      else audit(AUDIT_HOST_NOT, "running any of the affected modules");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-1541.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. * A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id92695
    published2016-08-03
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92695
    titleRHEL 7 : kernel-rt (RHSA-2016:1541)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2016:1541. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92695);
      script_version("2.13");
      script_cvs_date("Date: 2019/10/24 15:35:41");
    
      script_cve_id("CVE-2015-8660", "CVE-2016-4470");
      script_xref(name:"RHSA", value:"2016:1541");
    
      script_name(english:"RHEL 7 : kernel-rt (RHSA-2016:1541)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kernel-rt is now available for Red Hat Enterprise Linux
    7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel-rt packages provide the Real Time Linux Kernel, which
    enables fine-tuning for systems with extremely high determinism
    requirements.
    
    * A flaw was found in the Linux kernel's keyring handling code, where
    in key_reject_and_link() an uninitialised variable would eventually
    lead to arbitrary free address which could allow attacker to use a
    use-after-free style attack. (CVE-2016-4470, Important)
    
    * The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel
    through 4.3.3 attempts to merge distinct setattr operations, which
    allows local users to bypass intended access restrictions and modify
    the attributes of arbitrary overlay files via a crafted application.
    (CVE-2015-8660, Moderate)
    
    Red Hat would like to thank Nathan Williams for reporting
    CVE-2015-8660. The CVE-2016-4470 issue was discovered by David Howells
    (Red Hat Inc.).
    
    The kernel-rt packages have been upgraded to the
    kernel-3.10.0-327.28.2.el7 source tree, which provides a number of bug
    fixes over the previous version. (BZ#1350307)
    
    This update also fixes the following bugs :
    
    * Previously, use of the get/put_cpu_var() function in function
    refill_stock () from the memcontrol cgroup code lead to a 'scheduling
    while atomic' warning. With this update, refill_stock() uses the
    get/put_cpu_light() function instead, and the warnings no longer
    appear. (BZ#1347171)
    
    * Prior to this update, if a real time task pinned to a given CPU was
    taking 100% of the CPU time, then calls to the lru_add_drain_all()
    function on other CPUs blocked for an undetermined amount of time.
    This caused latencies and undesired side effects. With this update,
    lru_add_drain_all() has been changed to drain the LRU pagevecs of
    remote CPUs. (BZ#1348523)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2016:1541"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-8660"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-4470"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Overlayfs Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2015-8660", "CVE-2016-4470");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2016:1541");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2016:1541";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debug-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debug-debuginfo-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debug-devel-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debug-kvm-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debug-kvm-debuginfo-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debuginfo-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debuginfo-common-x86_64-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-devel-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
      if (rpm_check(release:"RHEL7", reference:"kernel-rt-doc-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-kvm-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-kvm-debuginfo-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-trace-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-trace-debuginfo-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-trace-devel-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-trace-kvm-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-trace-kvm-debuginfo-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc");
      }
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2002-1.NASL
    descriptionThis update for the Linux Kernel 3.12.51-52_34 fixes several issues. The following security bugs were fixed : - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93276
    published2016-09-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93276
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2016:2002-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2016:2002-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93276);
      script_version("2.7");
      script_cvs_date("Date: 2019/09/11 11:22:13");
    
      script_cve_id("CVE-2013-7446", "CVE-2015-8816", "CVE-2016-0758", "CVE-2016-1583", "CVE-2016-2053", "CVE-2016-3134", "CVE-2016-4470", "CVE-2016-4565");
    
      script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2016:2002-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for the Linux Kernel 3.12.51-52_34 fixes several issues.
    The following security bugs were fixed :
    
      - CVE-2016-4470: The key_reject_and_link function in
        security/keys/key.c in the Linux kernel did not ensure
        that a certain data structure is initialized, which
        allowed local users to cause a denial of service (system
        crash) via vectors involving a crafted keyctl request2
        command (bsc#984764).
    
      - CVE-2016-1583: The ecryptfs_privileged_open function in
        fs/ecryptfs/kthread.c in the Linux kernel allowed local
        users to gain privileges or cause a denial of service
        (stack memory consumption) via vectors involving crafted
        mmap calls for /proc pathnames, leading to recursive
        pagefault handling (bsc#983144).
    
      - CVE-2016-4565: The InfiniBand (aka IB) stack in the
        Linux kernel incorrectly relied on the write system
        call, which allowed local users to cause a denial of
        service (kernel memory write operation) or possibly have
        unspecified other impact via a uAPI interface
        (bsc#980883).
    
      - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in
        the Linux kernel allowed local users to gain privileges
        via crafted ASN.1 data (bsc#980856).
    
      - CVE-2016-2053: The asn1_ber_decoder function in
        lib/asn1_decoder.c in the Linux kernel allowed attackers
        to cause a denial of service (panic) via an ASN.1 BER
        file that lacks a public key, leading to mishandling by
        the public_key_verify_signature function in
        crypto/asymmetric_keys/public_key.c (bsc#979074).
    
      - CVE-2015-8816: The hub_activate function in
        drivers/usb/core/hub.c in the Linux kernel did not
        properly maintain a hub-interface data structure, which
        allowed physically proximate attackers to cause a denial
        of service (invalid memory access and system crash) or
        possibly have unspecified other impact by unplugging a
        USB hub device (bsc#979064).
    
      - CVE-2016-3134: The netfilter subsystem in the Linux
        kernel did not validate certain offset fields, which
        allowed local users to gain privileges or cause a denial
        of service (heap memory corruption) via an
        IPT_SO_SET_REPLACE setsockopt call (bsc#971793).
    
      - CVE-2013-7446: Use-after-free vulnerability in
        net/unix/af_unix.c in the Linux kernel allowed local
        users to bypass intended AF_UNIX socket permissions or
        cause a denial of service (panic) via crafted epoll_ctl
        calls (bsc#973570, bsc#955837).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=955837"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=971793"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=973570"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=979064"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=979074"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=980856"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=980883"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=983144"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=984764"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2013-7446/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8816/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-0758/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-1583/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-2053/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-3134/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4470/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4565/"
      );
      # https://www.suse.com/support/update/announcement/2016/suse-su-20162002-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?664c10b2"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server for SAP 12:zypper in -t patch
    SUSE-SLE-SAP-12-2016-1190=1
    
    SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-2016-1190=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_34-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_51-52_34-xen");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kgraft-patch-3_12_51-52_34-default-5-2.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kgraft-patch-3_12_51-52_34-xen-5-2.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-1C409313F4.NASL
    descriptionRebase to latest upstream 4.6 release, 4.6.3. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-15
    plugin id92232
    published2016-07-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92232
    titleFedora 24 : kernel (2016-1c409313f4)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2016-1c409313f4.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92232);
      script_version("2.9");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-1583", "CVE-2016-4470", "CVE-2016-4997", "CVE-2016-4998", "CVE-2016-5728");
      script_xref(name:"FEDORA", value:"2016-1c409313f4");
    
      script_name(english:"Fedora 24 : kernel (2016-1c409313f4)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Rebase to latest upstream 4.6 release, 4.6.3.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-1c409313f4"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/06/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/15");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2016-1583", "CVE-2016-4470", "CVE-2016-4997", "CVE-2016-4998", "CVE-2016-5728");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for FEDORA-2016-1c409313f4");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    if (rpm_check(release:"FC24", reference:"kernel-4.6.3-300.fc24")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3055-1.NASL
    descriptionBen Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3135) It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4470) Sasha Levin discovered that a use-after-free existed in the percpu allocator in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-4794) Kangjie Lu discovered an information leak in the netlink implementation of the Linux kernel. A local attacker could use this to obtain sensitive information from kernel memory. (CVE-2016-5243). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id92865
    published2016-08-11
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92865
    titleUbuntu 16.04 LTS : linux vulnerabilities (USN-3055-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3055-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92865);
      script_version("2.9");
      script_cvs_date("Date: 2019/09/18 12:31:46");
    
      script_cve_id("CVE-2016-3135", "CVE-2016-4470", "CVE-2016-4794", "CVE-2016-5243");
      script_xref(name:"USN", value:"3055-1");
    
      script_name(english:"Ubuntu 16.04 LTS : linux vulnerabilities (USN-3055-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Ben Hawkes discovered an integer overflow in the Linux netfilter
    implementation. On systems running 32 bit kernels, a local
    unprivileged attacker could use this to cause a denial of service
    (system crash) or possibly execute arbitrary code with administrative
    privileges. (CVE-2016-3135)
    
    It was discovered that the keyring implementation in the Linux kernel
    did not ensure a data structure was initialized before referencing it
    after an error condition occurred. A local attacker could use this to
    cause a denial of service (system crash). (CVE-2016-4470)
    
    Sasha Levin discovered that a use-after-free existed in the percpu
    allocator in the Linux kernel. A local attacker could use this to
    cause a denial of service (system crash) or possibly execute arbitrary
    code with administrative privileges. (CVE-2016-4794)
    
