Vulnerabilities > CVE-2016-7039 - Resource Management Errors vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
oracle
linux
CWE-399
nessus

Summary

The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.

Vulnerable Configurations

Part Description Count
OS
Oracle
3
OS
Linux
192

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-0181-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.38 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7039: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666 (bnc#1001486). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478). - CVE-2016-7917: The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel did not check whether a batch message
    last seen2020-06-01
    modified2020-06-02
    plugin id96603
    published2017-01-18
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/96603
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0181-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:0181-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(96603);
      script_version("3.7");
      script_cvs_date("Date: 2019/09/11 11:22:14");
    
      script_cve_id("CVE-2015-1350", "CVE-2015-8964", "CVE-2016-7039", "CVE-2016-7042", "CVE-2016-7425", "CVE-2016-7913", "CVE-2016-7917", "CVE-2016-8645", "CVE-2016-8666", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9793", "CVE-2016-9919");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0181-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.38 to
    receive various security and bugfixes. The following security bugs
    were fixed :
    
      - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x
        provides an incomplete set of requirements for setattr
        operations that underspecifies removing extended
        privilege attributes, which allowed local users to cause
        a denial of service (capability stripping) via a failed
        invocation of a system call, as demonstrated by using
        chown to remove a capability from the ping or Wireshark
        dumpcap program (bnc#914939).
    
      - CVE-2015-8964: The tty_set_termios_ldisc function in
        drivers/tty/tty_ldisc.c in the Linux kernel allowed
        local users to obtain sensitive information from kernel
        memory by reading a tty data structure (bnc#1010507).
    
      - CVE-2016-7039: The IP stack in the Linux kernel allowed
        remote attackers to cause a denial of service (stack
        consumption and panic) or possibly have unspecified
        other impact by triggering use of the GRO path for large
        crafted packets, as demonstrated by packets that contain
        only VLAN headers, a related issue to CVE-2016-8666
        (bnc#1001486).
    
      - CVE-2016-7042: The proc_keys_show function in
        security/keys/proc.c in the Linux kernel through 4.8.2,
        when the GNU Compiler Collection (gcc) stack protector
        is enabled, uses an incorrect buffer size for certain
        timeout data, which allowed local users to cause a
        denial of service (stack memory corruption and panic) by
        reading the /proc/keys file (bnc#1004517).
    
      - CVE-2016-7425: The arcmsr_iop_message_xfer function in
        drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did
        not restrict a certain length field, which allowed local
        users to gain privileges or cause a denial of service
        (heap-based buffer overflow) via an
        ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).
    
      - CVE-2016-7913: The xc2028_set_config function in
        drivers/media/tuners/tuner-xc2028.c in the Linux kernel
        allowed local users to gain privileges or cause a denial
        of service (use-after-free) via vectors involving
        omission of the firmware name from a certain data
        structure (bnc#1010478).
    
      - CVE-2016-7917: The nfnetlink_rcv_batch function in
        net/netfilter/nfnetlink.c in the Linux kernel did not
        check whether a batch message's length field is large
        enough, which allowed local users to obtain sensitive
        information from kernel memory or cause a denial of
        service (infinite loop or out-of-bounds read) by
        leveraging the CAP_NET_ADMIN capability (bnc#1010444).
    
      - CVE-2016-8645: The TCP stack in the Linux kernel
        mishandled skb truncation, which allowed local users to
        cause a denial of service (system crash) via a crafted
        application that made sendto system calls, related to
        net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c
        (bnc#1009969).
    
      - CVE-2016-8666: The IP stack in the Linux kernel allowed
        remote attackers to cause a denial of service (stack
        consumption and panic) or possibly have unspecified
        other impact by triggering use of the GRO path for
        packets with tunnel stacking, as demonstrated by
        interleaved IPv4 headers and GRE headers, a related
        issue to CVE-2016-7039 (bnc#1003964).
    
      - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux
        kernel allowed local users to bypass integer overflow
        checks, and cause a denial of service (memory
        corruption) or have unspecified other impact, by
        leveraging access to a vfio PCI device file for a
        VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine
        confusion bug (bnc#1007197).
    
      - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the
        Linux kernel misuses the kzalloc function, which allowed
        local users to cause a denial of service (integer
        overflow) or have unspecified other impact by leveraging
        access to a vfio PCI device file (bnc#1007197).
    
      - CVE-2016-9793: A bug in SO_{SND|RCV}BUFFORCE
        setsockopt() implementation was fixed, which allowed
        CAP_NET_ADMIN users to cause memory corruption.
        (bsc#1013531).
    
      - CVE-2016-9919: The icmp6_send function in
        net/ipv6/icmp.c in the Linux kernel omits a certain
        check of the dst data structure, which allowed remote
        attackers to cause a denial of service (panic) via a
        fragmented IPv6 packet (bnc#1014701).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1000118"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1000189"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1000287"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1000304"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1000433"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1000776"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1001169"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1001171"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1001310"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1001462"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1001486"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1001888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1002322"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1002770"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1002786"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1003068"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1003566"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1003581"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1003606"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1003813"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1003866"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1003964"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1004048"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1004052"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1004252"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1004365"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1004517"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005169"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005327"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005545"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005666"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005745"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005895"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005917"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005921"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005923"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005925"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005929"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1006103"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1006175"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1006267"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1006528"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1006576"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1006804"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1006809"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1006827"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1006915"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1006918"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1007197"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1007615"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1007653"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1007955"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1008557"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1008979"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1009062"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1009969"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1010040"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1010158"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1010444"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1010478"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1010507"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1010665"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1010690"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1010970"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1011176"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1011250"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1011913"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1012060"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1012094"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1012452"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1012767"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1012829"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1012992"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1013001"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1013479"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1013531"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1013700"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1014120"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1014392"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1014701"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1014710"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1015212"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1015359"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1015367"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1015416"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=799133"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=914939"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=922634"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=963609"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=963655"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=963904"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=964462"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=966170"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=966172"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=966186"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=966191"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=966316"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=966318"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=966325"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=966471"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=969474"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=969475"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=969476"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=969477"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=969756"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=971975"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=971989"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=972993"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=974313"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=974842"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=974843"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=978907"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=979378"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=979681"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=981825"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=983087"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=983152"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=983318"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=985850"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=986255"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=986987"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=987641"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=987703"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=987805"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=988524"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=988715"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=990384"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=992555"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=993739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=993841"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=993891"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=994881"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=995278"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=997059"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=997639"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=997807"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=998054"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=998689"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=999907"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=999932"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-1350/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2015-8964/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-7039/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-7042/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-7425/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-7913/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-7917/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-8645/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-8666/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-9083/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-9084/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-9793/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-9919/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20170181-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?78a2e8c9"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch
    SUSE-SLE-WE-12-SP2-2017-87=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
    patch SUSE-SLE-SDK-12-SP2-2017-87=1
    
    SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
    patch SUSE-SLE-RPI-12-SP2-2017-87=1
    
    SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-2017-87=1
    
    SUSE Linux Enterprise Live Patching 12:zypper in -t patch
    SUSE-SLE-Live-Patching-12-2017-87=1
    
    SUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch
    SUSE-SLE-HA-12-SP2-2017-87=1
    
    SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP2-2017-87=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/01/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP2", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"kernel-default-4.4.38-93.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"kernel-default-base-4.4.38-93.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"kernel-default-base-debuginfo-4.4.38-93.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"kernel-default-debuginfo-4.4.38-93.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"kernel-default-debugsource-4.4.38-93.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"kernel-default-devel-4.4.38-93.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"kernel-syms-4.4.38-93.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"kernel-default-4.4.38-93.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"kernel-default-debuginfo-4.4.38-93.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"kernel-default-debugsource-4.4.38-93.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"kernel-default-devel-4.4.38-93.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"kernel-default-extra-4.4.38-93.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"kernel-default-extra-debuginfo-4.4.38-93.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"2", cpu:"x86_64", reference:"kernel-syms-4.4.38-93.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3099-4.NASL
    descriptionVladimir Benes discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload (GRO) processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption, leading to a denial of service (system crash). (CVE-2016-7039) Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-6828) Pengfei Wang discovered a race condition in the Adaptec AAC RAID controller driver in the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6480). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93959
    published2016-10-11
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93959
    titleUbuntu 16.04 LTS : linux-snapdragon vulnerabilities (USN-3099-4)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3099-4. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93959);
      script_version("2.14");
      script_cvs_date("Date: 2019/09/18 12:31:46");
    
      script_cve_id("CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7039");
      script_xref(name:"USN", value:"3099-4");
    
      script_name(english:"Ubuntu 16.04 LTS : linux-snapdragon vulnerabilities (USN-3099-4)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Vladimir Benes discovered an unbounded recursion in the VLAN and TEB
    Generic Receive Offload (GRO) processing implementations in the Linux
    kernel, A remote attacker could use this to cause a stack corruption,
    leading to a denial of service (system crash). (CVE-2016-7039)
    
    Marco Grassi discovered a use-after-free condition could occur in the
    TCP retransmit queue handling code in the Linux kernel. A local
    attacker could use this to cause a denial of service (system crash) or
    possibly execute arbitrary code. (CVE-2016-6828)
    
    Pengfei Wang discovered a race condition in the Adaptec AAC RAID
    controller driver in the Linux kernel when handling ioctl()s. A local
    attacker could use this to cause a denial of service (system crash).
    (CVE-2016-6480).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3099-4/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected linux-image-4.4-snapdragon package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7039");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3099-4");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1030-snapdragon", pkgver:"4.4.0-1030.33")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.4-snapdragon");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2107.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * A race condition was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id94315
    published2016-10-27
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94315
    titleRHEL 6 : MRG (RHSA-2016:2107) (Dirty COW)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2016:2107. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94315);
      script_version("2.23");
      script_cvs_date("Date: 2019/10/24 15:35:42");
    
      script_cve_id("CVE-2016-5195", "CVE-2016-7039", "CVE-2016-8666");
      script_xref(name:"RHSA", value:"2016:2107");
      script_xref(name:"IAVA", value:"2016-A-0306");
    
      script_name(english:"RHEL 6 : MRG (RHSA-2016:2107) (Dirty COW)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kernel-rt is now available for Red Hat Enterprise MRG
    2.5.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel-rt packages provide the Real Time Linux Kernel, which
    enables fine-tuning for systems with extremely high determinism
    requirements.
    
