Vulnerabilities > CVE-2017-11473 - Classic Buffer Overflow vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
linux
canonical
CWE-120
nessus

Summary

Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table.

Vulnerable Configurations

Part Description Count
OS
Linux
2466
OS
Canonical
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3657.NASL
    descriptionDescription of changes: [3.8.13-118.20.1.el7uek] - tty: Fix race in pty_write() leading to NULL deref (Todd Vierling) [Orabug: 25392692] - ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) [Orabug: 26479780] - KEYS: fix dereferencing NULL payload with nonzero length (Eric Biggers) [Orabug: 26592025] - oracleasm: Copy the integrity descriptor (Martin K. Petersen) [Orabug: 26649818] - mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug: 26675925] {CVE-2017-7889} - xscore: add dma address check (Zhu Yanjun) [Orabug: 27058468] - more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069042] {CVE-2017-12190} - fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069042] {CVE-2017-12190} - nvme: Drop nvmeq->q_lock before dma_pool_alloc(), so as to prevent hard lockups (Aruna Ramakrishna) [Orabug: 25409587] - nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600] - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403940] {CVE-2017-1000363} - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404005] {CVE-2017-9077} - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26427126] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26427126] - ping: implement proper locking (Eric Dumazet) [Orabug: 26540286] {CVE-2017-2671} - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598] {CVE-2016-10044} - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643598] {CVE-2016-10044} - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643598] {CVE-2016-10044} - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643645] {CVE-2017-11473} - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650883] {CVE-2017-9075} - [media] saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675142] {CVE-2017-8831} - [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675142] {CVE-2017-8831} - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797306] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899787] {CVE-2017-10661} - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn
    last seen2020-06-05
    modified2017-12-11
    plugin id105144
    published2017-12-11
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105144
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3657) (BlueBorne) (Stack Clash)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Oracle Linux Security Advisory ELSA-2017-3657.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105144);
      script_version("3.13");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-10044", "CVE-2016-10200", "CVE-2016-7097", "CVE-2016-9604", "CVE-2016-9685", "CVE-2017-1000111", "CVE-2017-1000251", "CVE-2017-1000363", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-10661", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-12134", "CVE-2017-12190", "CVE-2017-14489", "CVE-2017-2671", "CVE-2017-7542", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-8831", "CVE-2017-9075", "CVE-2017-9077", "CVE-2017-9242");
    
      script_name(english:"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3657) (BlueBorne) (Stack Clash)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Description of changes:
    
    [3.8.13-118.20.1.el7uek]
    - tty: Fix race in pty_write() leading to NULL deref (Todd Vierling) 
    [Orabug: 25392692]
    - ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) 
      [Orabug: 26479780]
    - KEYS: fix dereferencing NULL payload with nonzero length (Eric 
    Biggers)  [Orabug: 26592025]
    - oracleasm: Copy the integrity descriptor (Martin K. Petersen) 
    [Orabug: 26649818]
    - mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook)  [Orabug: 
    26675925]  {CVE-2017-7889}
    - xscore: add dma address check (Zhu Yanjun)  [Orabug: 27058468]
    - more bio_map_user_iov() leak fixes (Al Viro)  [Orabug: 27069042] 
    {CVE-2017-12190}
    - fix unbalanced page refcounting in bio_map_user_iov (Vitaly 
    Mayatskikh)  [Orabug: 27069042]  {CVE-2017-12190}
    - nvme: Drop nvmeq->q_lock before dma_pool_alloc(), so as to prevent 
    hard lockups (Aruna Ramakrishna)  [Orabug: 25409587]
    - nvme: Handle PM1725 HIL reset (Martin K. Petersen)  [Orabug: 26277600]
    - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) 
    [Orabug: 26403940]  {CVE-2017-1000363}
    - ALSA: timer: Fix missing queue indices reset at 
    SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai)  [Orabug: 26403956] 
    {CVE-2017-1000380}
    - ALSA: timer: Fix race between read and ioctl (Takashi Iwai)  [Orabug: 
    26403956]  {CVE-2017-1000380}
    - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race 
    (Vegard Nossum)  [Orabug: 26403956]  {CVE-2017-1000380}
    - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) 
    [Orabug: 26403956]  {CVE-2017-1000380}
    - ALSA: timer: Fix race at concurrent reads (Takashi Iwai)  [Orabug: 
    26403956]  {CVE-2017-1000380}
    - ALSA: timer: Fix race among timer ioctls (Takashi Iwai)  [Orabug: 
    26403956]  {CVE-2017-1000380}
    - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) 
    [Orabug: 26404005]  {CVE-2017-9077}
    - ocfs2: fix deadlock issue when taking inode lock at vfs entry points 
    (Eric Ren)  [Orabug: 26427126]
    - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock 
    (Eric Ren)  [Orabug: 26427126]
    - ping: implement proper locking (Eric Dumazet)  [Orabug: 26540286] 
    {CVE-2017-2671}
    - aio: mark AIO pseudo-fs noexec (Jann Horn)  [Orabug: 26643598] 
    {CVE-2016-10044}
    - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. 
    Biederman)  [Orabug: 26643598]  {CVE-2016-10044}
    - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun 
    Heo)  [Orabug: 26643598]  {CVE-2016-10044}
    - x86/acpi: Prevent out of bound access caused by broken ACPI tables 
    (Seunghun Han)  [Orabug: 26643645]  {CVE-2017-11473}
    - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) 
    [Orabug: 26650883]  {CVE-2017-9075}
    - [media] saa7164: fix double fetch PCIe access condition (Steven Toth) 
    [Orabug: 26675142]  {CVE-2017-8831}
    - [media] saa7164: fix sparse warnings (Hans Verkuil)  [Orabug: 
    26675142]  {CVE-2017-8831}
    - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE 
    (Abhi Das)  [Orabug: 26797306]
    - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) 
    [Orabug: 26899787]  {CVE-2017-10661}
    - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't 
    parse nlmsg properly (Xin Long)  [Orabug: 26988627]  {CVE-2017-14489}
    - mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang)  [Orabug: 
    26643556]  {CVE-2017-11176}
    - ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina 
    Dubroca)  [Orabug: 27011273]  {CVE-2017-7542}
    - packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) 
    [Orabug: 27002450]  {CVE-2017-1000111}
    - mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin 
    Guay)  [Orabug: 26883934]
    - xen/x86: Add interface for querying amount of host memory (Boris 
    Ostrovsky)  [Orabug: 26883934]
    - Bluetooth: Properly check L2CAP config option output buffer length 
    (Ben Seri)  [Orabug: 26796364]  {CVE-2017-1000251}
    - xen: fix bio vec merging (Roger Pau Monne)  [Orabug: 26645550] 
    {CVE-2017-12134}
    - fs/exec.c: account for argv/envp pointers (Kees Cook)  [Orabug: 
    26638921]  {CVE-2017-1000365} {CVE-2017-1000365}
    - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume 
    Nault)  [Orabug: 26586047]  {CVE-2016-10200}
    - xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz 
    Guzik)  [Orabug: 26586022]  {CVE-2016-9685}
    - KEYS: Disallow keyrings beginning with '.' to be joined as session 
    keyrings (David Howells)  [Orabug: 26585994]  {CVE-2016-9604}
    - ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) 
    [Orabug: 26578198]  {CVE-2017-9242}
    - posix_acl: Clear SGID bit when setting file permissions (Jan Kara) 
    [Orabug: 25507344]  {CVE-2016-7097} {CVE-2016-7097}
    - nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) 
    [Orabug: 26366022]  {CVE-2017-7645}"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2017-December/007407.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2017-December/007408.html"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected unbreakable enterprise kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.20.1.el6uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.20.1.el7uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/11");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6 / 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2016-10044", "CVE-2016-10200", "CVE-2016-7097", "CVE-2016-9604", "CVE-2016-9685", "CVE-2017-1000111", "CVE-2017-1000251", "CVE-2017-1000363", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-10661", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-12134", "CVE-2017-12190", "CVE-2017-14489", "CVE-2017-2671", "CVE-2017-7542", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-8831", "CVE-2017-9075", "CVE-2017-9077", "CVE-2017-9242");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2017-3657");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "3.8";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_check(release:"EL6", cpu:"x86_64", reference:"dtrace-modules-3.8.13-118.20.1.el6uek-0.4.5-3.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-3.8.13-118.20.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-3.8.13-118.20.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-devel-3.8.13-118.20.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-devel-3.8.13-118.20.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-doc-3.8.13-118.20.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-firmware-3.8.13-118.20.1.el6uek")) flag++;
    
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"dtrace-modules-3.8.13-118.20.1.el7uek-0.4.5-3.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-3.8.13-118.20.1.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-3.8.13-118.20.1.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-devel-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-devel-3.8.13-118.20.1.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-devel-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-devel-3.8.13-118.20.1.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-doc-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-doc-3.8.13-118.20.1.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-firmware-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-firmware-3.8.13-118.20.1.el7uek")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3658.NASL
    descriptionDescription of changes: [2.6.39-400.298.1.el6uek] - ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) [Orabug: 23320090] - tty: Fix race in pty_write() leading to NULL deref (Todd Vierling) [Orabug: 24337879] - xen-netfront: cast grant table reference first to type int (Dongli Zhang) [Orabug: 25102637] - xen-netfront: do not cast grant table reference to signed short (Dongli Zhang) [Orabug: 25102637] - RDS: Print failed rdma op details if failure is remote access error (Rama Nichanamatlu) [Orabug: 25440316] - ping: implement proper locking (Eric Dumazet) [Orabug: 26540288] {CVE-2017-2671} - KEYS: fix dereferencing NULL payload with nonzero length (Eric Biggers) [Orabug: 26592013] - oracleasm: Copy the integrity descriptor (Martin K. Petersen) [Orabug: 26650039] - mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug: 26675934] {CVE-2017-7889} - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797307] - xscore: add dma address check (Zhu Yanjun) [Orabug: 27058559] - more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069045] {CVE-2017-12190} - fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069045] {CVE-2017-12190} - xsigo: [backport] Fix race in freeing aged Forwarding tables (Pradeep Gopanapalli) [Orabug: 24823234] - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 25671723] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 25671723] - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308} - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308} - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403941] {CVE-2017-1000363} - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403974] {CVE-2017-9074} - ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403974] {CVE-2017-9074} - ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403974] {CVE-2017-9074} - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404007] {CVE-2017-9077} - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643601] {CVE-2016-10044} - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643601] {CVE-2016-10044} - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643601] {CVE-2016-10044} - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643652] {CVE-2017-11473} - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650889] {CVE-2017-9075} - saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675148] {CVE-2017-8831} - saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675148] {CVE-2017-8831} - saa7164: get rid of warning: no previous prototype (Mauro Carvalho Chehab) [Orabug: 26675148] {CVE-2017-8831} - [scsi] lpfc 8.3.44: Fix kernel panics from corrupted ndlp (James Smart) [Orabug: 26765341] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899791] {CVE-2017-10661} - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn
    last seen2020-06-05
    modified2017-12-11
    plugin id105145
    published2017-12-11
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105145
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3658) (BlueBorne) (Stack Clash)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Oracle Linux Security Advisory ELSA-2017-3658.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105145);
      script_version("3.18");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-9710", "CVE-2015-1465", "CVE-2015-2686", "CVE-2015-4167", "CVE-2016-10044", "CVE-2016-10200", "CVE-2016-9604", "CVE-2016-9685", "CVE-2017-1000111", "CVE-2017-1000251", "CVE-2017-1000253", "CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-10661", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-12134", "CVE-2017-12190", "CVE-2017-14489", "CVE-2017-2671", "CVE-2017-7273", "CVE-2017-7308", "CVE-2017-7542", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-8831", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9077", "CVE-2017-9242");
    
      script_name(english:"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3658) (BlueBorne) (Stack Clash)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Description of changes:
    