    Kangjie Lu discovered an information leak in the netlink
    implementation of the Linux kernel. A local attacker could use this to
    obtain sensitive information from kernel memory. (CVE-2016-5243).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3055-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected linux-image-4.4-generic,
    linux-image-4.4-generic-lpae and / or linux-image-4.4-lowlatency
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2016-3135", "CVE-2016-4470", "CVE-2016-4794", "CVE-2016-5243");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3055-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-34-generic", pkgver:"4.4.0-34.53")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-34-generic-lpae", pkgver:"4.4.0-34.53")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-34-lowlatency", pkgver:"4.4.0-34.53")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-63EE0999E4.NASL
    descriptionThe 4.4.14 update contains a number of important fixes across the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-20
    plugin id92442
    published2016-07-20
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92442
    titleFedora 22 : kernel (2016-63ee0999e4)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2016-63ee0999e4.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92442);
      script_version("2.9");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-1583", "CVE-2016-4470", "CVE-2016-4997", "CVE-2016-4998");
      script_xref(name:"FEDORA", value:"2016-63ee0999e4");
    
      script_name(english:"Fedora 22 : kernel (2016-63ee0999e4)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The 4.4.14 update contains a number of important fixes across the tree
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-63ee0999e4"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/07/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/07/20");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2016-1583", "CVE-2016-4470", "CVE-2016-4997", "CVE-2016-4998");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for FEDORA-2016-63ee0999e4");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    if (rpm_check(release:"FC22", reference:"kernel-4.4.14-200.fc22")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-726.NASL
    descriptionIt was found that nfsd is missing permissions check when setting ACL on files, this may allow a local users to gain access to any file by setting a crafted ACL. (CVE-2016-1237) A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id92661
    published2016-08-02
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/92661
    titleAmazon Linux AMI : kernel (ALAS-2016-726)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2016-726.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92661);
      script_version("2.5");
      script_cvs_date("Date: 2018/04/18 15:09:36");
    
      script_cve_id("CVE-2016-1237", "CVE-2016-4470", "CVE-2016-5243", "CVE-2016-5244", "CVE-2016-5696");
      script_xref(name:"ALAS", value:"2016-726");
    
      script_name(english:"Amazon Linux AMI : kernel (ALAS-2016-726)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was found that nfsd is missing permissions check when setting ACL
    on files, this may allow a local users to gain access to any file by
    setting a crafted ACL. (CVE-2016-1237)
    
    A flaw was found in the Linux kernel's keyring handling code, where in
    key_reject_and_link() an uninitialised variable would eventually lead
    to arbitrary free address which could allow attacker to use a
    use-after-free style attack. (CVE-2016-4470)
    
    A leak of information was possible when issuing a netlink command of
    the stack memory area leading up to this function call. An attacker
    could use this to determine stack information for use in a later
    exploit. (CVE-2016-5243)
    
    A vulnerability was found in the Linux kernel in function
    rds_inc_info_copy of file net/rds/recv.c. The last field 'flags' of
    object 'minfo' is not initialized. This can leak data previously at
    the flags location to userspace. (CVE-2016-5244)
    
    A flaw was found in the implementation of the Linux kernel's handling
    of networking challenge ack where an attacker is able to determine the
    shared counter which could be used to determine sequence numbers for
    TCP stream injection. (CVE-2016-5696)
    
    (Updated on 2016-08-17: CVE-2016-5696 was fixed in this release but
    was not previously part of this errata)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2016-726.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update kernel' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/02");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"kernel-4.4.15-25.57.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-debuginfo-4.4.15-25.57.amzn1")) flag++;
    if (rpm_check(release:"ALA", cpu:"i686", reference:"kernel-debuginfo-common-i686-4.4.15-25.57.amzn1")) flag++;
    if (rpm_check(release:"ALA", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-4.4.15-25.57.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-devel-4.4.15-25.57.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-doc-4.4.15-25.57.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-headers-4.4.15-25.57.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-tools-4.4.15-25.57.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-tools-debuginfo-4.4.15-25.57.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-tools-devel-4.4.15-25.57.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"perf-4.4.15-25.57.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"perf-debuginfo-4.4.15-25.57.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1998-1.NASL
    descriptionThis update for the Linux Kernel 3.12.60-52_54 fixes several issues. The following security bugs were fixed : - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93273
    published2016-09-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93273
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2016:1998-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2016:1998-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93273);
      script_version("2.8");
      script_cvs_date("Date: 2019/09/11 11:22:13");
    
      script_cve_id("CVE-2016-4470");
    
      script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2016:1998-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for the Linux Kernel 3.12.60-52_54 fixes several issues.
    The following security bugs were fixed :
    
      - CVE-2016-4470: The key_reject_and_link function in
        security/keys/key.c in the Linux kernel did not ensure
        that a certain data structure is initialized, which
        allowed local users to cause a denial of service (system
        crash) via vectors involving a crafted keyctl request2
        command (bsc#984764).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=984764"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-4470/"
      );
      # https://www.suse.com/support/update/announcement/2016/suse-su-20161998-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?bdc310a1"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server for SAP 12:zypper in -t patch
    SUSE-SLE-SAP-12-2016-1170=1
    
    SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-2016-1170=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_54-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_60-52_54-xen");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kgraft-patch-3_12_60-52_54-default-2-2.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kgraft-patch-3_12_60-52_54-xen-2-2.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2133.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id94463
    published2016-11-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94463
    titleRHEL 6 : kernel (RHSA-2016:2133) (Dirty COW)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2016:2133. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94463);
      script_version("2.20");
      script_cvs_date("Date: 2019/10/24 15:35:42");
    
      script_cve_id("CVE-2016-4470", "CVE-2016-5195");
      script_xref(name:"RHSA", value:"2016:2133");
      script_xref(name:"IAVA", value:"2016-A-0306");
    
      script_name(english:"RHEL 6 : kernel (RHSA-2016:2133) (Dirty COW)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kernel is now available for Red Hat Enterprise Linux 6.4
    Advanced Update Support.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es) :
    
    * A race condition was found in the way the Linux kernel's memory
    subsystem handled the copy-on-write (COW) breakage of private
    read-only memory mappings. An unprivileged, local user could use this
    flaw to gain write access to otherwise read-only memory mappings and
    thus increase their privileges on the system. (CVE-2016-5195,
    Important)
    
    * A flaw was found in the Linux kernel's keyring handling code: the
    key_reject_and_link() function could be forced to free an arbitrary
    memory block. An attacker could use this flaw to trigger a
    use-after-free condition on the system, potentially allowing for
    privilege escalation. (CVE-2016-4470, Important)
    
    Red Hat would like to thank Phil Oester for reporting CVE-2016-5195.
    The CVE-2016-4470 issue was discovered by David Howells (Red Hat)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2016:2133"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-4470"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5195"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/11/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/02");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6\.4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.4", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2016-4470", "CVE-2016-5195");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2016:2133");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2016:2133";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"kernel-2.6.32-358.75.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"kernel-debug-2.6.32-358.75.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"kernel-debug-debuginfo-2.6.32-358.75.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"kernel-debug-devel-2.6.32-358.75.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"kernel-debuginfo-2.6.32-358.75.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-358.75.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"kernel-devel-2.6.32-358.75.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", reference:"kernel-doc-2.6.32-358.75.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", reference:"kernel-firmware-2.6.32-358.75.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"kernel-headers-2.6.32-358.75.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"perf-2.6.32-358.75.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"perf-debuginfo-2.6.32-358.75.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"python-perf-2.6.32-358.75.1.el6")) flag++;
      if (rpm_check(release:"RHEL6", sp:"4", cpu:"x86_64", reference:"python-perf-debuginfo-2.6.32-358.75.1.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-1657.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id93094
    published2016-08-24
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93094
    titleRHEL 7 : kernel (RHSA-2016:1657)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2016:1657. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93094);
      script_version("2.12");
      script_cvs_date("Date: 2019/10/24 15:35:41");
    
      script_cve_id("CVE-2016-4470", "CVE-2016-4565", "CVE-2016-5696");
      script_xref(name:"RHSA", value:"2016:1657");
    
      script_name(english:"RHEL 7 : kernel (RHSA-2016:1657)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kernel is now available for Red Hat Enterprise Linux 7.1
    Extended Update Support.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es) :
    
    * A flaw was found in the Linux kernel's keyring handling code, where
    in key_reject_and_link() an uninitialised variable would eventually
    lead to arbitrary free address which could allow attacker to use a
    use-after-free style attack. (CVE-2016-4470, Important)
    
    * A flaw was found in the way certain interfaces of the Linux kernel's
    Infiniband subsystem used write() as bi-directional ioctl()
    replacement, which could lead to insufficient memory security checks
    when being invoked using the splice() system call. A local
    unprivileged user on a system with either Infiniband hardware present
    or RDMA Userspace Connection Manager Access module explicitly loaded,
    could use this flaw to escalate their privileges on the system.
    (CVE-2016-4565, Important)
    