    Security Fix(es) :
    
    * A race condition was found in the way the Linux kernel's memory
    subsystem handled the copy-on-write (COW) breakage of private
    read-only memory mappings. An unprivileged, local user could use this
    flaw to gain write access to otherwise read-only memory mappings and
    thus increase their privileges on the system. (CVE-2016-5195,
    Important)
    
    * Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q)
    OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with
    Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a
    stack overflow issue. It could occur while receiving large packets via
    GRO path; As an unlimited recursion could unfold in both VLAN and TEB
    modules, leading to a stack corruption in the kernel. (CVE-2016-7039,
    Important)
    
    Red Hat would like to thank Phil Oester for reporting CVE-2016-5195."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2016:2107"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-5195"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-7039"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-8666"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/27");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2016-5195", "CVE-2016-7039", "CVE-2016-8666");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2016:2107");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2016:2107";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL6", rpm:"mrg-release"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "MRG");
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-3.10.0-327.rt56.198.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-3.10.0-327.rt56.198.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-debuginfo-3.10.0-327.rt56.198.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-devel-3.10.0-327.rt56.198.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debuginfo-3.10.0-327.rt56.198.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debuginfo-common-x86_64-3.10.0-327.rt56.198.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-devel-3.10.0-327.rt56.198.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"kernel-rt-doc-3.10.0-327.rt56.198.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"kernel-rt-firmware-3.10.0-327.rt56.198.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-3.10.0-327.rt56.198.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-debuginfo-3.10.0-327.rt56.198.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-devel-3.10.0-327.rt56.198.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-3.10.0-327.rt56.198.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-debuginfo-3.10.0-327.rt56.198.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-devel-3.10.0-327.rt56.198.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc");
      }
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3099-2.NASL
    descriptionUSN-3099-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Vladimir Benes discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload (GRO) processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption, leading to a denial of service (system crash). (CVE-2016-7039) Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-6828) Pengfei Wang discovered a race condition in the Adaptec AAC RAID controller driver in the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6480). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93957
    published2016-10-11
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93957
    titleUbuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3099-2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3099-2. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93957);
      script_version("2.14");
      script_cvs_date("Date: 2019/09/18 12:31:46");
    
      script_cve_id("CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7039");
      script_xref(name:"USN", value:"3099-2");
    
      script_name(english:"Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3099-2)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-3099-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04
    LTS. This update provides the corresponding updates for the Linux
    Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu
    14.04 LTS.
    
    Vladimir Benes discovered an unbounded recursion in the VLAN and TEB
    Generic Receive Offload (GRO) processing implementations in the Linux
    kernel, A remote attacker could use this to cause a stack corruption,
    leading to a denial of service (system crash). (CVE-2016-7039)
    
    Marco Grassi discovered a use-after-free condition could occur in the
    TCP retransmit queue handling code in the Linux kernel. A local
    attacker could use this to cause a denial of service (system crash) or
    possibly execute arbitrary code. (CVE-2016-6828)
    
    Pengfei Wang discovered a race condition in the Adaptec AAC RAID
    controller driver in the Linux kernel when handling ioctl()s. A local
    attacker could use this to cause a denial of service (system crash).
    (CVE-2016-6480).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3099-2/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected linux-image-4.4-generic,
    linux-image-4.4-generic-lpae and / or linux-image-4.4-lowlatency
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7039");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3099-2");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.4.0-42-generic", pkgver:"4.4.0-42.62~14.04.1")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.4.0-42-generic-lpae", pkgver:"4.4.0-42.62~14.04.1")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-4.4.0-42-lowlatency", pkgver:"4.4.0-42.62~14.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.4-generic / linux-image-4.4-generic-lpae / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1212.NASL
    descriptionThe openSUSE Leap 42.1 kernel was updated to 4.1.34, fixing bugs and security issues. The following security bugs were fixed : - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004418). - CVE-2016-8658: Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021 1.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket (bnc#1004462). - CVE-2016-7039: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666 (bnc#1001486). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). The following non-security bugs were fixed : - 9p: use file_dentry() (bsc#1005101). - af_unix: Do not set err in unix_stream_read_generic unless there was an error (bsc#1005101). - alsa: hda - Fix superfluous HDMI jack repoll (bsc#1005101). - alsa: hda - Turn off loopback mixing as default (bsc#1001462). - apparmor: add missing id bounds check on dfa verification (bsc#1000304). - apparmor: check that xindex is in trans_table bounds (bsc#1000304). - apparmor: do not check for vmalloc_addr if kvzalloc() failed (bsc#1000304). - apparmor: do not expose kernel stack (bsc#1000304). - apparmor: ensure the target profile name is always audited (bsc#1000304). - apparmor: exec should not be returning ENOENT when it denies (bsc#1000304). - apparmor: fix audit full profile hname on successful load (bsc#1000304). - apparmor: fix change_hat not finding hat after policy replacement (bsc#1000287). - apparmor: fix disconnected bind mnts reconnection (bsc#1000304). - apparmor: fix log failures for all profiles in a set (bsc#1000304). - apparmor: fix module parameters can be changed after policy is locked (bsc#1000304). - apparmor: fix oops in profile_unpack() when policy_db is not present (bsc#1000304). - apparmor: fix put() parent ref after updating the active ref (bsc#1000304). - apparmor: fix refcount bug in profile replacement (bsc#1000304). - apparmor: fix refcount race when finding a child profile (bsc#1000304). - apparmor: fix replacement bug that adds new child to old parent (bsc#1000304). - apparmor: fix uninitialized lsm_audit member (bsc#1000304). - apparmor: fix update the mtime of the profile file on replacement (bsc#1000304). - apparmor: internal paths should be treated as disconnected (bsc#1000304). - apparmor: use list_next_entry instead of list_entry_next (bsc#1000304). - arm: orion5x: Fix legacy get_irqnr_and_base (bsc#1005101). - batman-adv: Fix memory leak on tt add with invalid vlan (bsc#1005101). - batman-adv: replace WARN with rate limited output on non-existing VLAN (bsc#1005101). - blacklist.conf: add some commits (bsc#1005101) - blacklist.conf: add unaplicable IB/uverbs commit (bsc#1005101) - blacklist.conf: Blacklist unsupported architectures - blkfront: fix an error path memory leak (luckily none so far). - blktap2: eliminate deadlock potential from shutdown path (bsc#909994). - blktap2: eliminate race from deferred work queue handling (bsc#911687). - btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600). - cdc-acm: added sanity checking for probe() (bsc#993891). - cgroup: add seq_file forward declaration for struct cftype (bsc#1005101). - do
    last seen2020-06-05
    modified2016-10-24
    plugin id94219
    published2016-10-24
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94219
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2016-1212) (Dirty COW)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2016-1212.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94219);
      script_version("2.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-5195", "CVE-2016-7039", "CVE-2016-7425", "CVE-2016-8658", "CVE-2016-8666");
      script_xref(name:"IAVA", value:"2016-A-0306");
    
      script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2016-1212) (Dirty COW)");
      script_summary(english:"Check for the openSUSE-2016-1212 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The openSUSE Leap 42.1 kernel was updated to 4.1.34, fixing bugs and
    security issues.
    
    The following security bugs were fixed :
    
      - CVE-2016-5195: A local privilege escalation using
        MAP_PRIVATE was fixed, which is reportedly exploited in
        the wild (bsc#1004418).
    
      - CVE-2016-8658: Stack-based buffer overflow in the
        brcmf_cfg80211_start_ap function in
        drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021
        1.c in the Linux kernel allowed local users to cause a
        denial of service (system crash) or possibly have
        unspecified other impact via a long SSID Information
        Element in a command to a Netlink socket (bnc#1004462).
    
      - CVE-2016-7039: The IP stack in the Linux kernel allowed
        remote attackers to cause a denial of service (stack
        consumption and panic) or possibly have unspecified
        other impact by triggering use of the GRO path for large
        crafted packets, as demonstrated by packets that contain
        only VLAN headers, a related issue to CVE-2016-8666
        (bnc#1001486).
    
      - CVE-2016-7425: The arcmsr_iop_message_xfer function in
        drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did
        not restrict a certain length field, which allowed local
        users to gain privileges or cause a denial of service
        (heap-based buffer overflow) via an
        ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).
    
    The following non-security bugs were fixed :
    
      - 9p: use file_dentry() (bsc#1005101).
    
      - af_unix: Do not set err in unix_stream_read_generic
        unless there was an error (bsc#1005101).
    
      - alsa: hda - Fix superfluous HDMI jack repoll
        (bsc#1005101).
    
      - alsa: hda - Turn off loopback mixing as default
        (bsc#1001462).
    
      - apparmor: add missing id bounds check on dfa
        verification (bsc#1000304).
    
      - apparmor: check that xindex is in trans_table bounds
        (bsc#1000304).
    
      - apparmor: do not check for vmalloc_addr if kvzalloc()
        failed (bsc#1000304).
    
      - apparmor: do not expose kernel stack (bsc#1000304).
    
      - apparmor: ensure the target profile name is always
        audited (bsc#1000304).
    
      - apparmor: exec should not be returning ENOENT when it
        denies (bsc#1000304).
    
      - apparmor: fix audit full profile hname on successful
        load (bsc#1000304).
    
      - apparmor: fix change_hat not finding hat after policy
        replacement (bsc#1000287).
    
      - apparmor: fix disconnected bind mnts reconnection
        (bsc#1000304).
    
      - apparmor: fix log failures for all profiles in a set
        (bsc#1000304).
    
      - apparmor: fix module parameters can be changed after
        policy is locked (bsc#1000304).
    
      - apparmor: fix oops in profile_unpack() when policy_db is
        not present (bsc#1000304).
    
      - apparmor: fix put() parent ref after updating the active
        ref (bsc#1000304).
    
      - apparmor: fix refcount bug in profile replacement
        (bsc#1000304).
    
      - apparmor: fix refcount race when finding a child profile
        (bsc#1000304).
    
      - apparmor: fix replacement bug that adds new child to old
        parent (bsc#1000304).
    
      - apparmor: fix uninitialized lsm_audit member
        (bsc#1000304).
    
      - apparmor: fix update the mtime of the profile file on
        replacement (bsc#1000304).
    
      - apparmor: internal paths should be treated as
        disconnected (bsc#1000304).
    