    [2.6.39-400.298.1.el6uek]
    - ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) 
      [Orabug: 23320090]
    - tty: Fix race in pty_write() leading to NULL deref (Todd Vierling) 
    [Orabug: 24337879]
    - xen-netfront: cast grant table reference first to type int (Dongli 
    Zhang)  [Orabug: 25102637]
    - xen-netfront: do not cast grant table reference to signed short 
    (Dongli Zhang)  [Orabug: 25102637]
    - RDS: Print failed rdma op details if failure is remote access error 
    (Rama Nichanamatlu)  [Orabug: 25440316]
    - ping: implement proper locking (Eric Dumazet)  [Orabug: 26540288] 
    {CVE-2017-2671}
    - KEYS: fix dereferencing NULL payload with nonzero length (Eric 
    Biggers)  [Orabug: 26592013]
    - oracleasm: Copy the integrity descriptor (Martin K. Petersen) 
    [Orabug: 26650039]
    - mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook)  [Orabug: 
    26675934]  {CVE-2017-7889}
    - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE 
    (Abhi Das)  [Orabug: 26797307]
    - xscore: add dma address check (Zhu Yanjun)  [Orabug: 27058559]
    - more bio_map_user_iov() leak fixes (Al Viro)  [Orabug: 27069045] 
    {CVE-2017-12190}
    - fix unbalanced page refcounting in bio_map_user_iov (Vitaly 
    Mayatskikh)  [Orabug: 27069045]  {CVE-2017-12190}
    - xsigo: [backport] Fix race in freeing aged Forwarding tables (Pradeep 
    Gopanapalli)  [Orabug: 24823234]
    - ocfs2: fix deadlock issue when taking inode lock at vfs entry points 
    (Eric Ren)  [Orabug: 25671723]
    - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock 
    (Eric Ren)  [Orabug: 25671723]
    - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) 
    [Orabug: 26143563]  {CVE-2017-7308}
    - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) 
    [Orabug: 26143563]  {CVE-2017-7308}
    - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) 
    [Orabug: 26403941]  {CVE-2017-1000363}
    - ALSA: timer: Fix missing queue indices reset at 
    SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai)  [Orabug: 26403958] 
    {CVE-2017-1000380}
    - ALSA: timer: Fix race between read and ioctl (Takashi Iwai)  [Orabug: 
    26403958]  {CVE-2017-1000380}
    - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race 
    (Vegard Nossum)  [Orabug: 26403958]  {CVE-2017-1000380}
    - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) 
    [Orabug: 26403958]  {CVE-2017-1000380}
    - ALSA: timer: Fix race at concurrent reads (Takashi Iwai)  [Orabug: 
    26403958]  {CVE-2017-1000380}
    - ALSA: timer: Fix race among timer ioctls (Takashi Iwai)  [Orabug: 
    26403958]  {CVE-2017-1000380}
    - ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben 
    Hutchings)  [Orabug: 26403974]  {CVE-2017-9074}
    - ipv6: Check ip6_find_1stfragopt() return value properly. (David S. 
    Miller)  [Orabug: 26403974]  {CVE-2017-9074}
    - ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) 
    [Orabug: 26403974]  {CVE-2017-9074}
    - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) 
    [Orabug: 26404007]  {CVE-2017-9077}
    - aio: mark AIO pseudo-fs noexec (Jann Horn)  [Orabug: 26643601] 
    {CVE-2016-10044}
    - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. 
    Biederman)  [Orabug: 26643601]  {CVE-2016-10044}
    - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun 
    Heo)  [Orabug: 26643601]  {CVE-2016-10044}
    - x86/acpi: Prevent out of bound access caused by broken ACPI tables 
    (Seunghun Han)  [Orabug: 26643652]  {CVE-2017-11473}
    - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) 
    [Orabug: 26650889]  {CVE-2017-9075}
    - saa7164: fix double fetch PCIe access condition (Steven Toth) 
    [Orabug: 26675148]  {CVE-2017-8831}
    - saa7164: fix sparse warnings (Hans Verkuil)  [Orabug: 26675148] 
    {CVE-2017-8831}
    - saa7164: get rid of warning: no previous prototype (Mauro Carvalho 
    Chehab)  [Orabug: 26675148]  {CVE-2017-8831}
    - [scsi] lpfc 8.3.44: Fix kernel panics from corrupted ndlp (James 
    Smart)  [Orabug: 26765341]
    - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) 
    [Orabug: 26899791]  {CVE-2017-10661}
    - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't 
    parse nlmsg properly (Xin Long)  [Orabug: 26988628]  {CVE-2017-14489}
    - mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang)  [Orabug: 
    26643562]  {CVE-2017-11176}
    - ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina 
    Dubroca)  [Orabug: 27011278]  {CVE-2017-7542}
    - packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) 
    [Orabug: 27002453]  {CVE-2017-1000111}
    - mlx4_core: calculate log_mtt based on total system memory (Wei Lin 
    Guay)  [Orabug: 26867355]
    - xen/x86: Add interface for querying amount of host memory (Boris 
    Ostrovsky)  [Orabug: 26867355]
    - fs/binfmt_elf.c: fix bug in loading of PIE binaries (Michael Davidson) 
      [Orabug: 26870958]  {CVE-2017-1000253}
    - Bluetooth: Properly check L2CAP config option output buffer length 
    (Ben Seri)  [Orabug: 26796428]  {CVE-2017-1000251}
    - xen: fix bio vec merging (Roger Pau Monne)  [Orabug: 26645562] 
    {CVE-2017-12134}
    - fs/exec.c: account for argv/envp pointers (Kees Cook)  [Orabug: 
    26638926]  {CVE-2017-1000365} {CVE-2017-1000365}
    - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume 
    Nault)  [Orabug: 26586050]  {CVE-2016-10200}
    - xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz 
    Guzik)  [Orabug: 26586024]  {CVE-2016-9685}
    - KEYS: Disallow keyrings beginning with '.' to be joined as session 
    keyrings (David Howells)  [Orabug: 26586002]  {CVE-2016-9604}
    - ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) 
    [Orabug: 26578202]  {CVE-2017-9242}
    - selinux: quiet the filesystem labeling behavior message (Paul Moore) 
    [Orabug: 25721485]
    - RDS/IB: active bonding port state fix for intfs added late (Mukesh 
    Kacker)  [Orabug: 25875426]
    - HID: hid-cypress: validate length of report (Greg Kroah-Hartman) 
    [Orabug: 25891914]  {CVE-2017-7273}
    - udf: Remove repeated loads blocksize (Jan Kara)  [Orabug: 25905722] 
    {CVE-2015-4167}
    - udf: Check length of extended attributes and allocation descriptors 
    (Jan Kara)  [Orabug: 25905722]  {CVE-2015-4167}
    - udf: Verify i_size when loading inode (Jan Kara)  [Orabug: 25905722] 
    {CVE-2015-4167}
    - btrfs: drop unused parameter from btrfs_item_nr (Ross Kirk)  [Orabug: 
    25948102]  {CVE-2014-9710}
    - Btrfs: cleanup of function where fixup_low_keys() is called (Tsutomu 
    Itoh)  [Orabug: 25948102]  {CVE-2014-9710}
    - Btrfs: remove unused argument of fixup_low_keys() (Tsutomu Itoh) 
    [Orabug: 25948102]  {CVE-2014-9710}
    - Btrfs: remove unused argument of btrfs_extend_item() (Tsutomu Itoh) 
    [Orabug: 25948102]  {CVE-2014-9710}
    - Btrfs: add support for asserts (Josef Bacik)  [Orabug: 25948102] 
    {CVE-2014-9710}
    - Btrfs: make xattr replace operations atomic (Filipe Manana)  [Orabug: 
    25948102]  {CVE-2014-9710}
    - net: validate the range we feed to iov_iter_init() in 
    sys_sendto/sys_recvfrom (Al Viro)  [Orabug: 25948149]  {CVE-2015-2686}
    - xsigo: Compute node crash on FC failover (Joe Jin)  [Orabug: 25965445]
    - PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao)  [Orabug: 
    25975513]
    - PCI: Prevent VPD access for buggy devices (Babu Moger)  [Orabug: 
    25975513]
    - ipv4: try to cache dst_entries which would cause a redirect (Hannes 
    Frederic Sowa)  [Orabug: 26032377]  {CVE-2015-1465}
    - mm: larger stack guard gap, between vmas (Hugh Dickins)  [Orabug: 
    26326145]  {CVE-2017-1000364}
    - nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) 
    [Orabug: 26366024]  {CVE-2017-7645}
    - dm mpath: allow ioctls to trigger pg init (Mikulas Patocka)  [Orabug: 
    25645229]
    - xen/manage: Always freeze/thaw processes when suspend/resuming (Ross 
    Lagerwall)  [Orabug: 25795530]
    - lpfc cannot establish connection with targets that send PRLI under P2P 
    mode (Joe Jin)  [Orabug: 25955028]"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2017-December/007409.html"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected unbreakable enterprise kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'AF_PACKET packet_set_ring Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/11");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2014-9710", "CVE-2015-1465", "CVE-2015-2686", "CVE-2015-4167", "CVE-2016-10044", "CVE-2016-10200", "CVE-2016-9604", "CVE-2016-9685", "CVE-2017-1000111", "CVE-2017-1000251", "CVE-2017-1000253", "CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-10661", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-12134", "CVE-2017-12190", "CVE-2017-14489", "CVE-2017-2671", "CVE-2017-7273", "CVE-2017-7308", "CVE-2017-7542", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-8831", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9077", "CVE-2017-9242");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2017-3658");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "2.6";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-2.6.39-400.298.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-debug-2.6.39-400.298.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-debug-devel-2.6.39-400.298.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-devel-2.6.39-400.298.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-doc-2.6.39-400.298.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-firmware-2.6.39-400.298.1.el6uek")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-39B5FACDA0.NASL
    descriptionThe 4.11.12 update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-07-27
    plugin id101992
    published2017-07-27
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101992
    titleFedora 25 : kernel (2017-39b5facda0)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-39b5facda0.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101992);
      script_version("3.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-11473", "CVE-2017-7541", "CVE-2017-7542");
      script_xref(name:"FEDORA", value:"2017-39b5facda0");
    
      script_name(english:"Fedora 25 : kernel (2017-39b5facda0)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The 4.11.12 update contains a number of important fixes across the
    tree.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-39b5facda0"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:25");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/07/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^25([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 25", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2017-11473", "CVE-2017-7541", "CVE-2017-7542");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for FEDORA-2017-39b5facda0");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    if (rpm_check(release:"FC25", reference:"kernel-4.11.12-200.fc25")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0174.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0174 for details.
    last seen2020-06-05
    modified2017-12-14
    plugin id105248
    published2017-12-14
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105248
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0174) (BlueBorne) (Dirty COW) (Stack Clash)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2017-0174.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105248);
      script_version("3.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-10044", "CVE-2016-10200", "CVE-2016-10318", "CVE-2016-1575", "CVE-2016-1576", "CVE-2016-6213", "CVE-2016-9191", "CVE-2016-9604", "CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-1000405", "CVE-2017-10661", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-12134", "CVE-2017-12154", "CVE-2017-12190", "CVE-2017-12192", "CVE-2017-14106", "CVE-2017-14489", "CVE-2017-15649", "CVE-2017-16527", "CVE-2017-16650", "CVE-2017-2618", "CVE-2017-2671", "CVE-2017-7477", "CVE-2017-7482", "CVE-2017-7533", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-7618", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-8797", "CVE-2017-8831", "CVE-2017-8890", "CVE-2017-9059", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9077", "CVE-2017-9242");
    
      script_name(english:"OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0174) (BlueBorne) (Dirty COW) (Stack Clash)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates : please see Oracle VM Security Advisory
    OVMSA-2017-0174 for details."
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2017-December/000805.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0059c7d1"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected kernel-uek / kernel-uek-firmware packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/14");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.4" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.4", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.4", reference:"kernel-uek-4.1.12-112.14.1.el6uek")) flag++;
    if (rpm_check(release:"OVS3.4", reference:"kernel-uek-firmware-4.1.12-112.14.1.el6uek")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-uek / kernel-uek-firmware");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2525-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP3 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed : - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212) - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415) - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c (bsc#1030593). - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003) - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914) - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1024938) - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235) - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024) - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722) - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178) - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066) - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the
    last seen2020-06-01
    modified2020-06-02
    plugin id103354
    published2017-09-20
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103354
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2017:2525-1) (Stack Clash)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:2525-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(103354);
      script_version("3.8");
      script_cvs_date("Date: 2019/09/11 11:22:16");
    
      script_cve_id("CVE-2016-10200", "CVE-2016-5243", "CVE-2017-1000112", "CVE-2017-1000363", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-10661", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-12762", "CVE-2017-14051", "CVE-2017-2647", "CVE-2017-2671", "CVE-2017-5669", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6348", "CVE-2017-6353", "CVE-2017-6951", "CVE-2017-7184", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7308", "CVE-2017-7482", "CVE-2017-7487", "CVE-2017-7533", "CVE-2017-7542", "CVE-2017-7616", "CVE-2017-8831", "CVE-2017-8890", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242");
    
      script_name(english:"SUSE SLES11 Security Update : kernel (SUSE-SU-2017:2525-1) (Stack Clash)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated receive
    various security and bugfixes. The following security bugs were 
    fixed :
    
      - CVE-2016-5243: The tipc_nl_compat_link_dump function in
        net/tipc/netlink_compat.c in the Linux kernel did not
        properly copy a certain string, which allowed local
        users to obtain sensitive information from kernel stack
        memory by reading a Netlink message (bnc#983212)
    
      - CVE-2016-10200: Race condition in the L2TPv3 IP
        Encapsulation feature in the Linux kernel allowed local
        users to gain privileges or cause a denial of service
        (use-after-free) by making multiple bind system calls
        without properly ascertaining whether a socket has the
        SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and
        net/l2tp/l2tp_ip6.c (bnc#1028415)
    
      - CVE-2017-2647: The KEYS subsystem in the Linux kernel
        allowed local users to gain privileges or cause a denial
        of service (NULL pointer dereference and system crash)
        via vectors involving a NULL value for a certain match
        field, related to the keyring_search_iterator function
        in keyring.c (bsc#1030593).
    
      - CVE-2017-2671: The ping_unhash function in
        net/ipv4/ping.c in the Linux kernel was too late in
        obtaining a certain lock and consequently could not
        ensure that disconnect function calls are safe, which
        allowed local users to cause a denial of service (panic)
        by leveraging access to the protocol value of
        IPPROTO_ICMP in a socket system call (bnc#1031003)
    
      - CVE-2017-5669: The do_shmat function in ipc/shm.c in the
        Linux kernel did not restrict the address calculated by
        a certain rounding operation, which allowed local users
        to map page zero, and consequently bypass a protection
        mechanism that exists for the mmap system call, by
        making crafted shmget and shmat system calls in a
        privileged context (bnc#1026914)
    
      - CVE-2017-5970: The ipv4_pktinfo_prepare function in
        net/ipv4/ip_sockglue.c in the Linux kernel allowed
        attackers to cause a denial of service (system crash)
        via (1) an application that made crafted system calls or
        possibly (2) IPv4 traffic with invalid IP options
        (bsc#1024938)
    
      - CVE-2017-5986: Race condition in the
        sctp_wait_for_sndbuf function in net/sctp/socket.c in
        the Linux kernel allowed local users to cause a denial
        of service (assertion failure and panic) via a
        multithreaded application that peels off an association
        in a certain buffer-full state (bsc#1025235)
    
      - CVE-2017-6074: The dccp_rcv_state_process function in
        net/dccp/input.c in the Linux kernel mishandled
        DCCP_PKT_REQUEST packet data structures in the LISTEN
        state, which allowed local users to obtain root
        privileges or cause a denial of service (double free)
        via an application that made an IPV6_RECVPKTINFO
        setsockopt system call (bnc#1026024)
    
      - CVE-2017-6214: The tcp_splice_read function in
        net/ipv4/tcp.c in the Linux kernel allowed remote
        attackers to cause a denial of service (infinite loop
        and soft lockup) via vectors involving a TCP packet with
        the URG flag (bnc#1026722)
    
      - CVE-2017-6348: The hashbin_delete function in
        net/irda/irqueue.c in the Linux kernel improperly
        managed lock dropping, which allowed local users to
        cause a denial of service (deadlock) via crafted
        operations on IrDA devices (bnc#1027178)
    
      - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did
        not properly restrict association peel-off operations
        during certain wait states, which allowed local users to
        cause a denial of service (invalid unlock and double
        free) via a multithreaded application. NOTE: this
        vulnerability exists because of an incorrect fix for
        CVE-2017-5986 (bnc#1027066)
    
      - CVE-2017-6951: The keyring_search_aux function in
        security/keys/keyring.c in the Linux kernel allowed
        local users to cause a denial of service (NULL pointer
        dereference and OOPS) via a request_key system call for
        the 'dead' type (bsc#1029850).
    
      - CVE-2017-7184: The xfrm_replay_verify_len function in
        net/xfrm/xfrm_user.c in the Linux kernel did not
        validate certain size data after an XFRM_MSG_NEWAE
        update, which allowed local users to obtain root
        privileges or cause a denial of service (heap-based
        out-of-bounds access) by leveraging the CAP_NET_ADMIN
        capability (bsc#1030573)
    
      - CVE-2017-7187: The sg_ioctl function in
        drivers/scsi/sg.c in the Linux kernel allowed local
        users to cause a denial of service (stack-based buffer
        overflow) or possibly have unspecified other impact via
        a large command size in an SG_NEXT_CMD_LEN ioctl call,
        leading to out-of-bounds write access in the sg_write
        function (bnc#1030213)
    
      - CVE-2017-7261: The vmw_surface_define_ioctl function in
        drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux
        kernel did not check for a zero value of certain levels
        data, which allowed local users to cause a denial of
        service (ZERO_SIZE_PTR dereference, and GPF and possibly
        panic) via a crafted ioctl call for a /dev/dri/renderD*
        device (bnc#1031052)
    
      - CVE-2017-7294: The vmw_surface_define_ioctl function in
        drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux
        kernel did not validate addition of certain levels data,
        which allowed local users to trigger an integer overflow
        and out-of-bounds write, and cause a denial of service
        (system hang or crash) or possibly gain privileges, via
        a crafted ioctl call for a /dev/dri/renderD* device
        (bnc#1031440)
    
      - CVE-2017-7308: The packet_set_ring function in
        net/packet/af_packet.c in the Linux kernel did not
        properly validate certain block-size data, which allowed
        local users to cause a denial of service (overflow) or
        possibly have unspecified other impact via crafted
        system calls (bnc#1031579)
    
      - CVE-2017-7482: Several missing length checks ticket
        decode allowing for information leak or potentially code
        execution (bsc#1046107).
    