    * A flaw was found in the implementation of the Linux kernel's
    handling of networking challenge ack where an attacker is able to
    determine the shared counter which could be used to determine sequence
    numbers for TCP stream injection. (CVE-2016-5696, Important)
    
    Red Hat would like to thank Jann Horn for reporting CVE-2016-4565 and
    Yue Cao (Cyber Security Group of the CS department of University of
    California in Riverside) for reporting CVE-2016-5696. The
    CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2016:1657"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-4470"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-4565"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5696"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.1");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.1", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2016-4470", "CVE-2016-4565", "CVE-2016-5696");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2016:1657");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2016:1657";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"kernel-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"kernel-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", reference:"kernel-abi-whitelists-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"kernel-debug-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"kernel-debug-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"kernel-debug-debuginfo-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"kernel-debug-devel-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"kernel-debuginfo-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"kernel-debuginfo-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"kernel-debuginfo-common-s390x-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"kernel-devel-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"kernel-devel-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", reference:"kernel-doc-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"kernel-headers-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"kernel-headers-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"kernel-kdump-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"kernel-kdump-debuginfo-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"kernel-kdump-devel-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"kernel-tools-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"kernel-tools-debuginfo-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"perf-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"perf-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"perf-debuginfo-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"perf-debuginfo-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"python-perf-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"python-perf-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"s390x", reference:"python-perf-debuginfo-3.10.0-229.40.1.el7")) flag++;
      if (rpm_check(release:"RHEL7", sp:"1", cpu:"x86_64", reference:"python-perf-debuginfo-3.10.0-229.40.1.el7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
      }
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-609.NASL
    descriptionThis update fixes the CVEs described below. CVE-2016-3857 Chiachih Wu reported two bugs in the ARM OABI compatibility layer that can be used by local users for privilege escalation. The OABI compatibility layer is enabled in all kernel flavours for armel and armhf. CVE-2016-4470 Wade Mealing of the Red Hat Product Security Team reported that in some error cases the KEYS subsystem will dereference an uninitialised pointer. A local user can use the keyctl() system call for denial of service (crash) or possibly for privilege escalation. CVE-2016-5696 Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, and Srikanth V. Krishnamurthy of the University of California, Riverside; and Lisa M. Marvel of the United States Army Research Laboratory discovered that Linux
    last seen2020-03-17
    modified2016-09-06
    plugin id93321
    published2016-09-06
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93321
    titleDebian DLA-609-1 : linux security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-609-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93321);
      script_version("2.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2016-3857", "CVE-2016-4470", "CVE-2016-5696", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7118");
    
      script_name(english:"Debian DLA-609-1 : linux security update");
      script_summary(english:"Checks dpkg output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes the CVEs described below.
    
    CVE-2016-3857
    
    Chiachih Wu reported two bugs in the ARM OABI compatibility layer that
    can be used by local users for privilege escalation. The OABI
    compatibility layer is enabled in all kernel flavours for armel and
    armhf.
    
    CVE-2016-4470
    
    Wade Mealing of the Red Hat Product Security Team reported that in
    some error cases the KEYS subsystem will dereference an uninitialised
    pointer. A local user can use the keyctl() system call for denial of
    service (crash) or possibly for privilege escalation.
    
    CVE-2016-5696
    
    Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, and Srikanth V.
    Krishnamurthy of the University of California, Riverside; and Lisa M.
    Marvel of the United States Army Research Laboratory discovered that
    Linux's implementation of the TCP Challenge ACK feature results in a
    side channel that can be used to find TCP connections between specific
    IP addresses, and to inject messages into those connections.
    
    Where a service is made available through TCP, this may
    allow remote attackers to impersonate another connected user
    to the server or to impersonate the server to another
    connected user. In case the service uses a protocol with
    message authentication (e.g. TLS or SSH), this vulnerability
    only allows denial of service (connection failure). An
    attack takes tens of seconds, so short-lived TCP connections
    are also unlikely to be vulnerable.
    
    This may be mitigated by increasing the rate limit for TCP
    Challenge ACKs so that it is never exceeded: sysctl
    net.ipv4.tcp_challenge_ack_limit=1000000000
    
    CVE-2016-5829
    
    Several heap-based buffer overflow vulnerabilities were found in the
    hiddev driver, allowing a local user with access to a HID device to
    cause a denial of service or potentially escalate their privileges.
    
    CVE-2016-6136
    
    Pengfei Wang discovered that the audit subsystem has a 'double-fetch'
    or 'TOCTTOU' bug in its handling of special characters in the name of
    an executable. Where audit logging of execve() is enabled, this allows
    a local user to generate misleading log messages.
    
    CVE-2016-6480
    
    Pengfei Wang discovered that the aacraid driver for Adaptec RAID
    controllers has a 'double-fetch' or 'TOCTTOU' bug in its validation of
    'FIB' messages passed through the ioctl() system call. This has no
    practical security impact in current Debian releases.
    
    CVE-2016-6828
    
    Marco Grassi reported a 'use-after-free' bug in the TCP
    implementation, which can be triggered by local users. The security
    impact is unclear, but might include denial of service or privilege
    escalation.
    
    CVE-2016-7118
    
    Marcin Szewczyk reported that calling fcntl() on a file descriptor for
    a directory on an aufs filesystem would result in am 'oops'. This
    allows local users to cause a denial of service. This is a
    Debian-specific regression introduced in version 3.2.81-1.
    
    For Debian 7 'Wheezy', these problems have been fixed in version
    3.2.81-2. This version also fixes a build failure (bug #827561) for
    custom kernels with CONFIG_MODULES disabled, a regression in version
    3.2.81-1. It also updates the PREEMPT_RT featureset to version
    3.2.81-rt117.
    
    For Debian 8 'Jessie', CVE-2016-3857 has no impact; CVE-2016-4470 and
    CVE-2016-5829 were fixed in linux version 3.16.7-ckt25-2+deb8u3 or
    earlier; and the remaining issues are fixed in version
    3.16.36-1+deb8u1.
    
    We recommend that you upgrade your linux packages.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2016/09/msg00002.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Upgrade the affected linux package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/09/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"7.0", prefix:"linux", reference:"3.2.81-2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160802_KERNEL_ON_SL7_X.NASL
    descriptionTo see the complete list of bug fixes, users are directed to the related Knowledge Article : Security Fix(es) : - A flaw was found in the Linux kernel
    last seen2020-03-18
    modified2016-08-04
    plugin id92719
    published2016-08-04
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92719
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20160802)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92719);
      script_version("2.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25");
    
      script_cve_id("CVE-2015-8660", "CVE-2016-2143", "CVE-2016-4470");
    
      script_name(english:"Scientific Linux Security Update : kernel on SL7.x x86_64 (20160802)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "To see the complete list of bug fixes, users are directed to the
    related Knowledge Article :
    
    Security Fix(es) :
    
      - A flaw was found in the Linux kernel's keyring handling
        code, where in key_reject_and_link() an uninitialised
        variable would eventually lead to arbitrary free address
        which could allow attacker to use a use-after-free style
        attack. (CVE-2016-4470, Important)
    
      - The ovl_setattr function in fs/overlayfs/inode.c in the
        Linux kernel through 4.3.3 attempts to merge distinct
        setattr operations, which allows local users to bypass
        intended access restrictions and modify the attributes
        of arbitrary overlay files via a crafted application.
        (CVE-2015-8660, Moderate)
    
      - It was reported that on s390x, the fork of a process
        with four page table levels will cause memory corruption
        with a variety of symptoms. All processes are created
        with three level page table and a limit of 4TB for the
        address space. If the parent process has four page table
        levels with a limit of 8PB, the function that duplicates
        the address space will try to copy memory areas outside
        of the address space limit for the child process.
        (CVE-2016-2143, Moderate)
    
    Bug Fix(es) :
    
      - The glibc headers and the Linux headers share certain
        definitions of key structures that are required to be
        defined in kernel and in userspace. In some instances
        both userspace and sanitized kernel headers have to be
        included in order to get the structure definitions
        required by the user program. Unfortunately because the
        glibc and Linux headers don't coordinate this can result
        in compilation errors. The glibc headers have therefore
        been fixed to coordinate with Linux UAPI-based headers.
        With the header coordination compilation errors no
        longer occur.
    
      - When running the TCP/IPv6 traffic over the mlx4_en
        networking interface on the big endian architectures,
        call traces reporting about a 'hw csum failure' could
        occur. With this update, the mlx4_en driver has been
        fixed by correction of the checksum calculation for the
        big endian architectures. As a result, the call trace
        error no longer appears in the log messages.
    
      - Under significant load, some applications such as
        logshifter could generate bursts of log messages too
        large for the system logger to spool. Due to a race
        condition, log messages from that application could then
        be lost even after the log volume dropped to manageable
        levels. This update fixes the kernel mechanism used to
        notify the transmitter end of the socket used by the
        system logger that more space is available on the
        receiver side, removing a race condition which
        previously caused the sender to stop transmitting new
        messages and allowing all log messages to be processed
        correctly.
    