      - apparmor: use list_next_entry instead of list_entry_next
        (bsc#1000304).
    
      - arm: orion5x: Fix legacy get_irqnr_and_base
        (bsc#1005101).
    
      - batman-adv: Fix memory leak on tt add with invalid vlan
        (bsc#1005101).
    
      - batman-adv: replace WARN with rate limited output on
        non-existing VLAN (bsc#1005101).
    
      - blacklist.conf: add some commits (bsc#1005101)
    
      - blacklist.conf: add unaplicable IB/uverbs commit
        (bsc#1005101)
    
      - blacklist.conf: Blacklist unsupported architectures
    
      - blkfront: fix an error path memory leak (luckily none so
        far).
    
      - blktap2: eliminate deadlock potential from shutdown path
        (bsc#909994).
    
      - blktap2: eliminate race from deferred work queue
        handling (bsc#911687).
    
      - btrfs: ensure that file descriptor used with subvol
        ioctls is a dir (bsc#999600).
    
      - cdc-acm: added sanity checking for probe() (bsc#993891).
    
      - cgroup: add seq_file forward declaration for struct
        cftype (bsc#1005101).
    
      - do 'fold checks into iterate_and_advance()' right
        (bsc#972460).
    
      - drm/i915: Wait up to 3ms for the pcu to ack the cdclk
        change request on SKL (bsc#1005101).
    
      - drm/rockchip: unset pgoff when mmap'ing gems
        (bsc#1005101).
    
      - fold checks into iterate_and_advance() (bsc#972460).
    
      - fs/cifs: cifs_get_root shouldn't use path with tree name
        (bsc#963655, bsc#979681, bsc#1000907).
    
      - fs/cifs: Compare prepaths when comparing superblocks
        (bsc#799133).
    
      - fs/cifs: Fix memory leaks in cifs_do_mount()
        (bsc#799133).
    
      - fs/cifs: Fix regression which breaks DFS mounting
        (bsc#799133).
    
      - fs/cifs: Move check for prefix path to within
        cifs_get_root() (bsc#799133).
    
      - hid: multitouch: force retrieving of Win8 signature blob
        (bsc#1005101).
    
      - input: ALPS - add touchstick support for SS5 hardware
        (bsc#987703).
    
      - input: ALPS - allow touchsticks to report pressure
        (bsc#987703).
    
      - input: ALPS - handle 0-pressure 1F events (bsc#987703).
    
      - input: ALPS - set DualPoint flag for 74 03 28 devices
        (bsc#987703).
    
      - ipip: Properly mark ipip GRO packets as encapsulated
        (bsc#1001486).
    
      - ipv6: suppress sparse warnings in IP6_ECN_set_ce()
        (bsc#1005101).
    
      - kabi: hide name change of napi_gro_cb::udp_mark
        (bsc#1001486).
    
      - kaweth: fix firmware download (bsc#993890).
    
      - kaweth: fix oops upon failed memory allocation
        (bsc#993890).
    
      - kvm: x86: only channel 0 of the i8254 is linked to the
        HPET (bsc#1005101).
    
      - memcg: fix thresholds for 32b architectures
        (bsc#1005101).
    
      - msi-x: fix an error path (luckily none so far).
    
      - netback: fix flipping mode (bsc#996664).
    
      - netback: fix flipping mode (bsc#996664).
    
      - netem: fix a use after free (bsc#1005101).
    
      - net: fix warnings in 'make htmldocs' by moving macro
        definition out of field declaration (bsc#1005101).
    
      - netfront: linearize SKBs requiring too many slots
        (bsc#991247).
    
      - netlink: not trim skb for mmaped socket when dump
        (bsc#1005101).
    
      - net_sched: fix pfifo_head_drop behavior vs backlog
        (bsc#1005101).
    
      - net_sched: keep backlog updated with qlen (bsc#1005101).
    
      - nfs: use file_dentry() (bsc#1005101).
    
      - ovl: fix open in stacked overlay (bsc#1005101).
    
      - pci: Prevent out of bounds access in numa_node override
        (bsc#1005101).
    
      - perf/core: Do not leak event in the syscall error path
        (bsc#1005101).
    
      - perf: Fix PERF_EVENT_IOC_PERIOD deadlock (bsc#1005101).
    
      - Revive iov_iter_fault_in_multipages_readable() for
        4.1.34.
    
      - sch_drr: update backlog as well (bsc#1005101).
    
      - sch_hfsc: always keep backlog updated (bsc#1005101).
    
      - sch_prio: update backlog as well (bsc#1005101).
    
      - sch_qfq: keep backlog updated with qlen (bsc#1005101).
    
      - sch_red: update backlog as well (bsc#1005101).
    
      - sch_sfb: keep backlog updated with qlen (bsc#1005101).
    
      - sch_tbf: update backlog as well (bsc#1005101).
    
      - tpm: fix: return rc when devm_add_action() fails
        (bsc#1005101).
    
      - tunnels: Do not apply GRO to multiple layers of
        encapsulation (bsc#1001486).
    
      - Update blacklisting documentation to contain
        path-blacklisting
    
      - usb: fix typo in wMaxPacketSize validation (bsc#991665).
    
      - usb: hub: Fix auto-remount of safely removed or ejected
        USB-3 devices (bsc#922634).
    
      - x86/LDT: Print the real LDT base address (bsc#1005101).
    
      - x86/PCI: Mark Broadwell-EP Home Agent 1 as having
        non-compliant BARs (bsc#1005101).
    
      - xenbus: do not bail early from
        xenbus_dev_request_and_reply() (luckily none so far).
    
      - xenbus: inspect the correct type in
        xenbus_dev_request_and_reply().
    
      - xen: Fix refcnt regression in xen netback introduced by
        changes made for bug#881008 (bnc#978094)
    
      - xen: Linux 4.1.28."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1000287"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1000304"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1000907"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1001462"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1001486"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1004418"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1004462"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1005101"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=799133"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=881008"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=909994"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=911687"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=922634"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=963655"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=972460"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=978094"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=979681"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=987703"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=991247"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=991665"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=993890"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=993891"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=996664"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=999600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=999932"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected the Linux Kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:drbd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:drbd-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:drbd-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:drbd-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:drbd-kmp-pv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:drbd-kmp-pv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:drbd-kmp-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:drbd-kmp-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-pv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-pv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-pv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-pv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-pdf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pv-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libipset3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libipset3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lttng-modules");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lttng-modules-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lttng-modules-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lttng-modules-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lttng-modules-kmp-pv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:lttng-modules-kmp-pv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-pv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-pv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-pv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-pv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/21");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/24");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.1", reference:"hdjmod-debugsource-1.28-26.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"hdjmod-kmp-default-1.28_k4.1.34_33-26.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"hdjmod-kmp-default-debuginfo-1.28_k4.1.34_33-26.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"hdjmod-kmp-pae-1.28_k4.1.34_33-26.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"hdjmod-kmp-pae-debuginfo-1.28_k4.1.34_33-26.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"hdjmod-kmp-pv-1.28_k4.1.34_33-26.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"hdjmod-kmp-pv-debuginfo-1.28_k4.1.34_33-26.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"hdjmod-kmp-xen-1.28_k4.1.34_33-26.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"hdjmod-kmp-xen-debuginfo-1.28_k4.1.34_33-26.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"ipset-6.25.1-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"ipset-debuginfo-6.25.1-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"ipset-debugsource-6.25.1-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"ipset-devel-6.25.1-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"ipset-kmp-default-6.25.1_k4.1.34_33-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"ipset-kmp-default-debuginfo-6.25.1_k4.1.34_33-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"ipset-kmp-pae-6.25.1_k4.1.34_33-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"ipset-kmp-pae-debuginfo-6.25.1_k4.1.34_33-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"ipset-kmp-pv-6.25.1_k4.1.34_33-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"ipset-kmp-pv-debuginfo-6.25.1_k4.1.34_33-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"ipset-kmp-xen-6.25.1_k4.1.34_33-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"ipset-kmp-xen-debuginfo-6.25.1_k4.1.34_33-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-base-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-base-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-debugsource-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-default-devel-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-devel-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-docs-html-4.1.34-33.3") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-docs-pdf-4.1.34-33.3") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-macros-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-obs-build-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-obs-build-debugsource-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-obs-qa-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-obs-qa-xen-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-source-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-source-vanilla-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"kernel-syms-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"libipset3-6.25.1-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"libipset3-debuginfo-6.25.1-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"pcfclock-0.44-268.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"pcfclock-debuginfo-0.44-268.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"pcfclock-debugsource-0.44-268.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"pcfclock-kmp-default-0.44_k4.1.34_33-268.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"pcfclock-kmp-default-debuginfo-0.44_k4.1.34_33-268.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"pcfclock-kmp-pae-0.44_k4.1.34_33-268.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"pcfclock-kmp-pae-debuginfo-0.44_k4.1.34_33-268.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"pcfclock-kmp-pv-0.44_k4.1.34_33-268.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"pcfclock-kmp-pv-debuginfo-0.44_k4.1.34_33-268.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"vhba-kmp-debugsource-20140928-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"vhba-kmp-default-20140928_k4.1.34_33-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"vhba-kmp-default-debuginfo-20140928_k4.1.34_33-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"vhba-kmp-pae-20140928_k4.1.34_33-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"vhba-kmp-pae-debuginfo-20140928_k4.1.34_33-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"vhba-kmp-pv-20140928_k4.1.34_33-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"vhba-kmp-pv-debuginfo-20140928_k4.1.34_33-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"vhba-kmp-xen-20140928_k4.1.34_33-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"vhba-kmp-xen-debuginfo-20140928_k4.1.34_33-7.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-base-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-base-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-debugsource-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-devel-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-debug-devel-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-base-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-base-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-debugsource-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-ec2-devel-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-base-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-base-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-debugsource-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pae-devel-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-base-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-base-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-debugsource-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-pv-devel-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-vanilla-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-vanilla-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-vanilla-debugsource-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-vanilla-devel-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-base-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-base-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-debugsource-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"i686", reference:"kernel-xen-devel-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"drbd-8.4.6-10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"drbd-debugsource-8.4.6-10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"drbd-kmp-default-8.4.6_k4.1.34_33-10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"drbd-kmp-default-debuginfo-8.4.6_k4.1.34_33-10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"drbd-kmp-pv-8.4.6_k4.1.34_33-10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"drbd-kmp-pv-debuginfo-8.4.6_k4.1.34_33-10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"drbd-kmp-xen-8.4.6_k4.1.34_33-10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"drbd-kmp-xen-debuginfo-8.4.6_k4.1.34_33-10.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-base-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-base-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-debugsource-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-devel-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-debug-devel-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-base-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-base-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-debugsource-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-ec2-devel-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-base-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-base-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-debugsource-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pae-devel-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-base-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-base-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-debugsource-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-pv-devel-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-vanilla-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-vanilla-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-vanilla-debugsource-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-vanilla-devel-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-base-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-debuginfo-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-debugsource-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"kernel-xen-devel-4.1.34-33.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"lttng-modules-2.7.0-4.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"lttng-modules-debugsource-2.7.0-4.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"lttng-modules-kmp-default-2.7.0_k4.1.34_33-4.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"lttng-modules-kmp-default-debuginfo-2.7.0_k4.1.34_33-4.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"lttng-modules-kmp-pv-2.7.0_k4.1.34_33-4.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"lttng-modules-kmp-pv-debuginfo-2.7.0_k4.1.34_33-4.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "hdjmod-debugsource / hdjmod-kmp-default / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2047.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path as an unlimited recursion could unfold in both VLAN and TEB modules leading to a stack corruption in the kernel. (CVE-2016-7039, Important)
    last seen2020-06-01
    modified2020-06-02
    plugin id93952
    published2016-10-11
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93952
    titleRHEL 7 : kernel (RHSA-2016:2047)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2016:2047. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93952);
      script_version("2.17");
      script_cvs_date("Date: 2019/10/24 15:35:42");
    