      - CVE-2017-7487: The ipxitf_ioctl function in
        net/ipx/af_ipx.c in the Linux kernel mishandled
        reference counts, which allowed local users to cause a
        denial of service (use-after-free) or possibly have
        unspecified other impact via a failed SIOCGIFADDR ioctl
        call for an IPX interface (bsc#1038879).
    
      - CVE-2017-7533: Race condition in the fsnotify
        implementation in the Linux kernel allowed local users
        to gain privileges or cause a denial of service (memory
        corruption) via a crafted application that leverages
        simultaneous execution of the inotify_handle_event and
        vfs_rename functions (bnc#1049483 1050677 ).
    
      - CVE-2017-7542: The ip6_find_1stfragopt function in
        net/ipv6/output_core.c in the Linux kernel allowed local
        users to cause a denial of service (integer overflow and
        infinite loop) by leveraging the ability to open a raw
        socket (bnc#1049882).
    
      - CVE-2017-7616: Incorrect error handling in the
        set_mempolicy and mbind compat syscalls in
        mm/mempolicy.c in the Linux kernel allowed local users
        to obtain sensitive information from uninitialized stack
        data by triggering failure of a certain bitmap operation
        (bsc#1033336)
    
      - CVE-2017-8831: The saa7164_bus_get function in
        drivers/media/pci/saa7164/saa7164-bus.c in the Linux
        kernel allowed local users to cause a denial of service
        (out-of-bounds array access) or possibly have
        unspecified other impact by changing a certain
        sequence-number value, aka a 'double fetch'
        vulnerability. This requires a malicious PCI Card.
        (bnc#1037994).
    
      - CVE-2017-8890: The inet_csk_clone_lock function in
        net/ipv4/inet_connection_sock.c in the Linux kernel
        allowed attackers to cause a denial of service (double
        free) or possibly have unspecified other impact by
        leveraging use of the accept system call (bsc#1038544).
    
      - CVE-2017-8924: The edge_bulk_in_callback function in
        drivers/usb/serial/io_ti.c in the Linux kernel allowed
        local users to obtain sensitive information (in the
        dmesg ringbuffer and syslog) from uninitialized kernel
        memory by using a crafted USB device (posing as an io_ti
        USB serial device) to trigger an integer underflow
        (bnc#1037182).
    
      - CVE-2017-8925: The omninet_open function in
        drivers/usb/serial/omninet.c in the Linux kernel allowed
        local users to cause a denial of service (tty
        exhaustion) by leveraging reference count mishandling
        (bnc#1038981).
    
      - CVE-2017-9074: The IPv6 fragmentation implementation in
        the Linux kernel did not consider that the nexthdr field
        may be associated with an invalid option, which allowed
        local users to cause a denial of service (out-of-bounds
        read and BUG) or possibly have unspecified other impact
        via crafted socket and send system calls (bnc#1039882).
    
      - CVE-2017-9075: The sctp_v6_create_accept_sk function in
        net/sctp/ipv6.c in the Linux kernel mishandled
        inheritance, which allowed local users to cause a denial
        of service or possibly have unspecified other impact via
        crafted system calls, a related issue to CVE-2017-8890
        (bsc#1039883).
    
      - CVE-2017-9076: The dccp_v6_request_recv_sock function in
        net/dccp/ipv6.c in the Linux kernel mishandled
        inheritance, which allowed local users to cause a denial
        of service or possibly have unspecified other impact via
        crafted system calls, a related issue to CVE-2017-8890
        (bnc#1039885).
    
      - CVE-2017-9077: The tcp_v6_syn_recv_sock function in
        net/ipv6/tcp_ipv6.c in the Linux kernel mishandled
        inheritance, which allowed local users to cause a denial
        of service or possibly have unspecified other impact via
        crafted system calls, a related issue to CVE-2017-8890
        (bsc#1040069).
    
      - CVE-2017-9242: The __ip6_append_data function in
        net/ipv6/ip6_output.c in the Linux kernel was too late
        in checking whether an overwrite of an skb data
        structure may occur, which allowed local users to cause
        a denial of service (system crash) via crafted system
        calls (bnc#1041431).
    
      - CVE-2017-10661: Race condition in fs/timerfd.c in the
        Linux kernel allowed local users to gain privileges or
        cause a denial of service (list corruption or
        use-after-free) via simultaneous file-descriptor
        operations that leverage improper might_cancel queueing
        (bnc#1053152).
    
      - CVE-2017-11176: The mq_notify function in the Linux
        kernel did not set the sock pointer to NULL upon entry
        into the retry logic. During a user-space close of a
        Netlink socket, it allowed attackers to cause a denial
        of service (use-after-free) or possibly have unspecified
        other impact (bnc#1048275).
    
      - CVE-2017-11473: Buffer overflow in the
        mp_override_legacy_irq() function in
        arch/x86/kernel/acpi/boot.c in the Linux kernel allowed
        local users to gain privileges via a crafted ACPI table
        (bnc#1049603).
    
      - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A
        user-controlled buffer is copied into a local buffer of
        constant size using strcpy without a length check which
        can cause a buffer overflow. (bnc#1053148).
    
      - CVE-2017-14051: An integer overflow in the
        qla2x00_sysfs_write_optrom_ctl function in
        drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel
        allowed local users to cause a denial of service (memory
        corruption and system crash) by leveraging root access
        (bnc#1056588).
    
      - CVE-2017-1000112: Fixed a race condition in net-packet
        code that could have been exploited by unprivileged
        users to gain root access. (bsc#1052311).
    
      - CVE-2017-1000363: Linux drivers/char/lp.c Out-of-Bounds
        Write. Due to a missing bounds check, and the fact that
        parport_ptr integer is static, a 'secure boot' kernel
        command line adversary could have overflowed the
        parport_nr array in the following code (bnc#1039456).
    
      - CVE-2017-1000365: The Linux Kernel imposes a size
        restriction on the arguments and environmental strings
        passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the
        size), but did not take the argument and environment
        pointers into account, which allowed attackers to bypass
        this limitation (bnc#1039354).
    
      - CVE-2017-1000380: sound/core/timer.c in the Linux kernel
        was vulnerable to a data race in the ALSA /dev/snd/timer
        driver resulting in local users being able to read
        information belonging to other users, i.e.,
        uninitialized memory contents may be disclosed when a
        read and an ioctl happen at the same time (bnc#1044125).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1006919"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1012422"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1013862"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1017143"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1020229"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1021256"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1023051"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1024938"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1025013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1025235"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1026024"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1026722"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1026914"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1027066"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1027101"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1027178"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1027179"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1027406"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1028415"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1028880"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1029212"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1029850"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1030213"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1030573"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1030575"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1030593"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031003"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031052"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031440"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031481"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031579"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031660"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1033287"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1033336"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1034670"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1034838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1035576"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037182"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037183"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037994"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038544"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038564"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038879"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038883"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038981"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038982"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1039349"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1039354"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1039456"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1039594"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1039882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1039883"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1039885"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1040069"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1041431"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1042364"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1042863"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1042892"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1044125"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045416"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046107"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048232"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048275"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049483"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049603"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050677"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052311"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053148"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053152"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053760"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056588"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=870618"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=948562"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=957988"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=957990"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=963655"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=972891"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=979681"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=983212"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=986924"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=989896"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=999245"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-10200/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2016-5243/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-1000112/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-1000363/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-1000365/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-1000380/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-10661/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-11176/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-11473/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-12762/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14051/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-2647/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-2671/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-5669/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-5970/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-5986/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-6074/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-6214/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-6348/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-6353/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-6951/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7184/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7187/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7261/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7294/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7308/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7482/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7487/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7533/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7542/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7616/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-8831/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-8890/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-8924/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-8925/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-9074/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-9075/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-9076/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-9077/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-9242/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20172525-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0c969444"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch
    slessp3-kernel-source-13284=1
    
    SUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch
    slexsp3-kernel-source-13284=1
    
    SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch
    sleposp3-kernel-source-13284=1
    
    SUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch
    dbgsp3-kernel-source-13284=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'AF_PACKET packet_set_ring Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-bigsmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-bigsmp-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/09/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/20");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-ec2-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-ec2-base-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-ec2-devel-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-xen-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-bigsmp-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-bigsmp-base-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-bigsmp-devel-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-pae-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-pae-base-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-pae-devel-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"s390x", reference:"kernel-default-man-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-default-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-default-base-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-default-devel-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-source-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-syms-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-trace-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-trace-base-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-trace-devel-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-ec2-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-ec2-base-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-ec2-devel-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-xen-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-xen-base-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-pae-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-pae-base-3.0.101-0.47.106.5.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.47.106.5.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2286-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.82 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000111: Fixed a race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365). - CVE-2017-1000112: Fixed a race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311). - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a
    last seen2020-06-01
    modified2020-06-02
    plugin id102838
    published2017-08-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102838
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2286-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:2286-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(102838);
      script_version("3.9");
      script_cvs_date("Date: 2019/09/11 11:22:16");
    
      script_cve_id("CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-10810", "CVE-2017-11473", "CVE-2017-7533", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-8831");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2286-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.82 to
    receive various security and bugfixes. The following security bugs
    were fixed :
    
      - CVE-2017-1000111: Fixed a race condition in net-packet
        code that could be exploited to cause out-of-bounds
        memory access (bsc#1052365).
    
      - CVE-2017-1000112: Fixed a race condition in net-packet
        code that could have been exploited by unprivileged
        users to gain root access. (bsc#1052311).
    
      - CVE-2017-8831: The saa7164_bus_get function in
        drivers/media/pci/saa7164/saa7164-bus.c in the Linux
        kernel allowed local users to cause a denial of service
        (out-of-bounds array access) or possibly have
        unspecified other impact by changing a certain
        sequence-number value, aka a 'double fetch'
        vulnerability (bnc#1037994).
    
      - CVE-2017-7542: The ip6_find_1stfragopt function in
        net/ipv6/output_core.c in the Linux kernel allowed local
        users to cause a denial of service (integer overflow and
        infinite loop) by leveraging the ability to open a raw
        socket (bnc#1049882).
    
      - CVE-2017-11473: Buffer overflow in the
        mp_override_legacy_irq() function in
        arch/x86/kernel/acpi/boot.c in the Linux kernel allowed
        local users to gain privileges via a crafted ACPI table
        (bnc#1049603).
    
      - CVE-2017-7533: Race condition in the fsnotify
        implementation in the Linux kernel allowed local users
        to gain privileges or cause a denial of service (memory
        corruption) via a crafted application that leverages
        simultaneous execution of the inotify_handle_event and
        vfs_rename functions (bnc#1049483 bnc#1050677).
    
      - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in
        drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021
        1.c in the Linux kernel allowed local users to cause a
        denial of service (buffer overflow and system crash) or
        possibly gain privileges via a crafted NL80211_CMD_FRAME
        Netlink packet (bnc#1049645).
    
      - CVE-2017-10810: Memory leak in the
        virtio_gpu_object_create function in
        drivers/gpu/drm/virtio/virtgpu_object.c in the Linux
        kernel allowed attackers to cause a denial of service
        (memory consumption) by triggering object-initialization
        failures (bnc#1047277).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005778"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1006180"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1011913"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1012829"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1013887"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1015337"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1015342"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1016119"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019151"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019695"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1020645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022476"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022604"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1023175"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1024346"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1024373"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1025461"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1026570"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1028173"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1028286"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1029693"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1030552"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031515"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031717"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031784"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1033587"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1034075"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1034113"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1034762"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1036215"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1036632"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037344"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037404"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037994"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038078"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038616"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038792"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1039153"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1039348"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1039915"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1040307"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1040347"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1040351"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1041958"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1042257"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1042286"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1042314"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1042422"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1042778"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1043261"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1043347"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1043520"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1043598"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1043652"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1043805"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1043912"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1044112"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1044443"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1044623"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1044636"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045154"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045293"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045330"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045404"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045563"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045596"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045709"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045715"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045866"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045922"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045937"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046105"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046170"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046434"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046651"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046655"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046682"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046821"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046985"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047027"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047048"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047096"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047118"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047121"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047152"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047174"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047277"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047343"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047354"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047418"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047506"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047595"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047651"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047653"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047670"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047802"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048146"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048155"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048221"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048317"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048348"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048356"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048421"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048451"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048501"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048891"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048912"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048914"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048916"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048919"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049231"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049289"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049298"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049361"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049483"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049486"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049603"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049619"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049706"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050061"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050188"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050211"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050320"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050322"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050677"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051022"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051048"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051059"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051239"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051399"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051471"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051478"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051479"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051556"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051663"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051689"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051979"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052049"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052223"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052311"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052325"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052365"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052442"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052533"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052709"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052773"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052794"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052899"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052925"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053043"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053117"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=964063"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=974215"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=998664"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-1000111/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-1000112/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-10810/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-11473/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7533/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7541/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7542/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-8831/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20172286-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?41510390"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch
    SUSE-SLE-WE-12-SP3-2017-1404=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
    patch SUSE-SLE-SDK-12-SP3-2017-1404=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2017-1404=1
    
    SUSE Linux Enterprise Live Patching 12-SP3:zypper in -t patch
    SUSE-SLE-Live-Patching-12-SP3-2017-1404=1
    
    SUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch
    SUSE-SLE-HA-12-SP3-2017-1404=1
    
    SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP3-2017-1404=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/08/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"s390x", reference:"kernel-default-man-4.4.82-6.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-4.4.82-6.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-4.4.82-6.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-debuginfo-4.4.82-6.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debuginfo-4.4.82-6.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debugsource-4.4.82-6.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-devel-4.4.82-6.3.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-syms-4.4.82-6.3.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-4.4.82-6.3.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-debuginfo-4.4.82-6.3.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-debugsource-4.4.82-6.3.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-devel-4.4.82-6.3.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-extra-4.4.82-6.3.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-extra-debuginfo-4.4.82-6.3.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-syms-4.4.82-6.3.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3754-1.NASL
    descriptionRalf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service (system crash). (CVE-2016-10208) It was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses). (CVE-2017-11472) It was discovered that a buffer overflow existed in the ACPI table parsing implementation in the Linux kernel. A local attacker could use this to construct a malicious ACPI table that, when loaded, caused a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11473) It was discovered that the generic SCSI driver in the Linux kernel did not properly initialize data returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14991) It was discovered that a race condition existed in the packet fanout implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15649) Andrey Konovalov discovered that the Ultra Wide Band driver in the Linux kernel did not properly check for an error condition. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16526) Andrey Konovalov discovered that the ALSA subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16527) Andrey Konovalov discovered that the ALSA subsystem in the Linux kernel did not properly validate USB audio buffer descriptors. A physically proximate attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16529) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB interface association descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16531) Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB HID descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16533) Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB BOS metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16535) Andrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536) Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537) It was discovered that the DM04/QQBOX USB driver in the Linux kernel did not properly handle device attachment and warm-start. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16538) Andrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16643) Andrey Konovalov discovered that the video4linux driver for Hauppauge HD PVR USB devices in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16644) Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645) Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650) It was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911) It was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912) It was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913) It was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16914) It was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558) It was discovered that an integer overflow existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18255) It was discovered that the keyring subsystem in the Linux kernel did not properly prevent a user from creating keyrings for other users. A local attacker could use this cause a denial of service or expose sensitive information. (CVE-2017-18270) Andy Lutomirski and Willy Tarreau discovered that the KVM implementation in the Linux kernel did not properly emulate instructions on the SS segment register. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash) or possibly gain administrative privileges in the guest OS. (CVE-2017-2583) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel improperly emulated certain instructions. A local attacker could use this to obtain sensitive information (kernel memory). (CVE-2017-2584) It was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in the Linux kernel did not properly initialize memory related to logging. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5549) Andrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. (CVE-2017-5897) Andrey Konovalov discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-6345) Dmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (deadlock). (CVE-2017-6348) Andy Lutomirski discovered that the KVM implementation in the Linux kernel was vulnerable to a debug exception error when single-stepping through a syscall. A local attacker in a non-Linux guest vm could possibly use this to gain administrative privileges in the guest vm. (CVE-2017-7518) Tuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly handle certain long RPC replies. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-7645) Pengfei Wang discovered that a race condition existed in the NXP SAA7164 TV Decoder driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-8831) Pengfei Wang discovered that the Turtle Beach MultiSound audio device driver in the Linux kernel contained race conditions when fetching from the ring-buffer. A local attacker could use this to cause a denial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985) It was discovered that the wait4() system call in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10087) It was discovered that the kill() system call implementation in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10124) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10323) Zhong Jiang discovered that a use-after-free vulnerability existed in the NUMA memory policy implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10675) Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep meta-data information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10881) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service (system crash) when mounted. (CVE-2018-1092) Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted. (CVE-2018-1093) It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-10940) Shankara Pailoor discovered that the JFS filesystem implementation in the Linux kernel contained a buffer overflow when handling extended attributes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-12233) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly handle an error condition with a corrupted xfs image. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13094) It was discovered that the Linux kernel did not properly handle setgid file creation when performed by a non-member of the group. A local attacker could use this to gain elevated privileges. (CVE-2018-13405) Silvio Cesare discovered that the generic VESA frame buffer driver in the Linux kernel contained an integer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-13406) Daniel Jiang discovered that a race condition existed in the ipv4 ping socket implementation in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2017-2671) It was discovered that an information leak existed in the generic SCSI driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-1000204) It was discovered that a memory leak existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-10021). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id112113
    published2018-08-24
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/112113
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-3754-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3754-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(112113);
      script_version("1.6");
      script_cvs_date("Date: 2019/09/18 12:31:48");
    
      script_cve_id("CVE-2016-10208", "CVE-2017-11472", "CVE-2017-11473", "CVE-2017-14991", "CVE-2017-15649", "CVE-2017-16526", "CVE-2017-16527", "CVE-2017-16529", "CVE-2017-16531", "CVE-2017-16532", "CVE-2017-16533", "CVE-2017-16535", "CVE-2017-16536", "CVE-2017-16537", "CVE-2017-16538", "CVE-2017-16643", "CVE-2017-16644", "CVE-2017-16645", "CVE-2017-16650", "CVE-2017-16911", "CVE-2017-16912", "CVE-2017-16913", "CVE-2017-16914", "CVE-2017-17558", "CVE-2017-18255", "CVE-2017-18270", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-2671", "CVE-2017-5549", "CVE-2017-5897", "CVE-2017-6345", "CVE-2017-6348", "CVE-2017-7518", "CVE-2017-7645", "CVE-2017-8831", "CVE-2017-9984", "CVE-2017-9985", "CVE-2018-1000204", "CVE-2018-10021", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-10323", "CVE-2018-10675", "CVE-2018-10877", "CVE-2018-10881", "CVE-2018-1092", "CVE-2018-1093", "CVE-2018-10940", "CVE-2018-12233", "CVE-2018-13094", "CVE-2018-13405", "CVE-2018-13406");
      script_xref(name:"USN", value:"3754-1");
    
      script_name(english:"Ubuntu 14.04 LTS : linux vulnerabilities (USN-3754-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Ralf Spenneberg discovered that the ext4 implementation in the Linux
    kernel did not properly validate meta block groups. An attacker with
    physical access could use this to specially craft an ext4 image that
    causes a denial of service (system crash). (CVE-2016-10208)
    
    It was discovered that an information disclosure vulnerability existed
    in the ACPI implementation of the Linux kernel. A local attacker could
    use this to expose sensitive information (kernel memory addresses).
    (CVE-2017-11472)
    
    It was discovered that a buffer overflow existed in the ACPI table
    parsing implementation in the Linux kernel. A local attacker could use
    this to construct a malicious ACPI table that, when loaded, caused a
    denial of service (system crash) or possibly execute arbitrary code.
    (CVE-2017-11473)
    
    It was discovered that the generic SCSI driver in the Linux kernel did
    not properly initialize data returned to user space in some
    situations. A local attacker could use this to expose sensitive
    information (kernel memory). (CVE-2017-14991)
    
    It was discovered that a race condition existed in the packet fanout
    implementation in the Linux kernel. A local attacker could use this to
    cause a denial of service (system crash) or possibly execute arbitrary
    code. (CVE-2017-15649)
    
    Andrey Konovalov discovered that the Ultra Wide Band driver in the
    Linux kernel did not properly check for an error condition. A
    physically proximate attacker could use this to cause a denial of
    service (system crash) or possibly execute arbitrary code.
    (CVE-2017-16526)
    
    Andrey Konovalov discovered that the ALSA subsystem in the Linux
    kernel contained a use-after-free vulnerability. A local attacker
    could use this to cause a denial of service (system crash) or possibly
    execute arbitrary code. (CVE-2017-16527)
    
    Andrey Konovalov discovered that the ALSA subsystem in the Linux
    kernel did not properly validate USB audio buffer descriptors. A
    physically proximate attacker could use this cause a denial of service
    (system crash) or possibly execute arbitrary code. (CVE-2017-16529)
    
    Andrey Konovalov discovered that the USB subsystem in the Linux kernel
    did not properly validate USB interface association descriptors. A
    physically proximate attacker could use this to cause a denial of
    service (system crash). (CVE-2017-16531)
    
    Andrey Konovalov discovered that the usbtest device driver in the
    Linux kernel did not properly validate endpoint metadata. A physically
    proximate attacker could use this to cause a denial of service (system
    crash). (CVE-2017-16532)
    
    Andrey Konovalov discovered that the USB subsystem in the Linux kernel
    did not properly validate USB HID descriptors. A physically proximate
    attacker could use this to cause a denial of service (system crash).
    (CVE-2017-16533)
    
    Andrey Konovalov discovered that the USB subsystem in the Linux kernel
    did not properly validate USB BOS metadata. A physically proximate
    attacker could use this to cause a denial of service (system crash).
    (CVE-2017-16535)
    
    Andrey Konovalov discovered that the Conexant cx231xx USB video
    capture driver in the Linux kernel did not properly validate interface
    descriptors. A physically proximate attacker could use this to cause a
    denial of service (system crash). (CVE-2017-16536)
    
    Andrey Konovalov discovered that the SoundGraph iMON USB driver in the
    Linux kernel did not properly validate device metadata. A physically
    proximate attacker could use this to cause a denial of service (system
    crash). (CVE-2017-16537)
    
    It was discovered that the DM04/QQBOX USB driver in the Linux kernel
    did not properly handle device attachment and warm-start. A physically
    proximate attacker could use this to cause a denial of service (system
    crash) or possibly execute arbitrary code. (CVE-2017-16538)
    
    Andrey Konovalov discovered an out-of-bounds read in the GTCO
    digitizer USB driver for the Linux kernel. A physically proximate
    attacker could use this to cause a denial of service (system crash) or
    possibly execute arbitrary code. (CVE-2017-16643)
    
    Andrey Konovalov discovered that the video4linux driver for Hauppauge
    HD PVR USB devices in the Linux kernel did not properly handle some
    error conditions. A physically proximate attacker could use this to
    cause a denial of service (system crash) or possibly execute arbitrary
    code. (CVE-2017-16644)
    
    Andrey Konovalov discovered that the IMS Passenger Control Unit USB
    driver in the Linux kernel did not properly validate device
    descriptors. A physically proximate attacker could use this to cause a
    denial of service (system crash). (CVE-2017-16645)
    
    Andrey Konovalov discovered that the QMI WWAN USB driver did not
    properly validate device descriptors. A physically proximate attacker
    could use this to cause a denial of service (system crash).
    (CVE-2017-16650)
    
    It was discovered that the USB Virtual Host Controller Interface
    (VHCI) driver in the Linux kernel contained an information disclosure
    vulnerability. A physically proximate attacker could use this to
    expose sensitive information (kernel memory). (CVE-2017-16911)
    
    It was discovered that the USB over IP implementation in the Linux
    kernel did not validate endpoint numbers. A remote attacker could use
    this to cause a denial of service (system crash). (CVE-2017-16912)
    
    It was discovered that the USB over IP implementation in the Linux
    kernel did not properly validate CMD_SUBMIT packets. A remote attacker
    could use this to cause a denial of service (excessive memory
    consumption). (CVE-2017-16913)
    
    It was discovered that the USB over IP implementation in the Linux
    kernel contained a NULL pointer dereference error. A remote attacker
    could use this to cause a denial of service (system crash).
    (CVE-2017-16914)
    
    It was discovered that the core USB subsystem in the Linux kernel did
    not validate the number of configurations and interfaces in a device.
    A physically proximate attacker could use this to cause a denial of
    service (system crash). (CVE-2017-17558)
    
    It was discovered that an integer overflow existed in the perf
    subsystem of the Linux kernel. A local attacker could use this to
    cause a denial of service (system crash). (CVE-2017-18255)
    
    It was discovered that the keyring subsystem in the Linux kernel did
    not properly prevent a user from creating keyrings for other users. A
    local attacker could use this cause a denial of service or expose
    sensitive information. (CVE-2017-18270)
    
    Andy Lutomirski and Willy Tarreau discovered that the KVM
    implementation in the Linux kernel did not properly emulate
    instructions on the SS segment register. A local attacker in a guest
    virtual machine could use this to cause a denial of service (guest OS
    crash) or possibly gain administrative privileges in the guest OS.
    (CVE-2017-2583)
    
    Dmitry Vyukov discovered that the KVM implementation in the Linux
    kernel improperly emulated certain instructions. A local attacker
    could use this to obtain sensitive information (kernel memory).
    (CVE-2017-2584)
    
    It was discovered that the KLSI KL5KUSB105 serial-to-USB device driver
    in the Linux kernel did not properly initialize memory related to
    logging. A local attacker could use this to expose sensitive
    information (kernel memory). (CVE-2017-5549)
    
    Andrey Konovalov discovered an out-of-bounds access in the IPv6
    Generic Routing Encapsulation (GRE) tunneling implementation in the
    Linux kernel. An attacker could use this to possibly expose sensitive
    information. (CVE-2017-5897)
    
    Andrey Konovalov discovered that the LLC subsytem in the Linux kernel
    did not properly set up a destructor in certain situations. A local
    attacker could use this to cause a denial of service (system crash).
    (CVE-2017-6345)
    
    Dmitry Vyukov discovered race conditions in the Infrared (IrDA)
    subsystem in the Linux kernel. A local attacker could use this to
    cause a denial of service (deadlock). (CVE-2017-6348)
    
    Andy Lutomirski discovered that the KVM implementation in the Linux
    kernel was vulnerable to a debug exception error when single-stepping
    through a syscall. A local attacker in a non-Linux guest vm could
    possibly use this to gain administrative privileges in the guest vm.
    (CVE-2017-7518)
    
    Tuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3
    server implementations in the Linux kernel did not properly handle
    certain long RPC replies. A remote attacker could use this to cause a
    denial of service (system crash). (CVE-2017-7645)
    
    Pengfei Wang discovered that a race condition existed in the NXP
    SAA7164 TV Decoder driver for the Linux kernel. A local attacker could
    use this to cause a denial of service (system crash) or possibly
    execute arbitrary code. (CVE-2017-8831)
    
    Pengfei Wang discovered that the Turtle Beach MultiSound audio device
    driver in the Linux kernel contained race conditions when fetching
    from the ring-buffer. A local attacker could use this to cause a
    denial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985)
    
    It was discovered that the wait4() system call in the Linux kernel did
    not properly validate its arguments in some situations. A local
    attacker could possibly use this to cause a denial of service.
    (CVE-2018-10087)
    
    It was discovered that the kill() system call implementation in the
    Linux kernel did not properly validate its arguments in some
    situations. A local attacker could possibly use this to cause a denial
    of service. (CVE-2018-10124)
    
    Wen Xu discovered that the XFS filesystem implementation in the Linux
    kernel did not properly validate meta-data information. An attacker
    could use this to construct a malicious xfs image that, when mounted,
    could cause a denial of service (system crash). (CVE-2018-10323)
    
    Zhong Jiang discovered that a use-after-free vulnerability existed in
    the NUMA memory policy implementation in the Linux kernel. A local
    attacker could use this to cause a denial of service (system crash) or
    possibly execute arbitrary code. (CVE-2018-10675)
    
    Wen Xu discovered that a buffer overflow existed in the ext4
    filesystem implementation in the Linux kernel. An attacker could use
    this to construct a malicious ext4 image that, when mounted, could
    cause a denial of service (system crash) or possibly execute arbitrary
    code. (CVE-2018-10877)
    
    Wen Xu discovered that the ext4 filesystem implementation in the Linux
    kernel did not properly keep meta-data information consistent in some
    situations. An attacker could use this to construct a malicious ext4
    image that, when mounted, could cause a denial of service (system
    crash). (CVE-2018-10881)
    
    Wen Xu discovered that the ext4 filesystem implementation in the Linux
    kernel did not properly handle corrupted meta data in some situations.
    An attacker could use this to specially craft an ext4 file system that
    caused a denial of service (system crash) when mounted.
    (CVE-2018-1092)
    
    Wen Xu discovered that the ext4 filesystem implementation in the Linux
    kernel did not properly handle corrupted meta data in some situations.
    An attacker could use this to specially craft an ext4 filesystem that
    caused a denial of service (system crash) when mounted.
    (CVE-2018-1093)
    
    It was discovered that the cdrom driver in the Linux kernel contained
    an incorrect bounds check. A local attacker could use this to expose
    sensitive information (kernel memory). (CVE-2018-10940)
    
    Shankara Pailoor discovered that the JFS filesystem implementation in
    the Linux kernel contained a buffer overflow when handling extended
    attributes. A local attacker could use this to cause a denial of
    service (system crash) or possibly execute arbitrary code.
    (CVE-2018-12233)
    