      - Previously, after heavy open or close of the Accelerator
        Function Unit (AFU) contexts, the interrupt packet went
        out and the AFU context did not see any interrupts.
        Consequently, a kernel panic could occur. The provided
        patch set fixes handling of the interrupt requests, and
        kernel panic no longer occurs in the described
        situation.
    
      - net: recvfrom would fail on short buffer.
    
      - Backport rhashtable changes from upstream.
    
      - Server Crashing after starting Glusterd &amp; creating
        volumes.
    
      - RAID5 reshape deadlock fix.
    
      - BDX perf uncore support fix."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1608&L=scientific-linux-errata&F=&S=&P=3509
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d63534e6"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Overlayfs Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-3.10.0-327.28.2.el7")) flag++;
    if (rpm_check(release:"SL7", reference:"kernel-abi-whitelists-3.10.0-327.28.2.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-327.28.2.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.10.0-327.28.2.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-327.28.2.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-3.10.0-327.28.2.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.0-327.28.2.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-327.28.2.el7")) flag++;
    if (rpm_check(release:"SL7", reference:"kernel-doc-3.10.0-327.28.2.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-327.28.2.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-327.28.2.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-debuginfo-3.10.0-327.28.2.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-327.28.2.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-327.28.2.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-3.10.0-327.28.2.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-debuginfo-3.10.0-327.28.2.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-3.10.0-327.28.2.el7")) flag++;
    if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-debuginfo-3.10.0-327.28.2.el7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-3591.NASL
    descriptionDescription of changes: kernel-uek [3.8.13-118.9.2.el7uek] - KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: 24393864] {CVE-2016-4470}
    last seen2020-06-01
    modified2020-06-02
    plugin id92779
    published2016-08-08
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92779
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3591)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Oracle Linux Security Advisory ELSA-2016-3591.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(92779);
      script_version("2.6");
      script_cvs_date("Date: 2019/09/27 13:00:37");
    
      script_cve_id("CVE-2016-4470");
    
      script_name(english:"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3591)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Description of changes:
    
    kernel-uek
    [3.8.13-118.9.2.el7uek]
    - KEYS: potential uninitialized variable (Dan Carpenter)  [Orabug: 
    24393864]  {CVE-2016-4470}"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2016-August/006256.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2016-August/006257.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected unbreakable enterprise kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.9.2.el6uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.9.2.el7uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/08/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6 / 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2016-4470");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2016-3591");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "3.8";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_check(release:"EL6", cpu:"x86_64", reference:"dtrace-modules-3.8.13-118.9.2.el6uek-0.4.5-3.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-3.8.13-118.9.2.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-3.8.13-118.9.2.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-devel-3.8.13-118.9.2.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-devel-3.8.13-118.9.2.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-doc-3.8.13-118.9.2.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-firmware-3.8.13-118.9.2.el6uek")) flag++;
    
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"dtrace-modules-3.8.13-118.9.2.el7uek-0.4.5-3.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-3.8.13-118.9.2.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-3.8.13-118.9.2.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-devel-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-devel-3.8.13-118.9.2.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-devel-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-devel-3.8.13-118.9.2.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-doc-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-doc-3.8.13-118.9.2.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-firmware-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-firmware-3.8.13-118.9.2.el7uek")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2016-0100.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2016-0100 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id93679
    published2016-09-23
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93679
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0100)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2016-0100.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93679);
      script_version("2.6");
      script_cvs_date("Date: 2019/09/27 13:00:35");
    
      script_cve_id("CVE-2013-4312", "CVE-2015-7513", "CVE-2015-7799", "CVE-2015-7837", "CVE-2015-8767", "CVE-2015-8787", "CVE-2015-8816", "CVE-2016-0723", "CVE-2016-0758", "CVE-2016-2069", "CVE-2016-2085", "CVE-2016-2117", "CVE-2016-2847", "CVE-2016-3136", "CVE-2016-3137", "CVE-2016-4470", "CVE-2016-4565", "CVE-2016-4581", "CVE-2016-4805", "CVE-2016-4913", "CVE-2016-4951", "CVE-2016-6197", "CVE-2016-6198");
    
      script_name(english:"OracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0100)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates : please see Oracle VM Security Advisory
    OVMSA-2016-0100 for details."
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2016-September/000547.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1bd3063c"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel-uek / kernel-uek-firmware packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/09/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.4" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.4", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.4", reference:"kernel-uek-4.1.12-61.1.6.el6uek")) flag++;
    if (rpm_check(release:"OVS3.4", reference:"kernel-uek-firmware-4.1.12-61.1.6.el6uek")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-uek / kernel-uek-firmware");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20161004_KERNEL_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - A flaw was found in the Linux kernel
    last seen2020-03-18
    modified2016-10-06
    plugin id93892
    published2016-10-06
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93892
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20161004)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93892);
      script_version("2.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25");
    
      script_cve_id("CVE-2016-4470", "CVE-2016-5829");
    
      script_name(english:"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20161004)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security Fix(es) :
    
      - A flaw was found in the Linux kernel's keyring handling
        code, where in key_reject_and_link() an uninitialized
        variable would eventually lead to arbitrary free address
        which could allow attacker to use a use-after-free style
        attack. (CVE-2016-4470, Important)
    
      - A heap-based buffer overflow vulnerability was found in
        the Linux kernel's hiddev driver. This flaw could allow
        a local attacker to corrupt kernel memory, possible
        privilege escalation or crashing the system.
        (CVE-2016-5829, Moderate)
    
    The CVE-2016-4470 issue was discovered by David Howells (Red Hat
    Inc.).
    
    Bug Fix(es) :
    
      - Previously, when two NFS shares with different security
        settings were mounted, the I/O operations to the
        kerberos-authenticated mount caused the
        RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the
        parameter was not unset when performing the I/O
        operations on the sec=sys mount. Consequently, writes to
        both NFS shares had the same parameters, regardless of
        their security settings. This update fixes this problem
        by moving the NO_CRKEY_TIMEOUT parameter to the
        auth->au_flags field. As a result, NFS shares with
        different security settings are now handled as expected.
    
      - In some circumstances, resetting a Fibre Channel over
        Ethernet (FCoE) interface could lead to a kernel panic,
        due to invalid information extracted from the FCoE
        header. This update adds santiy checking to the cpu
        number extracted from the FCoE header. This ensures that
        subsequent operations address a valid cpu, and
        eliminates the kernel panic.
    
      - Prior to this update, the following problems occurred
        with the way GSF2 transitioned files and directories
        from the 'unlinked' state to the 'free' state :
    
    The numbers reported for the df and the du commands in some cases got
    out of sync, which caused blocks in the file system to appear missing.
    The blocks were not actually missing, but they were left in the
    'unlinked' state.
    
    In some circumstances, GFS2 referenced a cluster lock that was already
    deleted, which led to a kernel panic.
    
    If an object was deleted and its space reused as a different object,
    GFS2 sometimes deleted the existing one, which caused file system
    corruption.
    
    With this update, the transition from 'unlinked' to 'free' state has
    been fixed. As a result, none of these three problems occur anymore.
    
      - Previously, the GFS2 file system in some cases became
        unresponsive due to lock dependency problems between
        inodes and the cluster lock. This occurred most
        frequently on nearly full file systems where files and
        directories were being deleted and recreated at the same
        block location at the same time. With this update, a set
        of patches has been applied to fix these lock
        dependencies. As a result, GFS2 no longer hangs in the
        described circumstances.
    