      script_cve_id("CVE-2016-7039", "CVE-2016-8666");
      script_xref(name:"RHSA", value:"2016:2047");
    
      script_name(english:"RHEL 7 : kernel (RHSA-2016:2047)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kernel is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es) :
    
    * Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q)
    OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with
    Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a
    stack overflow issue. It could occur while receiving large packets via
    GRO path as an unlimited recursion could unfold in both VLAN and TEB
    modules leading to a stack corruption in the kernel. (CVE-2016-7039,
    Important)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2016:2047"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-7039"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-8666"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2016-7039", "CVE-2016-8666");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2016:2047");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2016:2047";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"kernel-abi-whitelists-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-debuginfo-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-devel-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debuginfo-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debuginfo-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debuginfo-common-s390x-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-devel-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"kernel-doc-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-headers-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-debuginfo-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-devel-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-tools-debuginfo-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"perf-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"perf-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"perf-debuginfo-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"perf-debuginfo-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-perf-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-perf-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-perf-debuginfo-3.10.0-327.36.2.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-perf-debuginfo-3.10.0-327.36.2.el7")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
      }
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3098-2.NASL
    descriptionUSN-3098-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS. Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-6828) Vladimir Benes discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload (GRO) processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption, leading to a denial of service (system crash). (CVE-2016-7039) Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. (CVE-2016-6136) Pengfei Wang discovered a race condition in the Adaptec AAC RAID controller driver in the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6480). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93955
    published2016-10-11
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93955
    titleUbuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3098-2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3098-2. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93955);
      script_version("2.14");
      script_cvs_date("Date: 2019/09/18 12:31:46");
    
      script_cve_id("CVE-2016-6136", "CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7039");
      script_xref(name:"USN", value:"3098-2");
    
      script_name(english:"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3098-2)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-3098-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04
    LTS. This update provides the corresponding updates for the Linux
    Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu
    12.04 LTS.
    
    Marco Grassi discovered a use-after-free condition could occur in the
    TCP retransmit queue handling code in the Linux kernel. A local
    attacker could use this to cause a denial of service (system crash) or
    possibly execute arbitrary code. (CVE-2016-6828)
    
    Vladimir Benes discovered an unbounded recursion in the VLAN and TEB
    Generic Receive Offload (GRO) processing implementations in the Linux
    kernel, A remote attacker could use this to cause a stack corruption,
    leading to a denial of service (system crash). (CVE-2016-7039)
    
    Pengfei Wang discovered a race condition in the audit subsystem in the
    Linux kernel. A local attacker could use this to corrupt audit logs or
    disrupt system-call auditing. (CVE-2016-6136)
    
    Pengfei Wang discovered a race condition in the Adaptec AAC RAID
    controller driver in the Linux kernel when handling ioctl()s. A local
    attacker could use this to cause a denial of service (system crash).
    (CVE-2016-6480).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3098-2/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected linux-image-3.13-generic and / or
    linux-image-3.13-generic-lpae packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2016-6136", "CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7039");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3098-2");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.13.0-98-generic", pkgver:"3.13.0-98.145~precise1")) flag++;
    if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.13.0-98-generic-lpae", pkgver:"3.13.0-98.145~precise1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.13-generic / linux-image-3.13-generic-lpae");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1521.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.(CVE-2017-7895i1/4%0 - A flaw was found in the Linux kernel
    last seen2020-03-19
    modified2019-05-14
    plugin id124974
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124974
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1521)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124974);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");
    
      script_cve_id(
        "CVE-2013-4348",
        "CVE-2014-5045",
        "CVE-2014-5206",
        "CVE-2014-7825",
        "CVE-2014-8369",
        "CVE-2014-8989",
        "CVE-2015-8785",
        "CVE-2016-2059",
        "CVE-2016-2185",
        "CVE-2016-2188",
        "CVE-2016-3713",
        "CVE-2016-7039",
        "CVE-2017-13695",
        "CVE-2017-15649",
        "CVE-2017-15951",
        "CVE-2017-17805",
        "CVE-2017-6874",
        "CVE-2017-7895",
        "CVE-2018-13093",
        "CVE-2018-7492"
      );
      script_bugtraq_id(
        63536,
        68862,
        69214,
        70747,
        70749,
        70972,
        71154,
        71367
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1521)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization for ARM 64 installation on the remote host is
    affected by the following vulnerabilities :
    
      - The NFSv2 and NFSv3 server implementations in the Linux
        kernel through 4.10.13 lacked certain checks for the
        end of a buffer. A remote attacker could trigger a
        pointer-arithmetic error or possibly cause other
        unspecified impacts using crafted requests related to
        fs/nfsd/nfs3xdr.c and
        fs/nfsd/nfsxdr.c.(CVE-2017-7895i1/4%0
    
      - A flaw was found in the Linux kernel's ACPI subsystem
        where a function does not flush the operand cache and
        causes a kernel stack dump. This allows local users to
        obtain sensitive information from kernel memory and
        bypass the KASLR protection mechanism when using a
        specially crafted ACPI table.(CVE-2017-13695i1/4%0
    
      - It was found that fanout_add() in
        'net/packet/af_packet.c' in the Linux kernel, before
        version 4.13.6, allows local users to gain privileges
        via crafted system calls that trigger mishandling of
        packet_fanout data structures, because of a race
        condition (involving fanout_add and packet_do_bind)
        that leads to a use-after-free bug.(CVE-2017-15649i1/4%0
    
      - Race condition in kernel/ucount.c in the Linux kernel
        through 4.10.2 allows local users to cause a denial of
        service (use-after-free and system crash) or possibly
        have unspecified other impact via crafted system calls
        that leverage certain decrement behavior that causes
        incorrect interaction between put_ucounts and
        get_ucounts.(CVE-2017-6874i1/4%0
    
      - An out-of-bounds memory access flaw, CVE-2014-7825, was
        found in the syscall tracing functionality of the Linux
        kernel's perf subsystem. A local, unprivileged user
        could use this flaw to crash the system. Additionally,
        an out-of-bounds memory access flaw, CVE-2014-7826, was
        found in the syscall tracing functionality of the Linux
        kernel's ftrace subsystem. On a system with ftrace
        syscall tracing enabled, a local, unprivileged user
        could use this flaw to crash the system, or escalate
        their privileges.(CVE-2014-7825i1/4%0
    
      - The Salsa20 encryption algorithm in the Linux kernel,
        before 4.14.8, does not correctly handle zero-length
        inputs. This allows a local attacker the ability to use
        the AF_ALG-based skcipher interface to cause a denial
        of service (uninitialized-memory free and kernel crash)
        or have an unspecified other impact by executing a
        crafted sequence of system calls that use the
        blkcipher_walk API. Both the generic implementation
        (crypto/salsa20_generic.c) and x86 implementation
        (arch/x86/crypto/salsa20_glue.c) of Salsa20 are
        vulnerable.(CVE-2017-17805i1/4%0
    
      - The msm_ipc_router_bind_control_port function in
        net/ipc_router/ipc_router_core.c in the IPC router
        kernel module for the Linux kernel 3.x, as used in
        Qualcomm Innovation Center (QuIC) Android contributions
        for MSM devices and other products, does not verify
        that a port is a client port, which allows attackers to
        gain privileges or cause a denial of service (race
        condition and list corruption) by making many
        BIND_CONTROL_PORT ioctl calls.(CVE-2016-2059i1/4%0
    
      - The do_remount function in fs/namespace.c in the Linux
        kernel through 3.16.1 does not maintain the
        MNT_LOCK_READONLY bit across a remount of a bind mount,
        which allows local users to bypass an intended
        read-only restriction and defeat certain sandbox
        protection mechanisms via a 'mount -o remount' command
        within a user namespace.(CVE-2014-5206i1/4%0
    
      - The ati_remote2_probe function in
        drivers/input/misc/ati_remote2.c in the Linux kernel
        before 4.5.1 allows physically proximate attackers to
        cause a denial of service (NULL pointer dereference and
        system crash) via a crafted endpoints value in a USB
        device descriptor.(CVE-2016-2185i1/4%0
    
      - It was found that the fix for CVE-2014-3601 was
        incomplete: the Linux kernel's kvm_iommu_map_pages()
        function still handled IOMMU mapping failures
        incorrectly. A privileged user in a guest with an
        assigned host device could use this flaw to crash the
        host.(CVE-2014-8369i1/4%0
    
      - A NULL pointer dereference was found in
        net/rds/rdma.c:__rds_rdma_map() function in the Linux
        kernel allowing local attackers to cause a system panic
        and a denial-of-service.(CVE-2018-7492i1/4%0
    