    Wen Xu discovered that the XFS filesystem implementation in the Linux
    kernel did not properly handle an error condition with a corrupted xfs
    image. An attacker could use this to construct a malicious xfs image
    that, when mounted, could cause a denial of service (system crash).
    (CVE-2018-13094)
    
    It was discovered that the Linux kernel did not properly handle setgid
    file creation when performed by a non-member of the group. A local
    attacker could use this to gain elevated privileges. (CVE-2018-13405)
    
    Silvio Cesare discovered that the generic VESA frame buffer driver in
    the Linux kernel contained an integer overflow. A local attacker could
    use this to cause a denial of service (system crash) or possibly
    execute arbitrary code. (CVE-2018-13406)
    
    Daniel Jiang discovered that a race condition existed in the ipv4 ping
    socket implementation in the Linux kernel. A local privileged attacker
    could use this to cause a denial of service (system crash).
    (CVE-2017-2671)
    
    It was discovered that an information leak existed in the generic SCSI
    driver in the Linux kernel. A local attacker could use this to expose
    sensitive information (kernel memory). (CVE-2018-1000204)
    
    It was discovered that a memory leak existed in the Serial Attached
    SCSI (SAS) implementation in the Linux kernel. A physically proximate
    attacker could use this to cause a denial of service (memory
    exhaustion). (CVE-2018-10021).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3754-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/01/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/08/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2016-10208", "CVE-2017-11472", "CVE-2017-11473", "CVE-2017-14991", "CVE-2017-15649", "CVE-2017-16526", "CVE-2017-16527", "CVE-2017-16529", "CVE-2017-16531", "CVE-2017-16532", "CVE-2017-16533", "CVE-2017-16535", "CVE-2017-16536", "CVE-2017-16537", "CVE-2017-16538", "CVE-2017-16643", "CVE-2017-16644", "CVE-2017-16645", "CVE-2017-16650", "CVE-2017-16911", "CVE-2017-16912", "CVE-2017-16913", "CVE-2017-16914", "CVE-2017-17558", "CVE-2017-18255", "CVE-2017-18270", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-2671", "CVE-2017-5549", "CVE-2017-5897", "CVE-2017-6345", "CVE-2017-6348", "CVE-2017-7518", "CVE-2017-7645", "CVE-2017-8831", "CVE-2017-9984", "CVE-2017-9985", "CVE-2018-1000204", "CVE-2018-10021", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-10323", "CVE-2018-10675", "CVE-2018-10877", "CVE-2018-10881", "CVE-2018-1092", "CVE-2018-1093", "CVE-2018-10940", "CVE-2018-12233", "CVE-2018-13094", "CVE-2018-13405", "CVE-2018-13406");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3754-1");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-3.13.0-157-generic", pkgver:"3.13.0-157.207")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-3.13.0-157-generic-lpae", pkgver:"3.13.0-157.207")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-3.13.0-157-lowlatency", pkgver:"3.13.0-157.207")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-generic", pkgver:"3.13.0.157.167")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-generic-lpae", pkgver:"3.13.0.157.167")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"linux-image-lowlatency", pkgver:"3.13.0.157.167")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-544EEF948F.NASL
    descriptionThe 4.11.12 update contains a number of important fixes across the tree. ---- The 4.11.11 update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-07-27
    plugin id101994
    published2017-07-27
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101994
    titleFedora 24 : kernel (2017-544eef948f)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2017-544eef948f.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101994);
      script_version("3.7");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-11176", "CVE-2017-11473", "CVE-2017-7541", "CVE-2017-7542");
      script_xref(name:"FEDORA", value:"2017-544eef948f");
    
      script_name(english:"Fedora 24 : kernel (2017-544eef948f)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The 4.11.12 update contains a number of important fixes across the
    tree.
    
    ----
    
    The 4.11.11 update contains a number of important fixes across the
    tree.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2017-544eef948f"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/07/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2017-11176", "CVE-2017-11473", "CVE-2017-7541", "CVE-2017-7542");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for FEDORA-2017-544eef948f");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    if (rpm_check(release:"FC24", reference:"kernel-4.11.12-100.fc24")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3636.NASL
    descriptionDescription of changes: kernel-uek [3.8.13-118.19.12.el7uek] - nvme: Drop nvmeq->q_lock before dma_pool_alloc(), so as to prevent hard lockups (Aruna Ramakrishna) [Orabug: 25409587] [3.8.13-118.19.11.el7uek] - nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600] - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403940] {CVE-2017-1000363} - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404005] {CVE-2017-9077} - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26427126] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26427126] - ping: implement proper locking (Eric Dumazet) [Orabug: 26540286] {CVE-2017-2671} - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598] {CVE-2016-10044} - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643598] {CVE-2016-10044} - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643598] {CVE-2016-10044} - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643645] {CVE-2017-11473} - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650883] {CVE-2017-9075} - [media] saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675142] {CVE-2017-8831} - [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675142] {CVE-2017-8831} - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797306] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899787] {CVE-2017-10661} - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id104370
    published2017-11-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104370
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3636)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Oracle Linux Security Advisory ELSA-2017-3636.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(104370);
      script_version("3.9");
      script_cvs_date("Date: 2019/09/27 13:00:38");
    
      script_cve_id("CVE-2016-10044", "CVE-2017-1000363", "CVE-2017-1000380", "CVE-2017-10661", "CVE-2017-11473", "CVE-2017-14489", "CVE-2017-2671", "CVE-2017-8831", "CVE-2017-9075", "CVE-2017-9077");
    
      script_name(english:"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3636)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Description of changes:
    
    kernel-uek
    [3.8.13-118.19.12.el7uek]
    - nvme: Drop nvmeq->q_lock before dma_pool_alloc(), so as to prevent 
    hard lockups (Aruna Ramakrishna)  [Orabug: 25409587]
    
    [3.8.13-118.19.11.el7uek]
    - nvme: Handle PM1725 HIL reset (Martin K. Petersen)  [Orabug: 26277600]
    - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) 
    [Orabug: 26403940]  {CVE-2017-1000363}
    - ALSA: timer: Fix missing queue indices reset at 
    SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai)  [Orabug: 26403956] 
    {CVE-2017-1000380}
    - ALSA: timer: Fix race between read and ioctl (Takashi Iwai)  [Orabug: 
    26403956]  {CVE-2017-1000380}
    - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race 
    (Vegard Nossum)  [Orabug: 26403956]  {CVE-2017-1000380}
    - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) 
    [Orabug: 26403956]  {CVE-2017-1000380}
    - ALSA: timer: Fix race at concurrent reads (Takashi Iwai)  [Orabug: 
    26403956]  {CVE-2017-1000380}
    - ALSA: timer: Fix race among timer ioctls (Takashi Iwai)  [Orabug: 
    26403956]  {CVE-2017-1000380}
    - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) 
    [Orabug: 26404005]  {CVE-2017-9077}
    - ocfs2: fix deadlock issue when taking inode lock at vfs entry points 
    (Eric Ren)  [Orabug: 26427126]
    - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock 
    (Eric Ren)  [Orabug: 26427126]
    - ping: implement proper locking (Eric Dumazet)  [Orabug: 26540286] 
    {CVE-2017-2671}
    - aio: mark AIO pseudo-fs noexec (Jann Horn)  [Orabug: 26643598] 
    {CVE-2016-10044}
    - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. 
    Biederman)  [Orabug: 26643598]  {CVE-2016-10044}
    - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun 
    Heo)  [Orabug: 26643598]  {CVE-2016-10044}
    - x86/acpi: Prevent out of bound access caused by broken ACPI tables 
    (Seunghun Han)  [Orabug: 26643645]  {CVE-2017-11473}
    - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) 
    [Orabug: 26650883]  {CVE-2017-9075}
    - [media] saa7164: fix double fetch PCIe access condition (Steven Toth) 
    [Orabug: 26675142]  {CVE-2017-8831}
    - [media] saa7164: fix sparse warnings (Hans Verkuil)  [Orabug: 
    26675142]  {CVE-2017-8831}
    - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE 
    (Abhi Das)  [Orabug: 26797306]
    - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) 
    [Orabug: 26899787]  {CVE-2017-10661}
    - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't 
    parse nlmsg properly (Xin Long)  [Orabug: 26988627]  {CVE-2017-14489}"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2017-November/007321.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2017-November/007322.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected unbreakable enterprise kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.19.12.el6uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.19.12.el7uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/02/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/11/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6 / 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2016-10044", "CVE-2017-1000363", "CVE-2017-1000380", "CVE-2017-10661", "CVE-2017-11473", "CVE-2017-14489", "CVE-2017-2671", "CVE-2017-8831", "CVE-2017-9075", "CVE-2017-9077");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2017-3636");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "3.8";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_check(release:"EL6", cpu:"x86_64", reference:"dtrace-modules-3.8.13-118.19.12.el6uek-0.4.5-3.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-3.8.13-118.19.12.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-3.8.13-118.19.12.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-devel-3.8.13-118.19.12.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-devel-3.8.13-118.19.12.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-doc-3.8.13-118.19.12.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-firmware-3.8.13-118.19.12.el6uek")) flag++;
    
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"dtrace-modules-3.8.13-118.19.12.el7uek-0.4.5-3.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-3.8.13-118.19.12.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-3.8.13-118.19.12.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-devel-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-devel-3.8.13-118.19.12.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-devel-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-devel-3.8.13-118.19.12.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-doc-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-doc-3.8.13-118.19.12.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-firmware-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-firmware-3.8.13-118.19.12.el7uek")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0028.NASL
    descriptionAn update of [linux] packages for PhotonOS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id111877
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111877
    titlePhoton OS 1.0: Linux PHSA-2017-0028 (deprecated)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2/7/2019
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2017-0028. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111877);
      script_version("1.2");
      script_cvs_date("Date: 2019/02/07 18:59:50");
    
      script_cve_id("CVE-2017-7541", "CVE-2017-11473");
    
      script_name(english:"Photon OS 1.0: Linux PHSA-2017-0028 (deprecated)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "This plugin has been deprecated.");
      script_set_attribute(attribute:"description", value:
    "An update of [linux] packages for PhotonOS has been released.");
      # https://github.com/vmware/photon/wiki/Security-Updates-61
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?861d6975");
      script_set_attribute(attribute:"solution", value:"n/a.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7541");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/08/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated.");
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    pkgs = [
      "linux-4.4.79-1.ph1",
      "linux-debuginfo-4.4.79-1.ph1",
      "linux-dev-4.4.79-1.ph1",
      "linux-docs-4.4.79-1.ph1",
      "linux-drivers-gpu-4.4.79-1.ph1",
      "linux-esx-4.4.79-1.ph1",
      "linux-esx-debuginfo-4.4.79-1.ph1",
      "linux-esx-devel-4.4.79-1.ph1",
      "linux-esx-docs-4.4.79-1.ph1",
      "linux-oprofile-4.4.79-1.ph1",
      "linux-sound-4.4.79-1.ph1",
      "linux-tools-4.4.79-1.ph1"
    ];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1523.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a
    last seen2020-03-19
    modified2019-05-14
    plugin id124976
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124976
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1523)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124976);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");
    
      script_cve_id(
        "CVE-2013-2899",
        "CVE-2014-3601",
        "CVE-2014-6410",
        "CVE-2015-0572",
        "CVE-2015-8709",
        "CVE-2015-8953",
        "CVE-2016-10150",
        "CVE-2016-3841",
        "CVE-2016-4805",
        "CVE-2016-9120",
        "CVE-2017-10663",
        "CVE-2017-11473",
        "CVE-2017-12168",
        "CVE-2017-12193",
        "CVE-2017-14489",
        "CVE-2017-16644",
        "CVE-2017-16648",
        "CVE-2017-7533",
        "CVE-2017-9985",
        "CVE-2018-10879"
      );
      script_bugtraq_id(
        62046,
        69489,
        69799
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1523)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization for ARM 64 installation on the remote host is
    affected by the following vulnerabilities :
    
      - The snd_msndmidi_input_read function in
        sound/isa/msnd/msnd_midi.c in the Linux kernel through
        4.11.7 allows local users to cause a denial of service
        (over-boundary access) or possibly have unspecified
        other impact by changing the value of a message queue
        head pointer between two kernel reads of that value,
        aka a 'double fetch' vulnerability.(CVE-2017-9985i1/4%0
    
      - An assertion failure issue was found in the Linux
        kernel's KVM hypervisor module built to support
        visualization on ARM64 architecture platforms. The
        failure could occur while accessing Performance
        Monitors Cycle Count Register (PMCCNTR) from a guest. A
        privileged guest user could use this flaw to crash the
        host kernel resulting in denial of
        service.(CVE-2017-12168i1/4%0
    
      - The iscsi_if_rx() function in
        'drivers/scsi/scsi_transport_iscsi.c' in the Linux
        kernel from v2.6.24-rc1 through 4.13.2 allows local
        users to cause a denial of service (a system panic) by
        making a number of certain syscalls by leveraging
        incorrect length validation in the kernel
        code.(CVE-2017-14489i1/4%0
    
      - The hdpvr_probe function in
        drivers/media/usb/hdpvr/hdpvr-core.c in the Linux
        kernel through 4.13.11 allows local users to cause a
        denial of service (improper error handling and system
        crash) or possibly have unspecified other impact via a
        crafted USB device.(CVE-2017-16644i1/4%0
    
      - The dvb frontend management subsystem in the Linux
        kernel contains a use-after-free which can allow a
        malicious user to write to memory that may be assigned
        to another kernel structure. This could create memory
        corruption, panic, or possibly other side
        affects.(CVE-2017-16648i1/4%0
    
      - It was found that the Linux kernel's IPv6
        implementation mishandled socket options. A local
        attacker could abuse concurrent access to the socket
        options to escalate their privileges, or cause a denial
        of service (use-after-free and system crash) via a
        crafted sendmsg system call.(CVE-2016-3841i1/4%0
    
      - A flaw was found in the Linux kernel's ext4 filesystem.
        A local user can cause a use-after-free in
        ext4_xattr_set_entry function and a denial of service
        or unspecified other impact may occur by renaming a
        file in a crafted ext4 filesystem
        image.(CVE-2018-10879i1/4%0
    
      - A race condition was found in the Linux kernel, present
        since v3.14-rc1 through v4.12. The race happens between
        threads of inotify_handle_event() and vfs_rename()
        while running the rename operation against the same
        file. As a result of the race the next slab data or the
        slab's free list pointer can be corrupted with
        attacker-controlled data, which may lead to the
        privilege escalation.(CVE-2017-7533i1/4%0
    
      - A privilege-escalation vulnerability was discovered in
        the Linux kernel built with User Namespace
        (CONFIG_USER_NS) support. The flaw occurred when the
        ptrace() system call was used on a root-owned process
        to enter a user namespace. A privileged namespace user
        could exploit this flaw to potentially escalate their
        privileges on the system, outside the original
        namespace.(CVE-2015-8709i1/4%0
    