      - When used with controllers that do not support DCMD-
        MR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go
        into infinite error reporting loop of error reporting
        messages. This could cause difficulties with finding
        other important log messages, or even it could cause the
        disk to overflow. This bug has been fixed by ignoring
        the DCMD MR_DCMD_PD_LIST_QUERY query for controllers
        which do not support it and sending the DCMD SUCCESS
        status to the AEN functions. As a result, the error
        messages no longer appear when there is a change in the
        status of one of the arrays."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1610&L=scientific-linux-errata&F=&S=&P=959
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?22b94682"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL6", reference:"kernel-2.6.32-642.6.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-abi-whitelists-2.6.32-642.6.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debug-2.6.32-642.6.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debug-debuginfo-2.6.32-642.6.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debug-devel-2.6.32-642.6.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debuginfo-2.6.32-642.6.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debuginfo-common-i686-2.6.32-642.6.1.el6")) flag++;
    if (rpm_check(release:"SL6", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-642.6.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-devel-2.6.32-642.6.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-doc-2.6.32-642.6.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-firmware-2.6.32-642.6.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-headers-2.6.32-642.6.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perf-2.6.32-642.6.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perf-debuginfo-2.6.32-642.6.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"python-perf-2.6.32-642.6.1.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"python-perf-debuginfo-2.6.32-642.6.1.el6")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0471-1.NASL
    descriptionThe SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to receive various security and bugfixes. The following feature was implemented : - The ext2 filesystem got reenabled and supported to allow support for
    last seen2020-06-01
    modified2020-06-02
    plugin id97205
    published2017-02-16
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/97205
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:0471-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1492.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list, which allows local users to cause a denial of service (race condition and system crash) via a crafted ioctl call.(CVE-2016-2545) - sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.(CVE-2016-2546) - sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call.(CVE-2016-2547) - sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions.(CVE-2016-2548) - sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service (deadlock) via a crafted ioctl call.(CVE-2016-2549) - A resource-exhaustion vulnerability was found in the kernel, where an unprivileged process could allocate and accumulate far more file descriptors than the process
    last seen2020-06-01
    modified2020-06-02
    plugin id124816
    published2019-05-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124816
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1492)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3607.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2015-7515, CVE-2016-2184, CVE-2016-2185, CVE-2016-2186, CVE-2016-2187, CVE-2016-3136, CVE-2016-3137, CVE-2016-3138, CVE-2016-3140 Ralf Spenneberg of OpenSource Security reported that various USB drivers do not sufficiently validate USB descriptors. This allowed a physically present user with a specially designed USB device to cause a denial of service (crash). - CVE-2016-0821 Solar Designer noted that the list
    last seen2020-06-01
    modified2020-06-02
    plugin id91886
    published2016-06-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91886
    titleDebian DSA-3607-1 : linux - security update
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3053-1.NASL
    descriptionA missing permission check when settings ACLs was discovered in nfsd. A local user could exploit this flaw to gain access to any file by setting an ACL. (CVE-2016-1237) It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4470) Sasha Levin discovered that a use-after-free existed in the percpu allocator in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-4794) Kangjie Lu discovered an information leak in the netlink implementation of the Linux kernel. A local attacker could use this to obtain sensitive information from kernel memory. (CVE-2016-5243). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id92863
    published2016-08-11
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92863
    titleUbuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-3053-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2128.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id94454
    published2016-11-01
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94454
    titleRHEL 6 : kernel (RHSA-2016:2128) (Dirty COW)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2001-1.NASL
    descriptionThis update for the Linux Kernel 3.12.55-52_45 fixes several issues. The following security bugs were fixed : - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93275
    published2016-09-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93275
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2016:2001-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3049-1.NASL
    descriptionBen Hawkes discovered that the Linux netfilter implementation did not correctly perform validation when handling IPT_SO_SET_REPLACE events. A local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3134) Vitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash). (CVE-2016-3961) It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4470) Kangjie Lu discovered an information leak in the netlink implementation of the Linux kernel. A local attacker could use this to obtain sensitive information from kernel memory. (CVE-2016-5243). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id92860
    published2016-08-11
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92860
    titleUbuntu 12.04 LTS : linux vulnerabilities (USN-3049-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2105-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.62 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811). - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998). - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system and using Linux as the driver domain, allowed local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka
    last seen2020-06-01
    modified2020-06-02
    plugin id93299
    published2016-09-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93299
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:2105-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-1532.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. * A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id92692
    published2016-08-03
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92692
    titleRHEL 6 : MRG (RHSA-2016:1532)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3052-1.NASL
    descriptionIt was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4470) Kangjie Lu discovered an information leak in the netlink implementation of the Linux kernel. A local attacker could use this to obtain sensitive information from kernel memory. (CVE-2016-5243). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id92862
    published2016-08-11
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92862
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-3052-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-2006.NASL
    descriptionFrom Red Hat Security Advisory 2016:2006 : An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id93857
    published2016-10-05
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93857
    titleOracle Linux 6 : kernel (ELSA-2016-2006)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-73A733F4D9.NASL
    descriptionThe 4.5.7-202 kernel update contains a number of important security fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-07-15
    plugin id92256
    published2016-07-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92256
    titleFedora 23 : kernel (2016-73a733f4d9)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2076.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id94131
    published2016-10-19
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94131
    titleRHEL 6 : kernel (RHSA-2016:2076)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2074.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id94130
    published2016-10-19
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94130
    titleRHEL 6 : kernel (RHSA-2016:2074)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-869.NASL
    descriptionThe openSUSE Leap 42.1 was updated to 4.1.27 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2016-4997: A buffer overflow in 32bit compat_setsockopt iptables handling could lead to a local privilege escalation. (bsc#986362) - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). - CVE-2016-4794: Use-after-free vulnerability in mm/percpu.c in the Linux kernel allowed local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls (bnc#980265). The following non-security bugs were fixed : - Refresh patches.xen/xen-netback-coalesce: Restore copying of SKBs with head exceeding page size (bsc#978469). - Refresh patches.xen/xen3-patch-2.6.26 (fix PAT initialization). - Refresh patches.xen/xen3-patch-2.6.39 (fix ia32_compat inheritance). - Refresh patches.xen/xen3-patch-3.14: Suppress atomic file position updates for /proc/xen/xenbus (bsc#970275). - Refresh patches.xen/xen3-patch-3.16 (drop redundant addition of a comment). - Refresh patches.xen/xen3-patch-4.1.7-8. - base: make module_create_drivers_dir race-free (bnc#983977). - ipvs: count pre-established TCP states as active (bsc#970114). - net: thunderx: Fix TL4 configuration for secondary Qsets (bsc#986530). - net: thunderx: Fix link status reporting (bsc#986530).
    last seen2020-06-05
    modified2016-07-15
    plugin id92308
    published2016-07-15
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92308
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2016-869)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2018-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93284
    published2016-09-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93284
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2016:2018-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2006.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id93858
    published2016-10-05
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93858
    titleRHEL 6 : kernel (RHSA-2016:2006)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3056-1.NASL
    descriptionBen Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3135) It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4470) Sasha Levin discovered that a use-after-free existed in the percpu allocator in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-4794) Kangjie Lu discovered an information leak in the netlink implementation of the Linux kernel. A local attacker could use this to obtain sensitive information from kernel memory. (CVE-2016-5243). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id92866
    published2016-08-11
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92866
    titleUbuntu 16.04 LTS : linux-raspi2 vulnerabilities (USN-3056-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-2006.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id93867
    published2016-10-06
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93867
    titleCentOS 6 : kernel (CESA-2016:2006)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1995-1.NASL
    descriptionThis update for the Linux Kernel 3.12.51-52_31 fixes several issues. The following security bugs were fixed : - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93270
    published2016-09-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93270
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2016:1995-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1029.NASL
    descriptionThe openSUSE 13.1 kernel was updated to 3.12.62 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811). - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998). - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allowed local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka
    last seen2020-06-05
    modified2016-08-30
    plugin id93216
    published2016-08-30
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93216
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2016-1029)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0333-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP2 LTSS kernel was updated to receive various security and bugfixes. This is the last planned LTSS kernel update for the SUSE Linux Enterprise Server 11 SP2 LTSS. The following security bugs were fixed : - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710). - CVE-2004-0230: TCP, when using a large Window Size, made it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP (bnc#969340). - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bnc#1008831). - CVE-2016-8399: An out of bounds read in the ping protocol handler could have lead to information disclosure (bsc#1014746). - CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531). - CVE-2012-6704: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option (bnc#1013542). - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038). - CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566). - CVE-2016-9685: Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel allowed local users to cause a denial of service (memory consumption) via crafted XFS filesystem operations (bnc#1012832). - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecified removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501). - CVE-2016-9555: The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel lacked chunk-length checking for the first chunk, which allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685). - CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716). - CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7916: Race condition in the environ_read function in fs/proc/base.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete (bnc#1010467). - CVE-2016-8646: The hash_accept function in crypto/algif_hash.c in the Linux kernel allowed local users to cause a denial of service (OOPS) by attempting to trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data (bnc#1010150). - CVE-2016-8633: drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968). - CVE-2017-5551: The filesystem implementation in the Linux kernel preserves the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. This CVE tracks the fix for the tmpfs filesystem. (bsc#1021258). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a
    last seen2020-06-01
    modified2020-06-02
    plugin id96903
    published2017-01-31
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96903
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2017:0333-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-3596.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id93148
    published2016-08-29
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93148
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3596)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2005-1.NASL