      - An issue was discovered in the XFS filesystem in
        fs/xfs/xfs_icache.c in the Linux kernel. There is a
        NULL pointer dereference leading to a system panic in
        lookup_slow() on a NULL inode-i1/4zi_ops pointer when
        doing pathwalks on a corrupted xfs image. This occurs
        because of a lack of proper validation that cached
        inodes are free during an allocation.(CVE-2018-13093i1/4%0
    
      - The iowarrior_probe function in
        drivers/usb/misc/iowarrior.c in the Linux kernel before
        4.5.1 allows physically proximate attackers to cause a
        denial of service (NULL pointer dereference and system
        crash) via a crafted endpoints value in a USB device
        descriptor.(CVE-2016-2188i1/4%0
    
      - Linux kernel built with the 802.1Q/802.1ad
        VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local
        Area Network(CONFIG_VXLAN) with Transparent Ethernet
        Bridging(TEB) GRO support, is vulnerable to a stack
        overflow issue. It could occur while receiving large
        packets via GRO path, as an unlimited recursion could
        unfold in both VLAN and TEB modules, leading to a stack
        corruption in the kernel.(CVE-2016-7039i1/4%0
    
      - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in
        the Linux kernel before 4.6.1 supports MSR 0x2f8, which
        allows guest OS users to read or write to the
        kvm_arch_vcpu data structure, and consequently obtain
        sensitive information or cause a denial of service
        (system crash), via a crafted ioctl
        call.(CVE-2016-3713i1/4%0
    
      - A flaw was found in the way the Linux kernel's VFS
        subsystem handled reference counting when performing
        unmount operations on symbolic links. A local,
        unprivileged user could use this flaw to exhaust all
        available memory on the system or, potentially, trigger
        a use-after-free error, resulting in a system crash or
        privilege escalation.(CVE-2014-5045i1/4%0
    
      - The KEYS subsystem in the Linux kernel before 4.13.10
        does not correctly synchronize the actions of updating
        versus finding a key in the 'negative' state to avoid a
        race condition, which allows local users to cause a
        denial of service or possibly have unspecified other
        impact via crafted system calls.(CVE-2017-15951i1/4%0
    
      - The skb_flow_dissect function in
        net/core/flow_dissector.c in the Linux kernel through
        3.12 allows remote attackers to cause a denial of
        service (infinite loop) via a small value in the IHL
        field of a packet with IPIP
        encapsulation.(CVE-2013-4348i1/4%0
    
      - The Linux kernel through 3.17.4 does not properly
        restrict dropping of supplemental group memberships in
        certain namespace scenarios, which allows local users
        to bypass intended file permissions by leveraging a
        POSIX ACL containing an entry for the group category
        that is more restrictive than the entry for the other
        category, aka a 'negative groups' issue, related to
        kernel/groups.c, kernel/uid16.c, and
        kernel/user_namespace.c.(CVE-2014-8989i1/4%0
    
      - An infinite-loop flaw was found in the kernel. When a
        local user calls the sys_writev syscall with a
        specially crafted sequence of iov structs, the
        fuse_fill_write_pages kernel function might never
        terminate, instead continuing in a tight loop. This
        process cannot be terminated and requires a
        reboot.(CVE-2015-8785i1/4%0
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1521
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a1899f2b");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-4.19.28-1.2.117",
            "kernel-devel-4.19.28-1.2.117",
            "kernel-headers-4.19.28-1.2.117",
            "kernel-tools-4.19.28-1.2.117",
            "kernel-tools-libs-4.19.28-1.2.117",
            "kernel-tools-libs-devel-4.19.28-1.2.117",
            "perf-4.19.28-1.2.117",
            "python-perf-4.19.28-1.2.117"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-2047.NASL
    descriptionFrom Red Hat Security Advisory 2016:2047 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path as an unlimited recursion could unfold in both VLAN and TEB modules leading to a stack corruption in the kernel. (CVE-2016-7039, Important)
    last seen2020-06-01
    modified2020-06-02
    plugin id93949
    published2016-10-11
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93949
    titleOracle Linux 7 : kernel (ELSA-2016-2047)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2016:2047 and 
    # Oracle Linux Security Advisory ELSA-2016-2047 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93949);
      script_version("2.12");
      script_cvs_date("Date: 2019/09/27 13:00:37");
    
      script_cve_id("CVE-2016-7039", "CVE-2016-8666");
      script_xref(name:"RHSA", value:"2016:2047");
    
      script_name(english:"Oracle Linux 7 : kernel (ELSA-2016-2047)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2016:2047 :
    
    An update for kernel is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es) :
    
    * Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q)
    OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with
    Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a
    stack overflow issue. It could occur while receiving large packets via
    GRO path as an unlimited recursion could unfold in both VLAN and TEB
    modules leading to a stack corruption in the kernel. (CVE-2016-7039,
    Important)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2016-October/006409.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2016-7039", "CVE-2016-8666");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2016-2047");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "3.10";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL7", rpm:"kernel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-3.10.0-327.36.2.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-abi-whitelists-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-abi-whitelists-3.10.0-327.36.2.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-debug-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-327.36.2.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-debug-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-327.36.2.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-327.36.2.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-doc-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-doc-3.10.0-327.36.2.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-headers-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-327.36.2.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-tools-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-327.36.2.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-tools-libs-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-327.36.2.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-tools-libs-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-327.36.2.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"perf-3.10.0-327.36.2.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"python-perf-3.10.0-327.36.2.el7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1494.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in Linux kernel. There is an information leak in file
    last seen2020-03-19
    modified2019-05-15
    plugin id125100
    published2019-05-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125100
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1494)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125100);
      script_version("1.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");
    
      script_cve_id(
        "CVE-2016-4569",
        "CVE-2016-4578",
        "CVE-2016-4580",
        "CVE-2016-4581",
        "CVE-2016-4794",
        "CVE-2016-4805",
        "CVE-2016-4913",
        "CVE-2016-4997",
        "CVE-2016-4998",
        "CVE-2016-5195",
        "CVE-2016-5696",
        "CVE-2016-5829",
        "CVE-2016-6136",
        "CVE-2016-6197",
        "CVE-2016-6198",
        "CVE-2016-6327",
        "CVE-2016-6480",
        "CVE-2016-6786",
        "CVE-2016-6787",
        "CVE-2016-6828",
        "CVE-2016-7039",
        "CVE-2016-7042",
        "CVE-2016-7097"
      );
    
      script_name(english:"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1494)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization installation on the remote host is affected by
    the following vulnerabilities :
    
      - A vulnerability was found in Linux kernel. There is an
        information leak in file 'sound/core/timer.c' of the
        latest mainline Linux kernel, the stack object
        aEURoetreadaEUR has a total size of 32 bytes. It contains a
        8-bytes padding, which is not initialized but sent to
        user via copy_to_user(), resulting a kernel
        leak.(CVE-2016-4569)
    
      - A vulnerability was found in Linux kernel. There is an
        information leak in file sound/core/timer.c of the
        latest mainline Linux kernel. The stack object aEURoer1aEUR
        has a total size of 32 bytes. Its field aEURoeeventaEUR and
        aEURoevalaEUR both contain 4 bytes padding. These 8 bytes
        padding bytes are sent to user without being
        initialized.(CVE-2016-4578)
    
      - The x25_negotiate_facilities function in
        net/x25/x25_facilities.c in the Linux kernel before
        4.5.5 does not properly initialize a certain data
        structure, which allows attackers to obtain sensitive
        information from kernel stack memory via an X.25 Call
        Request.(CVE-2016-4580)
    
      - fs/pnode.c in the Linux kernel before 4.5.4 does not
        properly traverse a mount propagation tree in a certain
        case involving a slave mount, which allows local users
        to cause a denial of service (NULL pointer dereference
        and OOPS) via a crafted series of mount system
        calls.(CVE-2016-4581)
    
      - Use after free vulnerability was found in percpu using
        previously allocated memory in bpf. First
        __alloc_percpu_gfp() is called, then the memory is
        freed with free_percpu() which triggers async
        pcpu_balance_work and then pcpu_extend_area_map could
        use a chunk after it has been freed.(CVE-2016-4794)
    
      - Use-after-free vulnerability in
        drivers/net/ppp/ppp_generic.c in the Linux kernel
        before 4.5.2 allows local users to cause a denial of
        service (memory corruption and system crash, or
        spinlock) or possibly have unspecified other impact by
        removing a network namespace, related to the
        ppp_register_net_channel and ppp_unregister_channel
        functions.(CVE-2016-4805)
    
      - A vulnerability was found in the Linux kernel. Payloads
        of NM entries are not supposed to contain NUL. When
        such entry is processed, only the part prior to the
        first NUL goes into the concatenation (i.e. the
        directory entry name being encoded by a bunch of NM
        entries). The process stops when the amount collected
        so far + the claimed amount in the current NM entry
        exceed 254. However, the value returned as the total
        length is the sum of *claimed* sizes, not the actual
        amount collected. And that's what will be passed to
        readdir() callback as the name length - 8Kb
        __copy_to_user() from a buffer allocated by
        __get_free_page().(CVE-2016-4913)
    
      - A flaw was discovered in processing setsockopt for 32
        bit processes on 64 bit systems. This flaw will allow
        attackers to alter arbitrary kernel memory when
        unloading a kernel module. This action is usually
        restricted to root-privileged users but can also be
        leveraged if the kernel is compiled with CONFIG_USER_NS
        and CONFIG_NET_NS and the user is granted elevated
        privileges.(CVE-2016-4997)
    
      - An out-of-bounds heap memory access leading to a Denial
        of Service, heap disclosure, or further impact was
        found in setsockopt(). The function call is normally
        restricted to root, however some processes with
        cap_sys_admin may also be able to trigger this flaw in
        privileged container environments.(CVE-2016-4998)
    
      - A race condition was found in the way the Linux
        kernel's memory subsystem handled the copy-on-write
        (COW) breakage of private read-only memory mappings. An
        unprivileged, local user could use this flaw to gain
        write access to otherwise read-only memory mappings and
        thus increase their privileges on the
        system.(CVE-2016-5195)
    
      - It was found that the RFC 5961 challenge ACK rate
        limiting as implemented in the Linux kernel's
        networking subsystem allowed an off-path attacker to
        leak certain information about a given connection by
        creating congestion on the global challenge ACK rate
        limit counter and then measuring the changes by probing
        packets. An off-path attacker could use this flaw to
        either terminate TCP connection and/or inject payload
        into non-secured TCP connection between two endpoints
        on the network.(CVE-2016-5696)
    