      - Use-after-free vulnerability in
        drivers/net/ppp/ppp_generic.c in the Linux kernel
        before 4.5.2 allows local users to cause a denial of
        service (memory corruption and system crash, or
        spinlock) or possibly have unspecified other impact by
        removing a network namespace, related to the
        ppp_register_net_channel and ppp_unregister_channel
        functions.(CVE-2016-4805i1/4%0
    
      - A flaw was found in the way the Linux kernel's
        kvm_iommu_map_pages() function handled IOMMU mapping
        failures. A privileged user in a guest with an assigned
        host device could use this flaw to crash the
        host.(CVE-2014-3601i1/4%0
    
      - A flaw was found in the Linux kernel's implementation
        of associative arrays introduced in 3.13. This
        functionality was backported to the 3.10 kernels in Red
        Hat Enterprise Linux 7. The flaw involved a null
        pointer dereference in assoc_array_apply_edit() due to
        incorrect node-splitting in assoc_array implementation.
        This affects the keyring key type and thus key addition
        and link creation operations may cause the kernel to
        panic.(CVE-2017-12193i1/4%0
    
      - Multiple race conditions in drivers/char/adsprpc.c and
        drivers/char/adsprpc_compat.c in the ADSPRPC driver for
        the Linux kernel 3.x, as used in Qualcomm Innovation
        Center (QuIC) Android contributions for MSM devices and
        other products, allow attackers to cause a denial of
        service (zero-value write) or possibly have unspecified
        other impact via a COMPAT_FASTRPC_IOCTL_INVOKE_FD ioctl
        call.(CVE-2015-0572i1/4%0
    
      - The sanity_check_ckpt function in fs/f2fs/super.c in
        the Linux kernel before version 4.12.4 does not
        validate the blkoff and segno arrays. This allows an
        unprivileged, local user to cause a system panic and
        DoS. Due to the nature of the flaw, privilege
        escalation cannot be fully ruled out, although we
        believe it is unlikely.(CVE-2017-10663i1/4%0
    
      - A stack overflow flaw caused by infinite recursion was
        found in the way the Linux kernel's Universal Disk
        Format (UDF) file system implementation processed
        indirect Information Control Blocks (ICBs). An attacker
        with physical access to the system could use a
        specially crafted UDF image to crash the
        system.(CVE-2014-6410i1/4%0
    
      - Race condition in the ion_ioctl function in
        drivers/staging/android/ion/ion.c in the Linux kernel
        before 4.6 allows local users to gain privileges or
        cause a denial of service (use-after-free) by calling
        ION_IOC_FREE on two CPUs at the same
        time.(CVE-2016-9120i1/4%0
    
      - drivers/hid/hid-picolcd_core.c in the Human Interface
        Device (HID) subsystem in the Linux kernel through
        3.11, when CONFIG_HID_PICOLCD is enabled, allows
        physically proximate attackers to cause a denial of
        service (NULL pointer dereference and OOPS) via a
        crafted device.(CVE-2013-2899i1/4%0
    
      - A flaw was found in the Linux kernel's implementation
        of overlayfs. An attacker can leak file resources in
        the system by opening a large file with write
        permissions on a overlay filesystem that is
        insufficient to deal with the size of the write.When
        unmounting the underlying device, the system is unable
        to free an inode and this will consume resources.
        Repeating this for all available inodes and memory will
        create a denial of service situation.(CVE-2015-8953i1/4%0
    
      - Buffer overflow in the mp_override_legacy_irq()
        function in arch/x86/kernel/acpi/boot.c in the Linux
        kernel through 4.12.2 allows local users to gain
        privileges via a crafted ACPI table.(CVE-2017-11473i1/4%0
    
      - Use-after-free vulnerability in the
        kvm_ioctl_create_device function in virt/kvm/kvm_main.c
        in the Linux kernel before 4.8.13 allows host OS users
        to cause a denial of service (host OS crash) or
        possibly gain privileges via crafted ioctl calls on the
        /dev/kvm device.(CVE-2016-10150i1/4%0
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1523
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1ab359ca");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-4.19.28-1.2.117",
            "kernel-devel-4.19.28-1.2.117",
            "kernel-headers-4.19.28-1.2.117",
            "kernel-tools-4.19.28-1.2.117",
            "kernel-tools-libs-4.19.28-1.2.117",
            "kernel-tools-libs-devel-4.19.28-1.2.117",
            "perf-4.19.28-1.2.117",
            "python-perf-4.19.28-1.2.117"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-870.NASL
    descriptionBuffer overflow in mp_override_legacy_irq() : Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table. (CVE-2017-11473) A race between inotify_handle_event() and sys_rename() : A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab
    last seen2020-06-01
    modified2020-06-02
    plugin id102544
    published2017-08-18
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102544
    titleAmazon Linux AMI : kernel (ALAS-2017-870)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux AMI Security Advisory ALAS-2017-870.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(102544);
      script_version("3.5");
      script_cvs_date("Date: 2019/04/10 16:10:16");
    
      script_cve_id("CVE-2017-11473", "CVE-2017-7533", "CVE-2017-7542", "CVE-2017-8831");
      script_xref(name:"ALAS", value:"2017-870");
    
      script_name(english:"Amazon Linux AMI : kernel (ALAS-2017-870)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux AMI host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Buffer overflow in mp_override_legacy_irq() :
    
    Buffer overflow in the mp_override_legacy_irq() function in
    arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows
    local users to gain privileges via a crafted ACPI table.
    (CVE-2017-11473)
    
    A race between inotify_handle_event() and sys_rename() :
    
    A race condition was found in the Linux kernel, present since
    v3.14-rc1 through v4.12. The race happens between threads of
    inotify_handle_event() and vfs_rename() while running the rename
    operation against the same file. As a result of the race the next slab
    data or the slab's free list pointer can be corrupted with
    attacker-controlled data, which may lead to the privilege escalation.
    (CVE-2017-7533)
    
    Integer overflow in ip6_find_1stfragopt() causes infinite loop :
    
    An integer overflow vulnerability in ip6_find_1stfragopt() function
    was found. A local attacker that has privileges (of CAP_NET_RAW) to
    open raw socket can cause an infinite loop inside the
    ip6_find_1stfragopt() function.(CVE-2017-7542)
    
    Double fetch vulnerability in saa7164_bus_get function The
    saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in
    the Linux kernel through 4.10.14 allows local users to cause a denial
    of service (out-of-bounds array access) or possibly have unspecified
    other impact by changing a certain sequence-number value, aka a
    'double fetch' vulnerability. Please note, the saa7164 driver is not
    enabled in the Amazon Linux AMI kernel (CVE-2017-8831)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/ALAS-2017-870.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update kernel' to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/08/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "A")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"ALA", reference:"kernel-4.9.43-17.38.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-debuginfo-4.9.43-17.38.amzn1")) flag++;
    if (rpm_check(release:"ALA", cpu:"i686", reference:"kernel-debuginfo-common-i686-4.9.43-17.38.amzn1")) flag++;
    if (rpm_check(release:"ALA", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-4.9.43-17.38.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-devel-4.9.43-17.38.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-doc-4.9.43-17.38.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-headers-4.9.43-17.38.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-tools-4.9.43-17.38.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-tools-debuginfo-4.9.43-17.38.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"kernel-tools-devel-4.9.43-17.38.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"perf-4.9.43-17.38.amzn1")) flag++;
    if (rpm_check(release:"ALA", reference:"perf-debuginfo-4.9.43-17.38.amzn1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-891.NASL
    descriptionThe openSUSE Leap 42.2 kernel was updated to 4.4.79 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bnc#1049483). - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021 1.c in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bnc#1049645). - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277). The following non-security bugs were fixed : - acpi / processor: Avoid reserving IO regions too early (bsc#1051478). - af_key: Add lock to key dump (bsc#1047653). - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354). - alsa: fm801: Initialize chip after IRQ handler is registered (bsc#1031717). - alsa: hda - Fix endless loop of codec configure (bsc#1031717). - alsa: hda - set input_path bitmap to zero after moving it to new place (bsc#1031717). - b43: Add missing MODULE_FIRMWARE() (bsc#1037344). - bcache: force trigger gc (bsc#1038078). - bcache: only recovery I/O error for writethrough mode (bsc#1043652). - bdi: Fix use-after-free in wb_congested_put() (bsc#1040307). - blacklist 2400fd822f46 powerpc/asm: Mark cr0 as clobbered in mftb() - blacklist.conf : - blacklist.conf: 1151f838cb62 is high-risk and we
    last seen2020-06-05
    modified2017-08-10
    plugin id102333
    published2017-08-10
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102333
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2017-891)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2017-891.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(102333);
      script_version("3.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-10810", "CVE-2017-11473", "CVE-2017-7533", "CVE-2017-7541", "CVE-2017-7542");
    
      script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2017-891)");
      script_summary(english:"Check for the openSUSE-2017-891 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The openSUSE Leap 42.2 kernel was updated to 4.4.79 to receive various
    security and bugfixes.
    
    The following security bugs were fixed :
    
      - CVE-2017-7542: The ip6_find_1stfragopt function in
        net/ipv6/output_core.c in the Linux kernel allowed local
        users to cause a denial of service (integer overflow and
        infinite loop) by leveraging the ability to open a raw
        socket (bnc#1049882).
    
      - CVE-2017-11473: Buffer overflow in the
        mp_override_legacy_irq() function in
        arch/x86/kernel/acpi/boot.c in the Linux kernel allowed
        local users to gain privileges via a crafted ACPI table
        (bnc#1049603).
    
      - CVE-2017-7533: A bug in inotify code allowed local users
        to escalate privilege (bnc#1049483).
    
      - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in
        drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021
        1.c in the Linux kernel allowed local users to cause a
        denial of service (buffer overflow and system crash) or
        possibly gain privileges via a crafted NL80211_CMD_FRAME
        Netlink packet (bnc#1049645).
    
      - CVE-2017-10810: Memory leak in the
        virtio_gpu_object_create function in
        drivers/gpu/drm/virtio/virtgpu_object.c in the Linux
        kernel allowed attackers to cause a denial of service
        (memory consumption) by triggering object-initialization
        failures (bnc#1047277).
    
    The following non-security bugs were fixed :
    
      - acpi / processor: Avoid reserving IO regions too early
        (bsc#1051478).
    
      - af_key: Add lock to key dump (bsc#1047653).
    
      - af_key: Fix slab-out-of-bounds in pfkey_compile_policy
        (bsc#1047354).
    
      - alsa: fm801: Initialize chip after IRQ handler is
        registered (bsc#1031717).
    
      - alsa: hda - Fix endless loop of codec configure
        (bsc#1031717).
    
      - alsa: hda - set input_path bitmap to zero after moving
        it to new place (bsc#1031717).
    
      - b43: Add missing MODULE_FIRMWARE() (bsc#1037344).
    
      - bcache: force trigger gc (bsc#1038078).
    
      - bcache: only recovery I/O error for writethrough mode
        (bsc#1043652).
    
      - bdi: Fix use-after-free in wb_congested_put()
        (bsc#1040307).
    
      - blacklist 2400fd822f46 powerpc/asm: Mark cr0 as
        clobbered in mftb()
    
      - blacklist.conf :
    
      - blacklist.conf: 1151f838cb62 is high-risk and we're not
        aware of any systems that might need it in SP2.
    
      - blacklist.conf: 8b8642af15ed not a supported driver
    
      - blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061)
    
      - blacklist.conf: add inapplicable commits for wifi
        (bsc#1031717)
    
      - blacklist.conf: add unapplicable/cosmetic iwlwifi fixes
        (bsc#1031717).
    
      - blacklist.conf: add unapplicable drm fixes
        (bsc#1031717).
    
      - blacklist.conf: Blacklist 4e201566402c ('genirq/msi:
        Drop artificial PCI dependency') (bsc#1051478) This
        commit just removes an include and does not fix a real
        issue.
    
      - blacklist.conf: blacklist 7b73305160f1, unneeded cleanup
    
      - blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix
        access_ok() argument type') (bsc#1051478) Fixes only a
        compile-warning.
    
      - blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix
        timeout test in test_nmi_ipi()') It only fixes a
        self-test (bsc#1051478).
    
      - blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog:
        Fix Kconfig help text file path reference to lockup
        watchdog documentation') Updates only kconfig help-text
        (bsc#1051478).
    
      - blacklist.conf: Blacklist e80e7edc55ba ('PCI/MSI:
        Initialize MSI capability for all architectures') This
        only fixes machines not supported by our kernels.
    
      - blacklist.conf: build time cleanup our kernel compiles.
        No need to shut up warnings nobody looks at
    
      - blacklist.conf: cleanup, no bugs fixed
    
      - blacklist.conf: cxgb4 commit does not fit for SP2
    
      - blacklist.conf: da0510c47519fe0999cffe316e1d370e29f952be
        # FRV not applicable to SLE
    
      - blacklist.conf: Do not need 55d728a40d36, we do it
        differently in SLE
    
      - blacklist.conf: kABI breakage This touches struct
        device.
    
      - blacklist.conf: lp8788 is not compiled
    
      - blacklist.conf: unneeded Fixing debug statements on BE
        systems for IrDA
    
      - blkfront: add uevent for size change (bnc#1036632).
    
      - block: Allow bdi re-registration (bsc#1040307).
    
      - block: Fix front merge check (bsc#1051239).
    
      - block: Make del_gendisk() safer for disks without queues
        (bsc#1040307).
    
      - block: Move bdi_unregister() to del_gendisk()
        (bsc#1040307).
    
      - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain
        (bsc#1031717).
    
      - btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items
        (bsc#1028286).
    
      - btrfs: Add WARN_ON for qgroup reserved underflow
        (bsc#1031515).
    
      - btrfs: Do not clear SGID when inheriting ACLs
        (bsc#1030552).
    
      - btrfs: fix lockup in find_free_extent with read-only
        block groups (bsc#1046682).
    
      - btrfs: incremental send, fix invalid path for link
        commands (bsc#1051479).
    
      - btrfs: incremental send, fix invalid path for unlink
        commands (bsc#1051479).
    
      - btrfs: resume qgroup rescan on rw remount (bsc#1047152).
    
      - btrfs: send, fix invalid path after renaming and linking
        file (bsc#1051479).
    
      - cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476).
    
      - crypto: s5p-sss - fix incorrect usage of scatterlists
        api (bsc#1048317).
    
      - cx82310_eth: use skb_cow_head() to deal with cloned skbs
        (bsc# 1045154).
    
      - cxl: Unlock on error in probe (bsc#1034762, Pending SUSE
        Kernel Fixes).
    
      - dentry name snapshots (bsc#1049483).
    
      - dm: fix second blk_delay_queue() parameter to be in msec
        units not (bsc#1047670).
    
      - drivers: hv: Fix the bug in generating the guest ID
        (fate#320485).
    
      - drivers: hv: util: Fix a typo (fate#320485).
    
      - drivers: hv: vmbus: Get the current time from the
        current clocksource (fate#320485, bnc#1044112,
        bnc#1042778, bnc#1029693).
    
      - drivers: hv: vmbus: Increase the time between retries in
        vmbus_post_msg() (fate#320485, bnc#1044112).
    
      - drivers: hv: vmbus: Move the code to signal end of
        message (fate#320485).
    