    descriptionThis update for the Linux Kernel 3.12.48-52_27 fixes several issues. The following security bugs were fixed : - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2015-8019: The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel did not accept a length argument, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call (bsc#979078). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93277
    published2016-09-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93277
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2016:2005-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2245-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2016-3955: The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel allowed remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted length value in a USB/IP packet (bnc#975945). - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986365). - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689). - CVE-2013-4312: The Linux kernel allowed local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104). - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362). - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572). - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure was initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755). - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bnc#983143). - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandled NM (aka alternate name) entries containing \0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267). - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bnc#979867). - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998). - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971944). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack. (bsc#989152) - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a
    last seen2020-06-01
    modified2020-06-02
    plugin id93370
    published2016-09-08
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93370
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2016:2245-1)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-3592.NASL
    descriptionDescription of changes: [2.6.39-400.283.2.el6uek] - KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: 24393863] {CVE-2016-4470}
    last seen2020-06-01
    modified2020-06-02
    plugin id92780
    published2016-08-08
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92780
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3592)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-1999-1.NASL
    descriptionThis update for the Linux Kernel 3.12.60-52_49 fixes several issues. The following security bugs were fixed : - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93274
    published2016-09-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93274
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2016:1999-1)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0057.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id99163
    published2017-04-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99163
    titleOracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2016-0158.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - mm, gup: close FOLL MAP_PRIVATE race (Linus Torvalds) [Orabug: 24928646] (CVE-2016-5195) - HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands (Scott Bauer) [Orabug: 24798694] (CVE-2016-5829) - Revert
    last seen2020-06-01
    modified2020-06-02
    plugin id94929
    published2016-11-17
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94929
    titleOracleVM 3.2 : Unbreakable / etc (OVMSA-2016-0158) (Dirty COW)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2014-1.NASL
    descriptionThis update for the Linux Kernel 3.12.44-52_18 fixes several issues. The following security bugs were fixed : - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93283
    published2016-09-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93283
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2016:2014-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-1539.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2460971. Security Fix(es) : * A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id92694
    published2016-08-03
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92694
    titleRHEL 7 : kernel (RHSA-2016:1539)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2010-1.NASL
    descriptionThis update for the Linux Kernel 3.12.51-52_39 fixes several issues. The following security bugs were fixed : - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93280
    published2016-09-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93280
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2016:2010-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-1539.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2460971. Security Fix(es) : * A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id92702
    published2016-08-04
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92702
    titleCentOS 7 : kernel (CESA-2016:1539)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3054-1.NASL
    descriptionBen Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3135) It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4470) Sasha Levin discovered that a use-after-free existed in the percpu allocator in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-4794) Kangjie Lu discovered an information leak in the netlink implementation of the Linux kernel. A local attacker could use this to obtain sensitive information from kernel memory. (CVE-2016-5243). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id92864
    published2016-08-11
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92864
    titleUbuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3054-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1015.NASL
    descriptionThe openSUSE 13.2 kernel was updated to fix various bugs and security issues. The following security bugs were fixed : - CVE-2016-1583: Prevent the usage of mmap when the lower file system does not allow it. This could have lead to local privilege escalation when ecryptfs-utils was installed and /sbin/mount.ecryptfs_private was setuid (bsc#983143). - CVE-2016-4913: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel mishandles NM (aka alternate name) entries containing \0 characters, which allowed local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem (bnc#980725). - CVE-2016-4580: The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel did not properly initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request (bnc#981267). - CVE-2016-0758: Tags with indefinite length could have corrupted pointers in asn1_find_indefinite_length (bsc#979867). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762). - CVE-2016-2187: The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971919 971944). - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401 bsc#978445). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548 bsc#980363). - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308). - CVE-2016-4581: fs/pnode.c in the Linux kernel did not properly traverse a mount propagation tree in a certain case involving a slave mount, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls (bnc#979913). - CVE-2016-4485: The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel did not initialize a certain data structure, which allowed attackers to obtain sensitive information from kernel stack memory by reading a message (bnc#978821). - CVE-2015-3288: A security flaw was found in the Linux kernel that there was a way to arbitrary change zero page memory. (bnc#979021). - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126). - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bnc#955654). - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213). - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948 974646). - CVE-2016-3136: The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors (bnc#970955). - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956). - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911). - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970). - CVE-2016-3951: Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor (bnc#974418). - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892). - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958). - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124). - CVE-2016-3689: The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface (bnc#971628). - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandles destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360). - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125). - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909). - CVE-2015-8830: Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allowed local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression (bnc#969354 bsc#969355). - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010). - CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint (bnc#961512). - CVE-2016-2549: sound/core/hrtimer.c in the Linux kernel did not prevent recursive callback access, which allowed local users to cause a denial of service (deadlock) via a crafted ioctl call (bnc#968013). - CVE-2016-2547: sound/core/timer.c in the Linux kernel employs a locking approach that did not consider slave timer instances, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#968011). - CVE-2016-2548: sound/core/timer.c in the Linux kernel retains certain linked lists after a close or stop action, which allowed local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions (bnc#968012). - CVE-2016-2546: sound/core/timer.c in the Linux kernel uses an incorrect type of mutex, which allowed local users to cause a denial of service (race condition, use-after-free, and system crash) via a crafted ioctl call (bnc#967975). - CVE-2016-2545: The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel did not properly maintain a certain linked list, which allowed local users to cause a denial of service (race condition and system crash) via a crafted ioctl call (bnc#967974). - CVE-2016-2544: Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time (bnc#967973). - CVE-2016-2543: The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel did not verify FIFO assignment before proceeding with FIFO clearing, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted ioctl call (bnc#967972). - CVE-2015-8709: ** DISPUTED ** kernel/ptrace.c in the Linux kernel mishandles uid and gid mappings, which allowed local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states
    last seen2020-06-05
    modified2016-08-25
    plugin id93104
    published2016-08-25
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93104
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2016-1015)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2016-1043.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel
    last seen2020-05-06
    modified2017-05-01
    plugin id99806
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99806
    titleEulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1043)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2016-0095.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: 24393864] (CVE-2016-4470)
    last seen2020-06-01
    modified2020-06-02
    plugin id92783
    published2016-08-08
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92783
    titleOracleVM 3.3 : Unbreakable / etc (OVMSA-2016-0095)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-1539.NASL
    descriptionFrom Red Hat Security Advisory 2016:1539 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2460971. Security Fix(es) : * A flaw was found in the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id92688
    published2016-08-03
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92688
    titleOracle Linux 7 : kernel (ELSA-2016-1539)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-3593.NASL
    descriptionDescription of changes: kernel-uek [4.1.12-37.6.2.el7uek] - KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: 24393865] {CVE-2016-4470} - ovl: fix permission checking for setattr (Miklos Szeredi) [Orabug: 24393742] {CVE-2015-8660}
    last seen2020-06-01
    modified2020-06-02
    plugin id92781
    published2016-08-08
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92781
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3593)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2006-1.NASL
    descriptionThis update for the Linux Kernel 3.12.55-52_42 fixes several issues. The following security bugs were fixed : - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bsc#984764). - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983144). - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bsc#980883). - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bsc#980856). - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bsc#979074). - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bsc#979064). - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bsc#971793). - CVE-2013-7446: Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel allowed local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted epoll_ctl calls (bsc#973570, bsc#955837). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93278
    published2016-09-02
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93278
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2016:2006-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3057-1.NASL
    descriptionBen Hawkes discovered an integer overflow in the Linux netfilter implementation. On systems running 32 bit kernels, a local unprivileged attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-3135) It was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4470) Sasha Levin discovered that a use-after-free existed in the percpu allocator in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-4794) Kangjie Lu discovered an information leak in the netlink implementation of the Linux kernel. A local attacker could use this to obtain sensitive information from kernel memory. (CVE-2016-5243). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id92867
    published2016-08-11
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92867
    titleUbuntu 16.04 LTS : linux-snapdragon vulnerabilities (USN-3057-1)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2016-0094.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - KEYS: potential uninitialized variable (Dan Carpenter) [Orabug: 24393865] (CVE-2016-4470) - ovl: fix permission checking for setattr (Miklos Szeredi) [Orabug: 24393742] (CVE-2015-8660)
    last seen2020-06-01
    modified2020-06-02
    plugin id92782
    published2016-08-08
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92782
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0094)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3051-1.NASL
    descriptionIt was discovered that the keyring implementation in the Linux kernel did not ensure a data structure was initialized before referencing it after an error condition occurred. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4470) Kangjie Lu discovered an information leak in the netlink implementation of the Linux kernel. A local attacker could use this to obtain sensitive information from kernel memory. (CVE-2016-5243). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id92861
    published2016-08-11
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/92861
    titleUbuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3051-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1532.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the Linux kernel
    last seen2020-03-19
    modified2019-05-14
    plugin id124985
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124985
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1532)