      - A heap-based buffer overflow vulnerability was found in
        the Linux kernel's hiddev driver. This flaw could allow
        a local attacker to corrupt kernel memory, possible
        privilege escalation or crashing the
        system.(CVE-2016-5829)
    
      - When creating audit records for parameters to executed
        children processes, an attacker can convince the Linux
        kernel audit subsystem can create corrupt records which
        may allow an attacker to misrepresent or evade logging
        of executing commands.(CVE-2016-6136)
    
      - It was found that the unlink and rename functionality
        in overlayfs did not verify the upper dentry for
        staleness. A local, unprivileged user could use the
        rename syscall on overlayfs on top of xfs to panic or
        crash the system.(CVE-2016-6197)
    
      - A flaw was found that the vfs_rename() function did not
        detect hard links on overlayfs. A local, unprivileged
        user could use the rename syscall on overlayfs on top
        of xfs to crash the system.(CVE-2016-6198)
    
      - System using the infiniband support module ib_srpt were
        vulnerable to a denial of service by system crash by a
        local attacker who is able to abort writes to a device
        using this initiator.(CVE-2016-6327)
    
      - A race condition flaw was found in the ioctl_send_fib()
        function in the Linux kernel's aacraid implementation.
        A local attacker could use this flaw to cause a denial
        of service (out-of-bounds access or system crash) by
        changing a certain size value.(CVE-2016-6480)
    
      - kernel/events/core.c in the performance subsystem in
        the Linux kernel before 4.0 mismanages locks during
        certain migrations, which allows local users to gain
        privileges via a crafted application, aka Android
        internal bug 30955111.(CVE-2016-6786)
    
      - kernel/events/core.c in the performance subsystem in
        the Linux kernel before 4.0 mismanages locks during
        certain migrations, which allows local users to gain
        privileges via a crafted application, aka Android
        internal bug 31095224.(CVE-2016-6787)
    
      - A use-after-free vulnerability was found in
        tcp_xmit_retransmit_queue and other tcp_* functions.
        This condition could allow an attacker to send an
        incorrect selective acknowledgment to existing
        connections, possibly resetting a
        connection.(CVE-2016-6828)
    
      - Linux kernel built with the 802.1Q/802.1ad
        VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local
        Area Network(CONFIG_VXLAN) with Transparent Ethernet
        Bridging(TEB) GRO support, is vulnerable to a stack
        overflow issue. It could occur while receiving large
        packets via GRO path, as an unlimited recursion could
        unfold in both VLAN and TEB modules, leading to a stack
        corruption in the kernel.(CVE-2016-7039)
    
      - It was found that when the gcc stack protector was
        enabled, reading the /proc/keys file could cause a
        panic in the Linux kernel due to stack corruption. This
        happened because an incorrect buffer size was used to
        hold a 64-bit timeout value rendered as
        weeks.(CVE-2016-7042)
    
      - It was found that when file permissions were modified
        via chmod and the user modifying them was not in the
        owning group or capable of CAP_FSETID, the setgid bit
        would be cleared. Setting a POSIX ACL via setxattr sets
        the file permissions as well as the new ACL, but
        doesn't clear the setgid bit in a similar way. This
        could allow a local user to gain group privileges via
        certain setgid applications.(CVE-2016-7097)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1494
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0e64722c");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-5829");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/15");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-3.10.0-862.14.1.6_42",
            "kernel-devel-3.10.0-862.14.1.6_42",
            "kernel-headers-3.10.0-862.14.1.6_42",
            "kernel-tools-3.10.0-862.14.1.6_42",
            "kernel-tools-libs-3.10.0-862.14.1.6_42",
            "kernel-tools-libs-devel-3.10.0-862.14.1.6_42",
            "perf-3.10.0-862.14.1.6_42",
            "python-perf-3.10.0-862.14.1.6_42"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2016-762.NASL
    descriptionThe IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 . (CVE-2016-8666) Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path, as an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel. (CVE-2016-7039)
    last seen2020-06-01
    modified2020-06-02
    plugin id94682
    published2016-11-11
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/94682
    titleAmazon Linux AMI : kernel (ALAS-2016-762)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2016-762.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94682);
      script_version("2.2");
      script_cvs_date("Date: 2018/04/18 15:09:36");
    
      script_cve_id("CVE-2016-7039", "CVE-2016-8666");
      script_xref(name:"ALAS", value:"2016-762");
    
      script_name(english:"Amazon Linux AMI : kernel (ALAS-2016-762)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The IP stack in the Linux kernel before 4.6 allows remote attackers to
    cause a denial of service (stack consumption and panic) or possibly
    have unspecified other impact by triggering use of the GRO path for
    packets with tunnel stacking, as demonstrated by interleaved IPv4
    headers and GRE headers, a related issue to CVE-2016-7039 .
    (CVE-2016-8666)
    
    Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR
    Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent
    Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow
    issue. It could occur while receiving large packets via GRO path, as
    an unlimited recursion could unfold in both VLAN and TEB modules,
    leading to a stack corruption in the kernel. (CVE-2016-7039)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2016-762.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Run 'yum update kernel' to update your system. You will need to reboot
    your system in order for the new kernel to be running."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/11/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/11/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"kernel-4.4.30-32.54.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-debuginfo-4.4.30-32.54.amzn1")) flag++;
    if (rpm_check(release:"ALA", cpu:"i686", reference:"kernel-debuginfo-common-i686-4.4.30-32.54.amzn1")) flag++;
    if (rpm_check(release:"ALA", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-4.4.30-32.54.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-devel-4.4.30-32.54.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-doc-4.4.30-32.54.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-headers-4.4.30-32.54.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-tools-4.4.30-32.54.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-tools-debuginfo-4.4.30-32.54.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-tools-devel-4.4.30-32.54.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"perf-4.4.30-32.54.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"perf-debuginfo-4.4.30-32.54.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-2047.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path as an unlimited recursion could unfold in both VLAN and TEB modules leading to a stack corruption in the kernel. (CVE-2016-7039, Important)
    last seen2020-06-01
    modified2020-06-02
    plugin id93967
    published2016-10-12
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93967
    titleCentOS 7 : kernel (CESA-2016:2047)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2016:2047 and 
    # CentOS Errata and Security Advisory 2016:2047 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93967);
      script_version("2.11");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id("CVE-2016-7039", "CVE-2016-8666");
      script_xref(name:"RHSA", value:"2016:2047");
    
      script_name(english:"CentOS 7 : kernel (CESA-2016:2047)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kernel is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es) :
    
    * Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q)
    OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with
    Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a
    stack overflow issue. It could occur while receiving large packets via
    GRO path as an unlimited recursion could unfold in both VLAN and TEB
    modules leading to a stack corruption in the kernel. (CVE-2016-7039,
    Important)"
      );
      # https://lists.centos.org/pipermail/centos-announce/2016-October/022120.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c20bbb86"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-7039");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-3.10.0-327.36.2.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-abi-whitelists-3.10.0-327.36.2.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-debug-3.10.0-327.36.2.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-327.36.2.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-devel-3.10.0-327.36.2.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-doc-3.10.0-327.36.2.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-headers-3.10.0-327.36.2.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-3.10.0-327.36.2.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-327.36.2.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-327.36.2.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"perf-3.10.0-327.36.2.el7")) flag++;
    if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"python-perf-3.10.0-327.36.2.el7")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-3626.NASL
    descriptionDescription of changes: kernel-uek [4.1.12-61.1.14.el7uek] - net: add recursion limit to GRO (Sabrina Dubroca) [Orabug: 24829133] {CVE-2016-7039}
    last seen2020-06-01
    modified2020-06-02
    plugin id94064
    published2016-10-14
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94064
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3626)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Oracle Linux Security Advisory ELSA-2016-3626.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94064);
      script_version("2.7");
      script_cvs_date("Date: 2019/09/27 13:00:37");
    
      script_cve_id("CVE-2016-7039");
    
      script_name(english:"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3626)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Description of changes:
    
    kernel-uek
    [4.1.12-61.1.14.el7uek]
    - net: add recursion limit to GRO (Sabrina Dubroca)  [Orabug: 24829133] 
      {CVE-2016-7039}"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2016-October/006412.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2016-October/006413.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected unbreakable enterprise kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.14.el6uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.14.el7uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6 / 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2016-7039");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2016-3626");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "4.1";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_check(release:"EL6", cpu:"x86_64", reference:"dtrace-modules-4.1.12-61.1.14.el6uek-0.5.3-2.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-4.1.12") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-4.1.12-61.1.14.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-4.1.12") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-4.1.12-61.1.14.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-4.1.12") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-devel-4.1.12-61.1.14.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-4.1.12") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-devel-4.1.12-61.1.14.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-4.1.12") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-doc-4.1.12-61.1.14.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-4.1.12") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-firmware-4.1.12-61.1.14.el6uek")) flag++;
    
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"dtrace-modules-4.1.12-61.1.14.el7uek-0.5.3-2.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-4.1.12") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-4.1.12-61.1.14.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-4.1.12") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-4.1.12-61.1.14.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-devel-4.1.12") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-devel-4.1.12-61.1.14.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-devel-4.1.12") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-devel-4.1.12-61.1.14.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-doc-4.1.12") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-doc-4.1.12-61.1.14.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-firmware-4.1.12") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-firmware-4.1.12-61.1.14.el7uek")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1211.NASL
    descriptionThe openSUSE 13.1 kernel was updated to fix bugs and security issues. The following security bugs were fixed : - CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bnc#1001486). - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004418). The following non-security bugs were fixed : - sched/core: Fix a race between try_to_wake_up() and a woken up task (bsc#1002165, bsc#1001419). - sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (bnc#1001419). - tunnels: Do not apply GRO to multiple layers of encapsulation (bsc#1001486).
    last seen2020-06-05
    modified2016-10-25
    plugin id94239
    published2016-10-25
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94239
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2016-1211) (Dirty COW)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2016-1211.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(94239);
      script_version("1.13");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-5195", "CVE-2016-7039", "CVE-2016-8666");
      script_xref(name:"IAVA", value:"2016-A-0306");
    
      script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2016-1211) (Dirty COW)");
      script_summary(english:"Check for the openSUSE-2016-1211 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The openSUSE 13.1 kernel was updated to fix bugs and security issues.
    