      - drivers: hv: vmbus: Move the definition of
        generate_guest_id() (fate#320485).
    
      - drivers: hv: vmbus: Move the definition of
        hv_x64_msr_hypercall_contents (fate#320485).
    
      - drivers: hv: vmbus: Restructure the clockevents code
        (fate#320485).
    
      - drm/amdgpu: Fix overflow of watermark calcs at > 4k
        resolutions (bsc#1031717).
    
      - drm/bochs: Implement nomodeset (bsc#1047096).
    
      - drm/i915/fbdev: Stop repeating tile configuration on
        stagnation (bsc#1031717).
    
      - drm/i915: Fix scaler init during CRTC HW state readout
        (bsc#1031717).
    
      - drm/virtio: do not leak bo on drm_gem_object_init
        failure (bsc#1047277).
    
      - drm/vmwgfx: Fix large topology crash (bsc#1048155).
    
      - drm/vmwgfx: Support topology greater than texture size
        (bsc#1048155).
    
      - drop patches; obsoleted by 'scsi: Add
        STARGET_CREATE_REMOVE state'
    
      - efi/libstub: Skip GOP with PIXEL_BLT_ONLY format
        (bnc#974215).
    
      - ext2: Do not clear SGID when inheriting ACLs
        (bsc#1030552).
    
      - ext4: avoid unnecessary stalls in ext4_evict_inode()
        (bsc#1049486).
    
      - ext4: Do not clear SGID when inheriting ACLs
        (bsc#1030552).
    
      - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM
        errors (bsc#1012829).
    
      - Fix kABI breakage by KVM CVE fix (bsc#1045922).
    
      - fs/fcntl: f_setown, avoid undefined behaviour
        (bnc#1006180).
    
      - gcov: add support for gcc version >= 6 (bsc#1051663).
    
      - gcov: support GCC 7.1 (bsc#1051663).
    
      - gfs2: fix flock panic issue (bsc#1012829).
    
      - hrtimer: Catch invalid clockids again (bsc#1047651).
    
      - hrtimer: Revert CLOCK_MONOTONIC_RAW support
        (bsc#1047651).
    
      - hv_utils: drop .getcrosststamp() support from PTP driver
        (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693).
    
      - hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts
        (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693).
    
      - hv_util: switch to using timespec64 (fate#320485).
    
      - i2c: designware-baytrail: fix potential NULL pointer
        dereference on dev (bsc#1011913).
    
      - i40e: add hw struct local variable (bsc#1039915).
    
      - i40e: add private flag to control source pruning
        (bsc#1034075).
    
      - i40e: add VSI info to macaddr messages (bsc#1039915).
    
      - i40e: avoid looping to check whether we're in VLAN mode
        (bsc#1039915).
    
      - i40e: avoid O(n^2) loop when deleting all filters
        (bsc#1039915).
    
      - i40e: delete filter after adding its replacement when
        converting (bsc#1039915).
    
      - i40e: do not add broadcast filter for VFs (bsc#1039915).
    
      - i40e: do not allow i40e_vsi_(add|kill)_vlan to operate
        when VID<1 (bsc#1039915).
    
      - i40e: drop is_vf and is_netdev fields in struct
        i40e_mac_filter (bsc#1039915).
    
      - i40e: enable VSI broadcast promiscuous mode instead of
        adding broadcast filter (bsc#1039915).
    
      - i40e: factor out addition/deletion of VLAN per each MAC
        address (bsc#1039915).
    
      - i40e: fix MAC filters when removing VLANs (bsc#1039915).
    
      - i40e: fold the i40e_is_vsi_in_vlan check into
        i40e_put_mac_in_vlan (bsc#1039915).
    
      - i40e: implement __i40e_del_filter and use where
        applicable (bsc#1039915).
    
      - i40e: make use of __dev_uc_sync and __dev_mc_sync
        (bsc#1039915).
    
      - i40e: move all updates for VLAN mode into
        i40e_sync_vsi_filters (bsc#1039915).
    
      - i40e: move i40e_put_mac_in_vlan and
        i40e_del_mac_all_vlan (bsc#1039915).
    
      - i40e: no need to check is_vsi_in_vlan before calling
        i40e_del_mac_all_vlan (bsc#1039915).
    
      - i40e: properly cleanup on allocation failure in
        i40e_sync_vsi_filters (bsc#1039915).
    
      - i40e: recalculate vsi->active_filters from hash contents
        (bsc#1039915).
    
      - i40e: refactor i40e_put_mac_in_vlan to avoid changing
        f->vlan (bsc#1039915).
    
      - i40e: refactor i40e_update_filter_state to avoid passing
        aq_err (bsc#1039915).
    
      - i40e: refactor Rx filter handling (bsc#1039915).
    
      - i40e: Removal of workaround for simple MAC address
        filter deletion (bsc#1039915).
    
      - i40e: remove code to handle dev_addr specially
        (bsc#1039915).
    
      - i40e: removed unreachable code (bsc#1039915).
    
      - i40e: remove duplicate add/delete adminq command code
        for filters (bsc#1039915).
    
      - i40e: remove second check of VLAN_N_VID in
        i40e_vlan_rx_add_vid (bsc#1039915).
    
      - i40e: rename i40e_put_mac_in_vlan and
        i40e_del_mac_all_vlan (bsc#1039915).
    
      - i40e: restore workaround for removing default MAC filter
        (bsc#1039915).
    
      - i40e: set broadcast promiscuous mode for each active
        VLAN (bsc#1039915).
    
      - i40e: store MAC/VLAN filters in a hash with the MAC
        Address as key (bsc#1039915).
    
      - i40e: use (add|rm)_vlan_all_mac helper functions when
        changing PVID (bsc#1039915).
    
      - i40e: when adding or removing MAC filters, correctly
        handle VLANs (bsc#1039915).
    
      - i40e: When searching all MAC/VLAN filters, ignore
        removed filters (bsc#1039915).
    
      - i40e: write HENA for VFs (bsc#1039915).
    
      - iio: hid-sensor: fix return of -EINVAL on invalid values
        in ret or value (bsc#1031717).
    
      - Input: gpio-keys - fix check for disabling unsupported
        keys (bsc#1031717).
    
      - introduce the walk_process_tree() helper (bnc#1022476).
    
      - ipv4: Should use consistent conditional judgement for ip
        fragment in __ip_append_data and ip_finish_output
        (bsc#1041958).
    
      - ipv6: Should use consistent conditional judgement for
        ip6 fragment between __ip6_append_data and
        ip6_finish_output (bsc#1041958).
    
      - iwlwifi: mvm: compare full command ID (FATE#321353,
        FATE#323335).
    
      - iwlwifi: mvm: reset the fw_dump_desc pointer after
        ASSERT (bsc#1031717).
    
      - iwlwifi: mvm: synchronize firmware DMA paging memory
        (FATE#321353, FATE#323335).
    
      - iwlwifi: mvm: unconditionally stop device after init
        (bsc#1031717).
    
      - iwlwifi: mvm: unmap the paging memory before freeing it
        (FATE#321353, FATE#323335).
    
      - iwlwifi: pcie: fix command completion name debug
        (bsc#1031717).
    
      - kABI-fix for 'x86/panic: replace smp_send_stop() with
        kdump friendly version in panic path' (bsc#1051478).
    
      - kABI: protect lwtunnel include in ip6_route.h (kabi).
    
      - kABI: protect struct iscsi_tpg_attrib (kabi).
    
      - kABI: protect struct tpm_chip (kabi).
    
      - kABI: protect struct xfrm_dst (kabi).
    
      - kABI: protect struct xfrm_dst (kabi).
    
      - kvm: nVMX: fix msr bitmaps to prevent L2 from accessing
        L0 x2APIC (bsc#1051478).
    
      - kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls
        (bsc#1051478).
    
      - kvm: nVMX: Fix nested VPID vmx exec control
        (bsc#1051478).
    
      - kvm: x86: avoid simultaneous queueing of both IRQ and
        SMI (bsc#1051478).
    
      - mac80211_hwsim: Replace bogus hrtimer clockid
        (bsc#1047651).
    
      - md: fix sleep in atomic (bsc#1040351).
    
      - mm: adaptive hash table scaling (bnc#1036303).
    
      - mm-adaptive-hash-table-scaling-v5 (bnc#1036303).
    
      - mm: call page_ext_init() after all struct pages are
        initialized (VM Debugging Functionality, bsc#1047048).
    
      - mm: drop HASH_ADAPT (bnc#1036303).
    
      - mm: fix classzone_idx underflow in shrink_zones() (VM
        Functionality, bsc#1042314).
    
      - mm: make PR_SET_THP_DISABLE immediately active
        (bnc#1048891).
    
      - More Git-commit header fixups No functional change
        intended.
    
      - mwifiex: do not update MCS set from hostapd
        (bsc#1031717).
    
      - net: account for current skb length when deciding about
        UFO (bsc#1041958).
    
      - net: ena: add hardware hints capability to the driver
        (bsc#1047121).
    
      - net: ena: add missing return when
        ena_com_get_io_handlers() fails (bsc#1047121).
    
      - net: ena: add missing unmap bars on device removal
        (bsc#1047121).
    
      - net: ena: add reset reason for each device FLR
        (bsc#1047121).
    
      - net: ena: add support for out of order rx buffers refill
        (bsc#1047121).
    
      - net: ena: allow the driver to work with small number of
        msix vectors (bsc#1047121).
    
      - net: ena: bug fix in lost tx packets detection mechanism
        (bsc#1047121).
    
      - net: ena: change return value for unsupported features
        unsupported return value (bsc#1047121).
    
      - net: ena: change sizeof() argument to be the type
        pointer (bsc#1047121).
    
      - net: ena: disable admin msix while working in polling
        mode (bsc#1047121).
    
      - net: ena: fix bug that might cause hang after
        consecutive open/close interface (bsc#1047121).
    
      - net: ena: fix race condition between submit and
        completion admin command (bsc#1047121).
    
      - net: ena: fix rare uncompleted admin command false alarm
        (bsc#1047121).
    
      - net: ena: fix theoretical Rx hang on low memory systems
        (bsc#1047121).
    
      - net: ena: separate skb allocation to dedicated function
        (bsc#1047121).
    
      - net: ena: update driver's rx drop statistics
        (bsc#1047121).
    
      - net: ena: update ena driver to version 1.1.7
        (bsc#1047121).
    
      - net: ena: update ena driver to version 1.2.0
        (bsc#1047121).
    
      - net: ena: use lower_32_bits()/upper_32_bits() to split
        dma address (bsc#1047121).
    
      - net: ena: use napi_schedule_irqoff when possible
        (bsc#1047121).
    
      - net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in
        napi_frags_finish() (bsc#1042286).
    
      - net/mlx5: Fix driver load error flow when firmware is
        stuck (git-fixes).
    
      - net: phy: Do not perform software reset for Generic PHY
        (bsc#1042286).
    
      - nfs: Cache aggressively when file is open for writing
        (bsc#1033587).
    
      - nfs: Do not flush caches for a getattr that races with
        writeback (bsc#1033587).
    
      - nfs: invalidate file size when taking a lock
        (git-fixes).
    
      - nfs: only invalidate dentrys that are clearly invalid
        (bsc#1047118).
    
      - ocfs2: Do not clear SGID when inheriting ACLs
        (bsc#1030552).
    
      - ocfs2: fix deadlock caused by recursive locking in xattr
        (bsc#1012829).
    
      - ocfs2: Make ocfs2_set_acl() static (bsc#1030552).
    
      - pci: Add Mellanox device IDs (bsc#1051478).
    
      - pci: Convert Mellanox broken INTx quirks to be for
        listed devices only (bsc#1051478).
    
      - pci: Correct PCI_STD_RESOURCE_END usage (bsc#1051478).
    
      - pci: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and
        IRQSTATUS_MAIN (bsc#1051478).
    
      - pci: dwc: Fix uninitialized variable in
        dw_handle_msi_irq() (bsc#1051478).
    
      - pci: Enable ECRC only if device supports it
        (bsc#1051478).
    
      - PCI / PM: Fix native PME handling during system
        suspend/resume (bsc#1051478).
    
      - pci: Support INTx masking on ConnectX-4 with firmware
        x.14.1100+ (bsc#1051478).
    
      - perf/x86: Fix spurious NMI with PEBS Load Latency event
        (bsc#1051478).
    
      - perf/x86/intel: Cure bogus unwind from PEBS entries
        (bsc#1051478).
    
      - perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478).
    
      - platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to
        no_hw_rfkill (bsc#1051022).
    
      - platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to
        no_hw_rfkill (bsc#1051022).
    
      - platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to
        no_hw_rfkill (bsc#1051022).
    
      - platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB
        to no_hw_rfkill dmi list (bsc#1051022).
    
      - platform/x86: ideapad-laptop: Add several models to
        no_hw_rfkill (bsc#1051022).
    
      - platform/x86: ideapad-laptop: Add Y520-15IKBN to
        no_hw_rfkill (bsc#1051022).
    
      - platform/x86: ideapad-laptop: Add Y700 15-ACZ to
        no_hw_rfkill DMI list (bsc#1051022).
    
      - platform/x86: ideapad-laptop: Add Y720-15IKBN to
        no_hw_rfkill (bsc#1051022).
    
      - Pm / Hibernate: Fix scheduling while atomic during
        hibernation (bsc#1051059).
    
      - prctl: propagate has_child_subreaper flag to every
        descendant (bnc#1022476).
    
      - README.BRANCH: Add Oliver as openSUSE-42.2 branch
        co-maintainer
    
      - Refresh
        patches.kabi/Fix-kABI-breakage-by-KVM-CVE-fix.patch. Fix
        a stupid bug where the VCPU_REGS_TF shift was used as a
        mask.
    
      - reiserfs: Do not clear SGID when inheriting ACLs
        (bsc#1030552).
    
      - Revert 'ACPI / video: Add force_native quirk for HP
        Pavilion dv6' (bsc#1031717).
    
      - Revert 'Add 'shutdown' to 'struct class'.' (kabi).
    
      - Revert 'kvm: x86: fix emulation of RSM and IRET
        instructions' (kabi).
    
      - Revert 'mm/list_lru.c: fix list_lru_count_node() to be
        race free' (kabi).
    
      - Revert 'powerpc/numa: Fix percpu allocations to be NUMA
        aware' (bsc#1048914).
    
      - Revert 'tpm: Issue a TPM2_Shutdown for TPM2 devices.'
        (kabi).
    
      - rpm/kernel-binary.spec.in: find-debuginfo.sh should not
        touch build-id This needs rpm-4.14+ (bsc#964063).
    
      - sched/core: Allow __sched_setscheduler() in interrupts
        when PI is not used (bnc#1022476).
    
      - sched/debug: Print the scheduler topology group mask
        (bnc#1022476).
    
      - sched/fair, cpumask: Export for_each_cpu_wrap()
        (bnc#1022476).
    
      - sched/fair: Fix O(nr_cgroups) in load balance path
        (bnc#1022476).
    
      - sched/fair: Use task_groups instead of leaf_cfs_rq_list
        to walk all cfs_rqs (bnc#1022476).
    