Redhat

advisories
  • bugzilla
    id1341716
    titleCVE-2016-4470 kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • commentkernel earlier than 0:3.10.0-327.28.2.el7 is currently running
          ovaloval:com.redhat.rhsa:tst:20161539031
        • commentkernel earlier than 0:3.10.0-327.28.2.el7 is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20161539032
      • OR
        • AND
          • commentkernel-abi-whitelists is earlier than 0:3.10.0-327.28.2.el7
            ovaloval:com.redhat.rhsa:tst:20161539001
          • commentkernel-abi-whitelists is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131645022
        • AND
          • commentkernel-doc is earlier than 0:3.10.0-327.28.2.el7
            ovaloval:com.redhat.rhsa:tst:20161539003
          • commentkernel-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842002
        • AND
          • commentperf is earlier than 0:3.10.0-327.28.2.el7
            ovaloval:com.redhat.rhsa:tst:20161539005
          • commentperf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842006
        • AND
          • commentkernel-tools is earlier than 0:3.10.0-327.28.2.el7
            ovaloval:com.redhat.rhsa:tst:20161539007
          • commentkernel-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678012
        • AND
          • commentkernel-debug is earlier than 0:3.10.0-327.28.2.el7
            ovaloval:com.redhat.rhsa:tst:20161539009
          • commentkernel-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842014
        • AND
          • commentkernel-debug-devel is earlier than 0:3.10.0-327.28.2.el7
            ovaloval:com.redhat.rhsa:tst:20161539011
          • commentkernel-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842008
        • AND
          • commentkernel is earlier than 0:3.10.0-327.28.2.el7
            ovaloval:com.redhat.rhsa:tst:20161539013
          • commentkernel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842012
        • AND
          • commentkernel-devel is earlier than 0:3.10.0-327.28.2.el7
            ovaloval:com.redhat.rhsa:tst:20161539015
          • commentkernel-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842016
        • AND
          • commentkernel-headers is earlier than 0:3.10.0-327.28.2.el7
            ovaloval:com.redhat.rhsa:tst:20161539017
          • commentkernel-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842010
        • AND
          • commentpython-perf is earlier than 0:3.10.0-327.28.2.el7
            ovaloval:com.redhat.rhsa:tst:20161539019
          • commentpython-perf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111530024
        • AND
          • commentkernel-tools-libs is earlier than 0:3.10.0-327.28.2.el7
            ovaloval:com.redhat.rhsa:tst:20161539021
          • commentkernel-tools-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678016
        • AND
          • commentkernel-tools-libs-devel is earlier than 0:3.10.0-327.28.2.el7
            ovaloval:com.redhat.rhsa:tst:20161539023
          • commentkernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678022
        • AND
          • commentkernel-kdump is earlier than 0:3.10.0-327.28.2.el7
            ovaloval:com.redhat.rhsa:tst:20161539025
          • commentkernel-kdump is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842020
        • AND
          • commentkernel-kdump-devel is earlier than 0:3.10.0-327.28.2.el7
            ovaloval:com.redhat.rhsa:tst:20161539027
          • commentkernel-kdump-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842022
        • AND
          • commentkernel-bootwrapper is earlier than 0:3.10.0-327.28.2.el7
            ovaloval:com.redhat.rhsa:tst:20161539029
          • commentkernel-bootwrapper is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842018
    rhsa
    idRHSA-2016:1539
    released2016-08-02
    severityImportant
    titleRHSA-2016:1539: kernel security and bug fix update (Important)
  • bugzilla
    id1350307
    titlekernel-rt: update to the RHEL7.2.z batch#6 source tree
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentkernel-rt-doc is earlier than 0:3.10.0-327.28.2.rt56.234.el7_2
            ovaloval:com.redhat.rhsa:tst:20161541001
          • commentkernel-rt-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727002
        • AND
          • commentkernel-rt-debug-devel is earlier than 0:3.10.0-327.28.2.rt56.234.el7_2
            ovaloval:com.redhat.rhsa:tst:20161541003
          • commentkernel-rt-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727010
        • AND
          • commentkernel-rt-trace-devel is earlier than 0:3.10.0-327.28.2.rt56.234.el7_2
            ovaloval:com.redhat.rhsa:tst:20161541005
          • commentkernel-rt-trace-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727004
        • AND
          • commentkernel-rt-trace is earlier than 0:3.10.0-327.28.2.rt56.234.el7_2
            ovaloval:com.redhat.rhsa:tst:20161541007
          • commentkernel-rt-trace is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727008
        • AND
          • commentkernel-rt is earlier than 0:3.10.0-327.28.2.rt56.234.el7_2
            ovaloval:com.redhat.rhsa:tst:20161541009
          • commentkernel-rt is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727006
        • AND
          • commentkernel-rt-devel is earlier than 0:3.10.0-327.28.2.rt56.234.el7_2
            ovaloval:com.redhat.rhsa:tst:20161541011
          • commentkernel-rt-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727012
        • AND
          • commentkernel-rt-debug is earlier than 0:3.10.0-327.28.2.rt56.234.el7_2
            ovaloval:com.redhat.rhsa:tst:20161541013
          • commentkernel-rt-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727014
        • AND
          • commentkernel-rt-trace-kvm is earlier than 0:3.10.0-327.28.2.rt56.234.el7_2
            ovaloval:com.redhat.rhsa:tst:20161541015
          • commentkernel-rt-trace-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212016
        • AND
          • commentkernel-rt-kvm is earlier than 0:3.10.0-327.28.2.rt56.234.el7_2
            ovaloval:com.redhat.rhsa:tst:20161541017
          • commentkernel-rt-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212018
        • AND
          • commentkernel-rt-debug-kvm is earlier than 0:3.10.0-327.28.2.rt56.234.el7_2
            ovaloval:com.redhat.rhsa:tst:20161541019
          • commentkernel-rt-debug-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212020
    rhsa
    idRHSA-2016:1541
    released2016-08-02
    severityImportant
    titleRHSA-2016:1541: kernel-rt security and bug fix update (Important)
  • rhsa
    idRHSA-2016:1532
  • rhsa
    idRHSA-2016:1657
  • rhsa
    idRHSA-2016:2006
  • rhsa
    idRHSA-2016:2074
  • rhsa
    idRHSA-2016:2076
  • rhsa
    idRHSA-2016:2128
  • rhsa
    idRHSA-2016:2133
rpms
  • kernel-rt-1:3.10.0-327.rt56.194.el6rt
  • kernel-rt-debug-1:3.10.0-327.rt56.194.el6rt
  • kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.194.el6rt
  • kernel-rt-debug-devel-1:3.10.0-327.rt56.194.el6rt
  • kernel-rt-debuginfo-1:3.10.0-327.rt56.194.el6rt
  • kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.194.el6rt
  • kernel-rt-devel-1:3.10.0-327.rt56.194.el6rt
  • kernel-rt-doc-1:3.10.0-327.rt56.194.el6rt
  • kernel-rt-firmware-1:3.10.0-327.rt56.194.el6rt
  • kernel-rt-trace-1:3.10.0-327.rt56.194.el6rt
  • kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.194.el6rt
  • kernel-rt-trace-devel-1:3.10.0-327.rt56.194.el6rt
  • kernel-rt-vanilla-1:3.10.0-327.rt56.194.el6rt
  • kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.194.el6rt
  • kernel-rt-vanilla-devel-1:3.10.0-327.rt56.194.el6rt
  • kernel-0:3.10.0-327.28.2.el7
  • kernel-abi-whitelists-0:3.10.0-327.28.2.el7
  • kernel-bootwrapper-0:3.10.0-327.28.2.el7
  • kernel-debug-0:3.10.0-327.28.2.el7
  • kernel-debug-debuginfo-0:3.10.0-327.28.2.el7
  • kernel-debug-devel-0:3.10.0-327.28.2.el7