    The following security bugs were fixed :
    
      - CVE-2016-8666: The IP stack in the Linux kernel allowed
        remote attackers to cause a denial of service (stack
        consumption and panic) or possibly have unspecified
        other impact by triggering use of the GRO path for
        packets with tunnel stacking, as demonstrated by
        interleaved IPv4 headers and GRE headers, a related
        issue to CVE-2016-7039 (bnc#1001486).
    
      - CVE-2016-5195: A local privilege escalation using
        MAP_PRIVATE was fixed, which is reportedly exploited in
        the wild (bsc#1004418).
    
    The following non-security bugs were fixed :
    
      - sched/core: Fix a race between try_to_wake_up() and a
        woken up task (bsc#1002165, bsc#1001419).
    
      - sched/core: Fix an SMP ordering race in try_to_wake_up()
        vs. schedule() (bnc#1001419).
    
      - tunnels: Do not apply GRO to multiple layers of
        encapsulation (bsc#1001486)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1001419"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1001486"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1002165"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1004418"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected the Linux Kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-eppic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-eppic-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-gcore");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-gcore-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-desktop-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libipset3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libipset3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvswitch");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvswitch-controller");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvswitch-controller-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvswitch-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvswitch-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvswitch-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvswitch-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvswitch-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvswitch-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvswitch-kmp-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvswitch-kmp-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvswitch-pki");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvswitch-switch");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvswitch-switch-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openvswitch-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-openvswitch");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-openvswitch-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-host-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-xend-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/21");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/25");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"cloop-2.639-11.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"cloop-debuginfo-2.639-11.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"cloop-debugsource-2.639-11.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-default-2.639_k3.12.62_55-11.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-default-debuginfo-2.639_k3.12.62_55-11.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-desktop-2.639_k3.12.62_55-11.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-desktop-debuginfo-2.639_k3.12.62_55-11.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-pae-2.639_k3.12.62_55-11.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-pae-debuginfo-2.639_k3.12.62_55-11.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-xen-2.639_k3.12.62_55-11.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"cloop-kmp-xen-debuginfo-2.639_k3.12.62_55-11.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-7.0.2-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-debuginfo-7.0.2-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-debugsource-7.0.2-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-devel-7.0.2-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-eppic-7.0.2-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-eppic-debuginfo-7.0.2-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-gcore-7.0.2-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-gcore-debuginfo-7.0.2-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-default-7.0.2_k3.12.62_55-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-default-debuginfo-7.0.2_k3.12.62_55-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-desktop-7.0.2_k3.12.62_55-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-desktop-debuginfo-7.0.2_k3.12.62_55-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-pae-7.0.2_k3.12.62_55-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-pae-debuginfo-7.0.2_k3.12.62_55-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-xen-7.0.2_k3.12.62_55-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"crash-kmp-xen-debuginfo-7.0.2_k3.12.62_55-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-debugsource-1.28-16.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-default-1.28_k3.12.62_55-16.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-default-debuginfo-1.28_k3.12.62_55-16.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-desktop-1.28_k3.12.62_55-16.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-desktop-debuginfo-1.28_k3.12.62_55-16.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-pae-1.28_k3.12.62_55-16.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-pae-debuginfo-1.28_k3.12.62_55-16.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-xen-1.28_k3.12.62_55-16.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"hdjmod-kmp-xen-debuginfo-1.28_k3.12.62_55-16.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-6.21.1-2.38.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-debuginfo-6.21.1-2.38.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-debugsource-6.21.1-2.38.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-devel-6.21.1-2.38.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-default-6.21.1_k3.12.62_55-2.38.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-default-debuginfo-6.21.1_k3.12.62_55-2.38.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-desktop-6.21.1_k3.12.62_55-2.38.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-desktop-debuginfo-6.21.1_k3.12.62_55-2.38.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-pae-6.21.1_k3.12.62_55-2.38.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-pae-debuginfo-6.21.1_k3.12.62_55-2.38.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-xen-6.21.1_k3.12.62_55-2.38.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ipset-kmp-xen-debuginfo-6.21.1_k3.12.62_55-2.38.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-1.4.20.3-13.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-debuginfo-1.4.20.3-13.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-debugsource-1.4.20.3-13.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-default-1.4.20.3_k3.12.62_55-13.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-default-debuginfo-1.4.20.3_k3.12.62_55-13.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-desktop-1.4.20.3_k3.12.62_55-13.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-desktop-debuginfo-1.4.20.3_k3.12.62_55-13.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-pae-1.4.20.3_k3.12.62_55-13.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-pae-debuginfo-1.4.20.3_k3.12.62_55-13.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-xen-1.4.20.3_k3.12.62_55-13.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"iscsitarget-kmp-xen-debuginfo-1.4.20.3_k3.12.62_55-13.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-base-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-base-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-debugsource-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"kernel-default-devel-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"kernel-devel-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"kernel-macros-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"kernel-source-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"kernel-source-vanilla-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"kernel-syms-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libipset3-6.21.1-2.38.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"libipset3-debuginfo-6.21.1-2.38.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-1.58-35.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-debuginfo-1.58-35.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-debugsource-1.58-35.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-kmp-default-1.58_k3.12.62_55-35.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-kmp-default-debuginfo-1.58_k3.12.62_55-35.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-kmp-desktop-1.58_k3.12.62_55-35.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-kmp-desktop-debuginfo-1.58_k3.12.62_55-35.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-kmp-pae-1.58_k3.12.62_55-35.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"ndiswrapper-kmp-pae-debuginfo-1.58_k3.12.62_55-35.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"openvswitch-1.11.0-0.41.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"openvswitch-controller-1.11.0-0.41.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"openvswitch-controller-debuginfo-1.11.0-0.41.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"openvswitch-debuginfo-1.11.0-0.41.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"openvswitch-debugsource-1.11.0-0.41.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"openvswitch-kmp-default-1.11.0_k3.12.62_55-0.41.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"openvswitch-kmp-default-debuginfo-1.11.0_k3.12.62_55-0.41.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"openvswitch-kmp-desktop-1.11.0_k3.12.62_55-0.41.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"openvswitch-kmp-desktop-debuginfo-1.11.0_k3.12.62_55-0.41.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"openvswitch-kmp-pae-1.11.0_k3.12.62_55-0.41.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"openvswitch-kmp-pae-debuginfo-1.11.0_k3.12.62_55-0.41.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"openvswitch-kmp-xen-1.11.0_k3.12.62_55-0.41.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"openvswitch-kmp-xen-debuginfo-1.11.0_k3.12.62_55-0.41.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"openvswitch-pki-1.11.0-0.41.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"openvswitch-switch-1.11.0-0.41.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"openvswitch-switch-debuginfo-1.11.0-0.41.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"openvswitch-test-1.11.0-0.41.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-0.44-258.35.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-debuginfo-0.44-258.35.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-debugsource-0.44-258.35.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-kmp-default-0.44_k3.12.62_55-258.35.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-kmp-default-debuginfo-0.44_k3.12.62_55-258.35.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-kmp-desktop-0.44_k3.12.62_55-258.35.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-kmp-desktop-debuginfo-0.44_k3.12.62_55-258.35.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-kmp-pae-0.44_k3.12.62_55-258.35.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"pcfclock-kmp-pae-debuginfo-0.44_k3.12.62_55-258.35.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"python-openvswitch-1.11.0-0.41.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"python-openvswitch-test-1.11.0-0.41.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"python-virtualbox-4.2.36-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"python-virtualbox-debuginfo-4.2.36-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-debugsource-20130607-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-default-20130607_k3.12.62_55-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-default-debuginfo-20130607_k3.12.62_55-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-desktop-20130607_k3.12.62_55-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-desktop-debuginfo-20130607_k3.12.62_55-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-pae-20130607_k3.12.62_55-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-pae-debuginfo-20130607_k3.12.62_55-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-xen-20130607_k3.12.62_55-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"vhba-kmp-xen-debuginfo-20130607_k3.12.62_55-2.34.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-4.2.36-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-debuginfo-4.2.36-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-debugsource-4.2.36-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-devel-4.2.36-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-default-4.2.36_k3.12.62_55-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-default-debuginfo-4.2.36_k3.12.62_55-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-desktop-4.2.36_k3.12.62_55-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-desktop-debuginfo-4.2.36_k3.12.62_55-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-pae-4.2.36_k3.12.62_55-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-kmp-pae-debuginfo-4.2.36_k3.12.62_55-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-tools-4.2.36-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-tools-debuginfo-4.2.36-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-x11-4.2.36-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-guest-x11-debuginfo-4.2.36-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-default-4.2.36_k3.12.62_55-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-default-debuginfo-4.2.36_k3.12.62_55-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-desktop-4.2.36_k3.12.62_55-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-desktop-debuginfo-4.2.36_k3.12.62_55-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-pae-4.2.36_k3.12.62_55-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-kmp-pae-debuginfo-4.2.36_k3.12.62_55-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-host-source-4.2.36-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-qt-4.2.36-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-qt-debuginfo-4.2.36-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-websrv-4.2.36-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"virtualbox-websrv-debuginfo-4.2.36-2.66.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-debugsource-4.3.4_10-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-devel-4.3.4_10-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-default-4.3.4_10_k3.12.62_55-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-default-debuginfo-4.3.4_10_k3.12.62_55-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-desktop-4.3.4_10_k3.12.62_55-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-desktop-debuginfo-4.3.4_10_k3.12.62_55-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-pae-4.3.4_10_k3.12.62_55-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-kmp-pae-debuginfo-4.3.4_10_k3.12.62_55-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-libs-4.3.4_10-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-libs-debuginfo-4.3.4_10-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-tools-domU-4.3.4_10-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xen-tools-domU-debuginfo-4.3.4_10-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-2.3-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-debuginfo-2.3-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-debugsource-2.3-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-default-2.3_k3.12.62_55-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-default-debuginfo-2.3_k3.12.62_55-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-desktop-2.3_k3.12.62_55-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-desktop-debuginfo-2.3_k3.12.62_55-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-pae-2.3_k3.12.62_55-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-pae-debuginfo-2.3_k3.12.62_55-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-xen-2.3_k3.12.62_55-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"xtables-addons-kmp-xen-debuginfo-2.3_k3.12.62_55-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-base-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-base-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-debugsource-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-devel-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-debug-devel-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-base-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-base-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-debugsource-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-desktop-devel-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-base-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-base-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-debugsource-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-ec2-devel-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-base-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-base-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-debugsource-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-pae-devel-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-base-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-base-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-debugsource-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-trace-devel-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-vanilla-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-vanilla-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-vanilla-debugsource-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-vanilla-devel-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-base-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-base-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-debugsource-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"i686", reference:"kernel-xen-devel-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-base-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-base-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-debugsource-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-devel-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-debug-devel-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-base-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-base-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-debugsource-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-desktop-devel-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-base-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-base-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-debugsource-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-ec2-devel-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-base-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-base-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-debugsource-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-pae-devel-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-base-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-base-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-debugsource-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-trace-devel-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-vanilla-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-vanilla-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-vanilla-debugsource-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-vanilla-devel-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-base-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-debugsource-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"kernel-xen-devel-3.12.62-55.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-4.3.4_10-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-doc-html-4.3.4_10-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-libs-32bit-4.3.4_10-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-libs-debuginfo-32bit-4.3.4_10-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-tools-4.3.4_10-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-tools-debuginfo-4.3.4_10-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-xend-tools-4.3.4_10-67.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", cpu:"x86_64", reference:"xen-xend-tools-debuginfo-4.3.4_10-67.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cloop / cloop-debuginfo / cloop-debugsource / cloop-kmp-default / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3099-3.NASL
    descriptionVladimir Benes discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload (GRO) processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption, leading to a denial of service (system crash). (CVE-2016-7039) Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-6828) Pengfei Wang discovered a race condition in the Adaptec AAC RAID controller driver in the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6480). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93958
    published2016-10-11
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93958
    titleUbuntu 16.04 LTS : linux-raspi2 vulnerabilities (USN-3099-3)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3099-3. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93958);
      script_version("2.14");
      script_cvs_date("Date: 2019/09/18 12:31:46");
    