      - sched/topology: Add sched_group_capacity debugging
        (bnc#1022476).
    
      - sched/topology: Fix building of overlapping sched-groups
        (bnc#1022476).
    
      - sched/topology: Fix overlapping sched_group_capacity
        (bnc#1022476).
    
      - sched/topology: Move comment about asymmetric node
        setups (bnc#1022476).
    
      - sched/topology: Refactor function
        build_overlap_sched_groups() (bnc#1022476).
    
      - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476).
    
      - sched/topology: Simplify build_overlap_sched_groups()
        (bnc#1022476).
    
      - sched/topology: Small cleanup (bnc#1022476).
    
      - sched/topology: Verify the first group matches the child
        domain (bnc#1022476).
    
      - scsi: Add STARGET_CREATE_REMOVE state to
        scsi_target_state (bsc#1013887).
    
      - scsi: bnx2i: missing error code in bnx2i_ep_connect()
        (bsc#1048221).
    
      - scsi: kABI fix for new state STARGET_CREATED_REMOVE
        (bsc#1013887).
    
      - scsi: storvsc: Workaround for virtual DVD SCSI version
        (fate#320485, bnc#1044636).
    
      - smsc75xx: use skb_cow_head() to deal with cloned skbs
        (bsc#1045154).
    
      - sr9700: use skb_cow_head() to deal with cloned skbs
        (bsc#1045154).
    
      - sysctl: do not print negative flag for proc_douintvec
        (bnc#1046985).
    
      - timers: Plug locking race vs. timer migration
        (bnc#1022476).
    
      - udf: Fix deadlock between writeback and udf_setsize()
        (bsc#1012829).
    
      - udf: Fix races with i_size changes during readpage
        (bsc#1012829).
    
      - x86/LDT: Print the real LDT base address (bsc#1051478).
    
      - x86/mce: Make timer handling more robust (bsc#1042422).
    
      - x86/panic: replace smp_send_stop() with kdump friendly
        version in panic path (bsc#1051478).
    
      - xen: allocate page for shared info page from low memory
        (bnc#1038616).
    
      - xen/balloon: do not online new memory initially
        (bnc#1028173).
    
      - xen: hold lock_device_hotplug throughout vcpu hotplug
        operations (bsc#1042422).
    
      - xen-netfront: Rework the fix for Rx stall during OOM and
        network stress (git-fixes).
    
      - xen/pvh*: Support > 32 VCPUs at domain restore
        (bnc#1045563).
    
      - xfrm: NULL dereference on allocation failure
        (bsc#1047343).
    
      - xfrm: Oops on error in pfkey_msg2xfrm_state()
        (bsc#1047653).
    
      - xfs: do not BUG() on mixed direct and mapped I/O
        (bsc#1050188).
    
      - xfs: Do not clear SGID when inheriting ACLs
        (bsc#1030552)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1006180"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1011913"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012829"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1013887"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1022476"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1028173"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1028286"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1029693"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1030552"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1031515"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1031717"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1033587"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1034075"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1034762"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1036303"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1036632"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1037344"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1038078"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1038616"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1039915"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1040307"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1040351"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1041958"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1042286"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1042314"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1042422"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1042778"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1043652"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1044112"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1044636"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1045154"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1045563"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1045922"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1046682"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1046985"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047048"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047096"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047118"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047121"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047152"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047277"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047343"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047354"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047651"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047653"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047670"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048155"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048221"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048317"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048891"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048914"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049483"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049486"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049603"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049882"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1050061"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1050188"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051022"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051059"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051239"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051478"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051479"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051663"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=964063"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=974215"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected the Linux Kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-pdf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/08/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/10");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-base-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-base-debuginfo-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-debuginfo-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-debugsource-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-devel-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-devel-debuginfo-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-base-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-base-debuginfo-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-debuginfo-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-debugsource-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-devel-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-devel-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-docs-html-4.4.79-18.23.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-docs-pdf-4.4.79-18.23.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-macros-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-obs-build-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-obs-build-debugsource-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-obs-qa-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-source-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-source-vanilla-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-syms-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-base-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-base-debuginfo-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-debuginfo-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-debugsource-4.4.79-18.23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-devel-4.4.79-18.23.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-docs-html / kernel-docs-pdf / kernel-devel / kernel-macros / etc");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0015.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0015 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id106469
    published2018-01-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106469
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0015) (BlueBorne) (Meltdown) (Spectre) (Stack Clash)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2018-0015.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106469);
      script_version("1.8");
      script_cvs_date("Date: 2019/09/27 13:00:35");
    
      script_cve_id("CVE-2016-10044", "CVE-2016-10200", "CVE-2016-10229", "CVE-2016-6213", "CVE-2016-9604", "CVE-2017-1000111", "CVE-2017-1000251", "CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-1000407", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-12134", "CVE-2017-2671", "CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-7273", "CVE-2017-7308", "CVE-2017-7533", "CVE-2017-7645", "CVE-2017-7895", "CVE-2017-8797", "CVE-2017-8890", "CVE-2017-9059", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9077", "CVE-2017-9242");
      script_xref(name:"IAVA", value:"2018-A-0019");
      script_xref(name:"IAVA", value:"2018-A-0020");
    
      script_name(english:"OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0015) (BlueBorne) (Meltdown) (Spectre) (Stack Clash)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates : please see Oracle VM Security Advisory
    OVMSA-2018-0015 for details."
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2018-January/000826.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?81fd788e"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel-uek / kernel-uek-firmware packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'AF_PACKET packet_set_ring Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/01/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/30");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.4" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.4", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.4", reference:"kernel-uek-4.1.12-61.63.1.el6uek")) flag++;
    if (rpm_check(release:"OVS3.4", reference:"kernel-uek-firmware-4.1.12-61.63.1.el6uek")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-uek / kernel-uek-firmware");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0173.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - tty: Fix race in pty_write leading to NULL deref (Todd Vierling) - ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) [Orabug: 26479780] - KEYS: fix dereferencing NULL payload with nonzero length (Eric Biggers) [Orabug: 26592025] - oracleasm: Copy the integrity descriptor (Martin K. Petersen) - mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug: 26675925] (CVE-2017-7889) - xscore: add dma address check (Zhu Yanjun) [Orabug: 27058468] - more bio_map_user_iov leak fixes (Al Viro) [Orabug: 27069042] (CVE-2017-12190) - fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069042] (CVE-2017-12190) - nvme: Drop nvmeq->q_lock before dma_pool_alloc, so as to prevent hard lockups (Aruna Ramakrishna) [Orabug: 25409587] - nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600] - char: lp: fix possible integer overflow in lp_setup (Willy Tarreau) [Orabug: 26403940] (CVE-2017-1000363) - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380) - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380) - ALSA: timer: fix NULL pointer dereference in read/ioctl race (Vegard Nossum) [Orabug: 26403956] (CVE-2017-1000380) - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380) - ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380) - ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380) - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404005] (CVE-2017-9077) - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26427126] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26427126] - ping: implement proper locking (Eric Dumazet) [Orabug: 26540286] (CVE-2017-2671) - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598] (CVE-2016-10044) - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643598] (CVE-2016-10044) - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643598] (CVE-2016-10044) - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643645] (CVE-2017-11473) - sctp: do not inherit ipv6_[mc|ac|fl]_list from parent (Eric Dumazet) [Orabug: 26650883] (CVE-2017-9075) - [media] saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675142] (CVE-2017-8831) - [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675142] (CVE-2017-8831) - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797306] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899787] (CVE-2017-10661) - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn
    last seen2020-06-05
    modified2017-12-11
    plugin id105147
    published2017-12-11
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105147
    titleOracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0173) (BlueBorne) (Stack Clash)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1498.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer overflow vulnerability was found in the ring_buffer_resize() calculations in which a privileged user can adjust the size of the ringbuffer message size. These calculations can create an issue where the kernel memory allocator will not allocate the correct count of pages yet expect them to be usable. This can lead to the ftrace() output to appear to corrupt kernel memory and possibly be used for privileged escalation or more likely kernel panic.(CVE-2016-9754) - A flaw was found in the Linux kernel
    last seen2020-06-12
    modified2019-05-13
    plugin id124821
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124821
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1498)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2017-0028_LINUX.NASL
    descriptionAn update of the linux package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121722
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121722
    titlePhoton OS 1.0: Linux PHSA-2017-0028
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2869-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.90 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038). - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277). - CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table (bnc#1049580). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 bnc#1053919). - CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410). - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel did not ensure that the
    last seen2020-06-01
    modified2020-06-02
    plugin id104253
    published2017-10-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104253
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2869-1) (KRACK)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2389-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-7482: Several missing length checks ticket decode allowing for information leak or potentially code execution (bsc#1046107). - CVE-2016-10277: Potential privilege escalation due to a missing bounds check in the lp driver. A kernel command-line adversary can overflow the parport_nr array to execute code (bsc#1039456). - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bsc#1049882). - CVE-2017-7533: Bug in inotify code allowing privilege escalation (bsc#1049483). - CVE-2017-11176: The mq_notify function in the Linux kernel did not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allowed attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact (bsc#1048275). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-1000365: The Linux Kernel imposed a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation. (bnc#1039354) - CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c (bnc#1032340) - CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow (bnc#1038982). - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling (bnc#1038981). - CVE-2017-1000380: sound/core/timer.c was vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents could have bene disclosed when a read and an ioctl happen at the same time (bnc#1044125) - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c was too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431) - CVE-2017-1000363: A buffer overflow in kernel commandline handling of the
    last seen2020-06-01
    modified2020-06-02
    plugin id103110
    published2017-09-11
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103110
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2017:2389-1) (Stack Clash)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3637.NASL
    descriptionDescription of changes: [2.6.39-400.297.12.el6uek] - xsigo: [backport] Fix race in freeing aged Forwarding tables (Pradeep Gopanapalli) [Orabug: 24823234] - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 25671723] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 25671723] - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308} - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308} - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403941] {CVE-2017-1000363} - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403974] {CVE-2017-9074} - ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403974] {CVE-2017-9074} - ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403974] {CVE-2017-9074} - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404007] {CVE-2017-9077} - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643601] {CVE-2016-10044} - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643601] {CVE-2016-10044} - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643601] {CVE-2016-10044} - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643652] {CVE-2017-11473} - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650889] {CVE-2017-9075} - saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675148] {CVE-2017-8831} - saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675148] {CVE-2017-8831} - saa7164: get rid of warning: no previous prototype (Mauro Carvalho Chehab) [Orabug: 26675148] {CVE-2017-8831} - [scsi] lpfc 8.3.44: Fix kernel panics from corrupted ndlp (James Smart) [Orabug: 26765341] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899791] {CVE-2017-10661} - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id104371
    published2017-11-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104371
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3637)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1159.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.(CVE-2017-11176) - The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/ cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet.(CVE-2017-7541) - The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.(CVE-2017-7542) - Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table.(CVE-2017-11473) - net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message.(CVE-2017-11600) - It was discovered that root can gain direct access to an internal keyring, such as
    last seen2020-05-06
    modified2017-09-08
    plugin id102997
    published2017-09-08
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102997
    titleEulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1159)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0168.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - nvme: Drop nvmeq->q_lock before dma_pool_alloc, so as to prevent hard lockups (Aruna Ramakrishna) [Orabug: 25409587] - nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600] - char: lp: fix possible integer overflow in lp_setup (Willy Tarreau) [Orabug: 26403940] (CVE-2017-1000363) - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380) - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380) - ALSA: timer: fix NULL pointer dereference in read/ioctl race (Vegard Nossum) [Orabug: 26403956] (CVE-2017-1000380) - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380) - ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380) - ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380) - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404005] (CVE-2017-9077) - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26427126] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26427126] - ping: implement proper locking (Eric Dumazet) [Orabug: 26540286] (CVE-2017-2671) - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598] (CVE-2016-10044) - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643598] (CVE-2016-10044) - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643598] (CVE-2016-10044) - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643645] (CVE-2017-11473) - sctp: do not inherit ipv6_[mc|ac|fl]_list from parent (Eric Dumazet) [Orabug: 26650883] (CVE-2017-9075) - [media] saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675142] (CVE-2017-8831) - [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675142] (CVE-2017-8831) - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797306] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899787] (CVE-2017-10661) - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id104454
    published2017-11-08
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104454
    titleOracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0168)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3659.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-05
    modified2017-12-14
    plugin id105247
    published2017-12-14
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105247
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3659) (BlueBorne) (Dirty COW) (Stack Clash)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-0654.NASL
    descriptionAn update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-alt packages provide the Linux kernel version 4.x. The following packages have been upgraded to a later upstream version: kernel-alt (4.14.0). (BZ#1492717) Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor
    last seen2020-06-01
    modified2020-06-02
    plugin id108942
    published2018-04-10
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108942
    titleRHEL 7 : kernel-alt (RHSA-2018:0654)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-890.NASL
    descriptionThe openSUSE Leap 42.3 kernel was updated to 4.4.79 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bnc#1049483). - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021 1.c in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bnc#1049645). The following non-security bugs were fixed : - ACPI / processor: Avoid reserving IO regions too early (bsc#1051478). - ALSA: fm801: Initialize chip after IRQ handler is registered (bsc#1031717). - Added sbitmap patch to blacklist.conf Add a patch
    last seen2020-06-05
    modified2017-08-10
    plugin id102332
    published2017-08-10
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102332
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2017-890)

Redhat

advisories
rhsa
idRHSA-2018:0654
rpms
  • kernel-0:4.14.0-49.el7a
  • kernel-abi-whitelists-0:4.14.0-49.el7a
  • kernel-bootwrapper-0:4.14.0-49.el7a
  • kernel-debug-0:4.14.0-49.el7a
  • kernel-debug-debuginfo-0:4.14.0-49.el7a
  • kernel-debug-devel-0:4.14.0-49.el7a
  • kernel-debuginfo-0:4.14.0-49.el7a
  • kernel-debuginfo-common-aarch64-0:4.14.0-49.el7a
  • kernel-debuginfo-common-ppc64le-0:4.14.0-49.el7a
  • kernel-debuginfo-common-s390x-0:4.14.0-49.el7a
  • kernel-debuginfo-common-x86_64-0:4.14.0-49.el7a
  • kernel-devel-0:4.14.0-49.el7a
  • kernel-doc-0:4.14.0-49.el7a
  • kernel-headers-0:4.14.0-49.el7a
  • kernel-kdump-0:4.14.0-49.el7a
  • kernel-kdump-debuginfo-0:4.14.0-49.el7a
  • kernel-kdump-devel-0:4.14.0-49.el7a
  • kernel-tools-0:4.14.0-49.el7a
  • kernel-tools-debuginfo-0:4.14.0-49.el7a
  • kernel-tools-libs-0:4.14.0-49.el7a
  • kernel-tools-libs-devel-0:4.14.0-49.el7a
  • perf-0:4.14.0-49.el7a
  • perf-debuginfo-0:4.14.0-49.el7a
  • python-perf-0:4.14.0-49.el7a
  • python-perf-debuginfo-0:4.14.0-49.el7a