  • kernel-debuginfo-0:3.10.0-327.28.2.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-327.28.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-327.28.2.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-327.28.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-327.28.2.el7
  • kernel-devel-0:3.10.0-327.28.2.el7
  • kernel-doc-0:3.10.0-327.28.2.el7
  • kernel-headers-0:3.10.0-327.28.2.el7
  • kernel-kdump-0:3.10.0-327.28.2.el7
  • kernel-kdump-debuginfo-0:3.10.0-327.28.2.el7
  • kernel-kdump-devel-0:3.10.0-327.28.2.el7
  • kernel-tools-0:3.10.0-327.28.2.el7
  • kernel-tools-debuginfo-0:3.10.0-327.28.2.el7
  • kernel-tools-libs-0:3.10.0-327.28.2.el7
  • kernel-tools-libs-devel-0:3.10.0-327.28.2.el7
  • perf-0:3.10.0-327.28.2.el7
  • perf-debuginfo-0:3.10.0-327.28.2.el7
  • python-perf-0:3.10.0-327.28.2.el7
  • python-perf-debuginfo-0:3.10.0-327.28.2.el7
  • kernel-rt-0:3.10.0-327.28.2.rt56.234.el7_2
  • kernel-rt-debug-0:3.10.0-327.28.2.rt56.234.el7_2
  • kernel-rt-debug-debuginfo-0:3.10.0-327.28.2.rt56.234.el7_2
  • kernel-rt-debug-devel-0:3.10.0-327.28.2.rt56.234.el7_2
  • kernel-rt-debug-kvm-0:3.10.0-327.28.2.rt56.234.el7_2
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.28.2.rt56.234.el7_2
  • kernel-rt-debuginfo-0:3.10.0-327.28.2.rt56.234.el7_2
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.28.2.rt56.234.el7_2
  • kernel-rt-devel-0:3.10.0-327.28.2.rt56.234.el7_2
  • kernel-rt-doc-0:3.10.0-327.28.2.rt56.234.el7_2
  • kernel-rt-kvm-0:3.10.0-327.28.2.rt56.234.el7_2
  • kernel-rt-kvm-debuginfo-0:3.10.0-327.28.2.rt56.234.el7_2
  • kernel-rt-trace-0:3.10.0-327.28.2.rt56.234.el7_2
  • kernel-rt-trace-debuginfo-0:3.10.0-327.28.2.rt56.234.el7_2
  • kernel-rt-trace-devel-0:3.10.0-327.28.2.rt56.234.el7_2
  • kernel-rt-trace-kvm-0:3.10.0-327.28.2.rt56.234.el7_2
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.28.2.rt56.234.el7_2
  • kernel-0:3.10.0-229.40.1.ael7b
  • kernel-0:3.10.0-229.40.1.el7
  • kernel-abi-whitelists-0:3.10.0-229.40.1.ael7b
  • kernel-abi-whitelists-0:3.10.0-229.40.1.el7
  • kernel-bootwrapper-0:3.10.0-229.40.1.ael7b
  • kernel-bootwrapper-0:3.10.0-229.40.1.el7
  • kernel-debug-0:3.10.0-229.40.1.ael7b
  • kernel-debug-0:3.10.0-229.40.1.el7
  • kernel-debug-debuginfo-0:3.10.0-229.40.1.ael7b
  • kernel-debug-debuginfo-0:3.10.0-229.40.1.el7
  • kernel-debug-devel-0:3.10.0-229.40.1.ael7b
  • kernel-debug-devel-0:3.10.0-229.40.1.el7
  • kernel-debuginfo-0:3.10.0-229.40.1.ael7b
  • kernel-debuginfo-0:3.10.0-229.40.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-229.40.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-229.40.1.ael7b
  • kernel-debuginfo-common-s390x-0:3.10.0-229.40.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-229.40.1.el7
  • kernel-devel-0:3.10.0-229.40.1.ael7b
  • kernel-devel-0:3.10.0-229.40.1.el7
  • kernel-doc-0:3.10.0-229.40.1.ael7b
  • kernel-doc-0:3.10.0-229.40.1.el7
  • kernel-headers-0:3.10.0-229.40.1.ael7b
  • kernel-headers-0:3.10.0-229.40.1.el7
  • kernel-kdump-0:3.10.0-229.40.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-229.40.1.el7
  • kernel-kdump-devel-0:3.10.0-229.40.1.el7
  • kernel-tools-0:3.10.0-229.40.1.ael7b
  • kernel-tools-0:3.10.0-229.40.1.el7
  • kernel-tools-debuginfo-0:3.10.0-229.40.1.ael7b
  • kernel-tools-debuginfo-0:3.10.0-229.40.1.el7
  • kernel-tools-libs-0:3.10.0-229.40.1.ael7b
  • kernel-tools-libs-0:3.10.0-229.40.1.el7
  • kernel-tools-libs-devel-0:3.10.0-229.40.1.ael7b
  • kernel-tools-libs-devel-0:3.10.0-229.40.1.el7
  • perf-0:3.10.0-229.40.1.ael7b
  • perf-0:3.10.0-229.40.1.el7
  • perf-debuginfo-0:3.10.0-229.40.1.ael7b
  • perf-debuginfo-0:3.10.0-229.40.1.el7
  • python-perf-0:3.10.0-229.40.1.ael7b
  • python-perf-0:3.10.0-229.40.1.el7
  • python-perf-debuginfo-0:3.10.0-229.40.1.ael7b
  • python-perf-debuginfo-0:3.10.0-229.40.1.el7
  • kernel-0:2.6.32-642.6.1.el6
  • kernel-abi-whitelists-0:2.6.32-642.6.1.el6
  • kernel-bootwrapper-0:2.6.32-642.6.1.el6
  • kernel-debug-0:2.6.32-642.6.1.el6
  • kernel-debug-debuginfo-0:2.6.32-642.6.1.el6
  • kernel-debug-devel-0:2.6.32-642.6.1.el6
  • kernel-debuginfo-0:2.6.32-642.6.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-642.6.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-642.6.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-642.6.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-642.6.1.el6
  • kernel-devel-0:2.6.32-642.6.1.el6
  • kernel-doc-0:2.6.32-642.6.1.el6
  • kernel-firmware-0:2.6.32-642.6.1.el6
  • kernel-headers-0:2.6.32-642.6.1.el6
  • kernel-kdump-0:2.6.32-642.6.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-642.6.1.el6
  • kernel-kdump-devel-0:2.6.32-642.6.1.el6
  • perf-0:2.6.32-642.6.1.el6
  • perf-debuginfo-0:2.6.32-642.6.1.el6
  • python-perf-0:2.6.32-642.6.1.el6
  • python-perf-debuginfo-0:2.6.32-642.6.1.el6
  • kernel-0:2.6.32-431.74.1.el6
  • kernel-abi-whitelists-0:2.6.32-431.74.1.el6
  • kernel-debug-0:2.6.32-431.74.1.el6
  • kernel-debug-debuginfo-0:2.6.32-431.74.1.el6
  • kernel-debug-devel-0:2.6.32-431.74.1.el6
  • kernel-debuginfo-0:2.6.32-431.74.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-431.74.1.el6
  • kernel-devel-0:2.6.32-431.74.1.el6
  • kernel-doc-0:2.6.32-431.74.1.el6
  • kernel-firmware-0:2.6.32-431.74.1.el6
  • kernel-headers-0:2.6.32-431.74.1.el6
  • perf-0:2.6.32-431.74.1.el6
  • perf-debuginfo-0:2.6.32-431.74.1.el6
  • python-perf-0:2.6.32-431.74.1.el6
  • python-perf-debuginfo-0:2.6.32-431.74.1.el6
  • kernel-0:2.6.32-573.35.1.el6
  • kernel-abi-whitelists-0:2.6.32-573.35.1.el6
  • kernel-bootwrapper-0:2.6.32-573.35.1.el6
  • kernel-debug-0:2.6.32-573.35.1.el6
  • kernel-debug-debuginfo-0:2.6.32-573.35.1.el6
  • kernel-debug-devel-0:2.6.32-573.35.1.el6
  • kernel-debuginfo-0:2.6.32-573.35.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-573.35.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-573.35.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-573.35.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-573.35.1.el6
  • kernel-devel-0:2.6.32-573.35.1.el6
  • kernel-doc-0:2.6.32-573.35.1.el6
  • kernel-firmware-0:2.6.32-573.35.1.el6
  • kernel-headers-0:2.6.32-573.35.1.el6
  • kernel-kdump-0:2.6.32-573.35.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-573.35.1.el6
  • kernel-kdump-devel-0:2.6.32-573.35.1.el6
  • perf-0:2.6.32-573.35.1.el6
  • perf-debuginfo-0:2.6.32-573.35.1.el6
  • python-perf-0:2.6.32-573.35.1.el6
  • python-perf-debuginfo-0:2.6.32-573.35.1.el6
  • kernel-0:2.6.32-504.54.1.el6
  • kernel-abi-whitelists-0:2.6.32-504.54.1.el6
  • kernel-bootwrapper-0:2.6.32-504.54.1.el6
  • kernel-debug-0:2.6.32-504.54.1.el6
  • kernel-debug-debuginfo-0:2.6.32-504.54.1.el6
  • kernel-debug-devel-0:2.6.32-504.54.1.el6
  • kernel-debuginfo-0:2.6.32-504.54.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-504.54.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-504.54.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-504.54.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-504.54.1.el6
  • kernel-devel-0:2.6.32-504.54.1.el6
  • kernel-doc-0:2.6.32-504.54.1.el6
  • kernel-firmware-0:2.6.32-504.54.1.el6
  • kernel-headers-0:2.6.32-504.54.1.el6
  • kernel-kdump-0:2.6.32-504.54.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-504.54.1.el6
  • kernel-kdump-devel-0:2.6.32-504.54.1.el6
  • perf-0:2.6.32-504.54.1.el6
  • perf-debuginfo-0:2.6.32-504.54.1.el6
  • python-perf-0:2.6.32-504.54.1.el6
  • python-perf-debuginfo-0:2.6.32-504.54.1.el6
  • kernel-0:2.6.32-358.75.1.el6
  • kernel-debug-0:2.6.32-358.75.1.el6
  • kernel-debug-debuginfo-0:2.6.32-358.75.1.el6
  • kernel-debug-devel-0:2.6.32-358.75.1.el6
  • kernel-debuginfo-0:2.6.32-358.75.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-358.75.1.el6
  • kernel-devel-0:2.6.32-358.75.1.el6
  • kernel-doc-0:2.6.32-358.75.1.el6
  • kernel-firmware-0:2.6.32-358.75.1.el6
  • kernel-headers-0:2.6.32-358.75.1.el6
  • perf-0:2.6.32-358.75.1.el6
  • perf-debuginfo-0:2.6.32-358.75.1.el6
  • python-perf-0:2.6.32-358.75.1.el6
  • python-perf-debuginfo-0:2.6.32-358.75.1.el6

References