      script_cve_id("CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7039");
      script_xref(name:"USN", value:"3099-3");
    
      script_name(english:"Ubuntu 16.04 LTS : linux-raspi2 vulnerabilities (USN-3099-3)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Vladimir Benes discovered an unbounded recursion in the VLAN and TEB
    Generic Receive Offload (GRO) processing implementations in the Linux
    kernel, A remote attacker could use this to cause a stack corruption,
    leading to a denial of service (system crash). (CVE-2016-7039)
    
    Marco Grassi discovered a use-after-free condition could occur in the
    TCP retransmit queue handling code in the Linux kernel. A local
    attacker could use this to cause a denial of service (system crash) or
    possibly execute arbitrary code. (CVE-2016-6828)
    
    Pengfei Wang discovered a race condition in the Adaptec AAC RAID
    controller driver in the Linux kernel when handling ioctl()s. A local
    attacker could use this to cause a denial of service (system crash).
    (CVE-2016-6480).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3099-3/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected linux-image-4.4-raspi2 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/10/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/11");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7039");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3099-3");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1027-raspi2", pkgver:"4.4.0-1027.33")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.4-raspi2");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-1426.NASL
    descriptionThe openSUSE Leap 42.2 kernel was updated to 4.4.36 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939). - CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507). - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517). - CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478). - CVE-2016-7917: The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel did not check whether a batch message
    last seen2020-06-05
    modified2016-12-12
    plugin id95701
    published2016-12-12
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95701
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2016-1426)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-2110.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * A race condition was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id94316
    published2016-10-27
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94316
    titleRHEL 7 : kernel-rt (RHSA-2016:2110) (Dirty COW)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1001.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.(CVE-2016-9588) - The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.(CVE-2016-8666) - The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.(CVE-2016-9576) - Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.(CVE-2016-9806) - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.(CVE-2016-10088) - A flaw was found in the Linux kernel
    last seen2020-05-06
    modified2017-05-01
    plugin id99848
    published2017-05-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/99848
    titleEulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1001)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3099-1.NASL
    descriptionVladimir Benes discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload (GRO) processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption, leading to a denial of service (system crash). (CVE-2016-7039) Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-6828) Pengfei Wang discovered a race condition in the s390 SCLP console driver for the Linux kernel when handling ioctl()s. A local attacker could use this to obtain sensitive information from kernel memory. (CVE-2016-6130) Pengfei Wang discovered a race condition in the Adaptec AAC RAID controller driver in the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6480). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93956
    published2016-10-11
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93956
    titleUbuntu 16.04 LTS : linux vulnerabilities (USN-3099-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2016-2912-1.NASL
    descriptionThe SUSE Linux Enterprise 12 kernel was updated to 3.12.67 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel used an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bsc#1004517). - CVE-2016-7097: The filesystem implementation in the Linux kernel preserved the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bsc#995968). - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack (bnc#989152). - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by changing a certain length value, aka a
    last seen2020-06-01
    modified2020-06-02
    plugin id95368
    published2016-11-28
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/95368
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:2912-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20161010_KERNEL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path as an unlimited recursion could unfold in both VLAN and TEB modules leading to a stack corruption in the kernel. (CVE-2016-7039, Important)
    last seen2020-03-18
    modified2016-10-12
    plugin id94003
    published2016-10-12
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94003
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20161010)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2016-0140.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - net: add recursion limit to GRO (Sabrina Dubroca) [Orabug: 24829133] (CVE-2016-7039)
    last seen2020-06-01
    modified2020-06-02
    plugin id94065
    published2016-10-14
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/94065
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0140)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3098-1.NASL
    descriptionVladimir Benes discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload (GRO) processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption, leading to a denial of service (system crash). (CVE-2016-7039) Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-6828) Pengfei Wang discovered a race condition in the audit subsystem in the Linux kernel. A local attacker could use this to corrupt audit logs or disrupt system-call auditing. (CVE-2016-6136) Pengfei Wang discovered a race condition in the Adaptec AAC RAID controller driver in the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6480). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id93954
    published2016-10-11
    reporterUbuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93954
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-3098-1)

Redhat

advisories
  • rhsa
    idRHSA-2016:2047
  • rhsa
    idRHSA-2016:2107
  • rhsa
    idRHSA-2016:2110
  • rhsa
    idRHSA-2017:0372
rpms
  • kernel-0:3.10.0-327.36.2.el7
  • kernel-abi-whitelists-0:3.10.0-327.36.2.el7
  • kernel-bootwrapper-0:3.10.0-327.36.2.el7
  • kernel-debug-0:3.10.0-327.36.2.el7
  • kernel-debug-debuginfo-0:3.10.0-327.36.2.el7
  • kernel-debug-devel-0:3.10.0-327.36.2.el7
  • kernel-debuginfo-0:3.10.0-327.36.2.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-327.36.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-327.36.2.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-327.36.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-327.36.2.el7
  • kernel-devel-0:3.10.0-327.36.2.el7
  • kernel-doc-0:3.10.0-327.36.2.el7
  • kernel-headers-0:3.10.0-327.36.2.el7
  • kernel-kdump-0:3.10.0-327.36.2.el7
  • kernel-kdump-debuginfo-0:3.10.0-327.36.2.el7
  • kernel-kdump-devel-0:3.10.0-327.36.2.el7
  • kernel-tools-0:3.10.0-327.36.2.el7
  • kernel-tools-debuginfo-0:3.10.0-327.36.2.el7
  • kernel-tools-libs-0:3.10.0-327.36.2.el7
  • kernel-tools-libs-devel-0:3.10.0-327.36.2.el7
  • perf-0:3.10.0-327.36.2.el7
  • perf-debuginfo-0:3.10.0-327.36.2.el7
  • python-perf-0:3.10.0-327.36.2.el7
  • python-perf-debuginfo-0:3.10.0-327.36.2.el7
  • kernel-rt-1:3.10.0-327.rt56.198.el6rt
  • kernel-rt-debug-1:3.10.0-327.rt56.198.el6rt
  • kernel-rt-debug-debuginfo-1:3.10.0-327.rt56.198.el6rt
  • kernel-rt-debug-devel-1:3.10.0-327.rt56.198.el6rt
  • kernel-rt-debuginfo-1:3.10.0-327.rt56.198.el6rt
  • kernel-rt-debuginfo-common-x86_64-1:3.10.0-327.rt56.198.el6rt
  • kernel-rt-devel-1:3.10.0-327.rt56.198.el6rt
  • kernel-rt-doc-1:3.10.0-327.rt56.198.el6rt
  • kernel-rt-firmware-1:3.10.0-327.rt56.198.el6rt
  • kernel-rt-trace-1:3.10.0-327.rt56.198.el6rt
  • kernel-rt-trace-debuginfo-1:3.10.0-327.rt56.198.el6rt
  • kernel-rt-trace-devel-1:3.10.0-327.rt56.198.el6rt
  • kernel-rt-vanilla-1:3.10.0-327.rt56.198.el6rt
  • kernel-rt-vanilla-debuginfo-1:3.10.0-327.rt56.198.el6rt
  • kernel-rt-vanilla-devel-1:3.10.0-327.rt56.198.el6rt
  • kernel-rt-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-debug-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-debug-devel-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-debug-kvm-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-debuginfo-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-devel-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-doc-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-kvm-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-trace-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-trace-devel-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-trace-kvm-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-327.36.3.rt56.238.el7
  • kernel-0:4.5.0-15.2.1.el7
  • kernel-debug-0:4.5.0-15.2.1.el7
  • kernel-debug-debuginfo-0:4.5.0-15.2.1.el7
  • kernel-debug-devel-0:4.5.0-15.2.1.el7
  • kernel-debuginfo-0:4.5.0-15.2.1.el7
  • kernel-debuginfo-common-aarch64-0:4.5.0-15.2.1.el7
  • kernel-devel-0:4.5.0-15.2.1.el7
  • kernel-headers-0:4.5.0-15.2.1.el7
  • kernel-tools-0:4.5.0-15.2.1.el7
  • kernel-tools-debuginfo-0:4.5.0-15.2.1.el7
  • kernel-tools-libs-0:4.5.0-15.2.1.el7
  • kernel-tools-libs-devel-0:4.5.0-15.2.1.el7
  • perf-0:4.5.0-15.2.1.el7
  • perf-debuginfo-0:4.5.0-15.2.1.el7
  • python-perf-0:4.5.0-15.2.1.el7
  • python-perf-debuginfo-0:4.5.0-15.2.1.el7