Vulnerabilities > CVE-2017-12134 - Incorrect Calculation vulnerability in multiple products

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
xen
citrix
CWE-682
nessus

Summary

The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Attack through Shared Data
    An attacker exploits a data structure shared between multiple applications or an application pool to affect application behavior. Data may be shared between multiple applications or between multiple threads of a single application. Data sharing is usually accomplished through mutual access to a single memory location. If an attacker can manipulate this shared data (usually by co-opting one of the applications or threads) the other applications or threads using the shared data will often continue to trust the validity of the compromised shared data and use it in their calculations. This can result in invalid trust assumptions, corruption of additional data through the normal operations of the other users of the shared data, or even cause a crash or compromise of the sharing applications.
  • Integer Attacks
    An attacker takes advantage of the structure of integer variables to cause these variables to assume values that are not expected by an application. For example, adding one to the largest positive integer in a signed integer variable results in a negative number. Negative numbers may be illegal in an application and the application may prevent an attacker from providing them directly, but the application may not consider that adding two positive numbers can create a negative number do to the structure of integer storage formats.
  • Pointer Attack
    This attack involves an attacker manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1062.NASL
    descriptionThe openSUSE Leap 42.2 kernel was updated to 4.4.87 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bnc#1057389). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table (bnc#1049580). - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 1053919). The following non-security bugs were fixed : - acpi / scan: Prefer devices without _HID for _ADR matching (git-fixes). - alsa: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978) (bsc#1020657). - alsa: hda - Implement mic-mute LED mode enum (bsc#1055013). - alsa: hda/realtek - Add support headphone Mic for ALC221 of HP platform (bsc#1024405). - alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934). - alsa: usb-audio: Apply sample rate quirk to Sennheiser headset (bsc#1052580). - Add
    last seen2020-06-05
    modified2017-09-18
    plugin id103287
    published2017-09-18
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103287
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2017-1062) (BlueBorne)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2017-1062.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(103287);
      script_version("3.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-1000251", "CVE-2017-11472", "CVE-2017-12134", "CVE-2017-14051", "CVE-2017-14106");
    
      script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2017-1062) (BlueBorne)");
      script_summary(english:"Check for the openSUSE-2017-1062 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The openSUSE Leap 42.2 kernel was updated to 4.4.87 to receive various
    security and bugfixes.
    
    The following security bugs were fixed :
    
      - CVE-2017-1000251: The native Bluetooth stack in the
        Linux Kernel (BlueZ) was vulnerable to a stack overflow
        vulnerability in the processing of L2CAP configuration
        responses resulting in Remote code execution in kernel
        space (bnc#1057389).
    
      - CVE-2017-14106: The tcp_disconnect function in
        net/ipv4/tcp.c in the Linux kernel allowed local users
        to cause a denial of service (__tcp_select_window
        divide-by-zero error and system crash) by triggering a
        disconnect within a certain tcp_recvmsg code path
        (bnc#1056982).
    
      - CVE-2017-11472: The acpi_ns_terminate() function in
        drivers/acpi/acpica/nsutils.c in the Linux kernel did
        not flush the operand cache and causes a kernel stack
        dump, which allowed local users to obtain sensitive
        information from kernel memory and bypass the KASLR
        protection mechanism (in the kernel through 4.9) via a
        crafted ACPI table (bnc#1049580).
    
      - CVE-2017-14051: An integer overflow in the
        qla2x00_sysfs_write_optrom_ctl function in
        drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel
        allowed local users to cause a denial of service (memory
        corruption and system crash) by leveraging root access
        (bnc#1056588).
    
      - CVE-2017-12134: The xen_biovec_phys_mergeable function
        in drivers/xen/biomerge.c in Xen might allow local OS
        guest users to corrupt block device data streams and
        consequently obtain sensitive memory information, cause
        a denial of service, or gain host OS privileges by
        leveraging incorrect block IO merge-ability calculation
        (bnc#1051790 1053919).
    
    The following non-security bugs were fixed :
    
      - acpi / scan: Prefer devices without _HID for _ADR
        matching (git-fixes).
    
      - alsa: hda - Add stereo mic quirk for Lenovo G50-70
        (17aa:3978) (bsc#1020657).
    
      - alsa: hda - Implement mic-mute LED mode enum
        (bsc#1055013).
    
      - alsa: hda/realtek - Add support headphone Mic for ALC221
        of HP platform (bsc#1024405).
    
      - alsa: ice1712: Add support for STAudio ADCIII
        (bsc#1048934).
    
      - alsa: usb-audio: Apply sample rate quirk to Sennheiser
        headset (bsc#1052580).
    
      - Add 'shutdown' to 'struct class' (bsc#1053117).
    
      - bluetooth: bnep: fix possible might sleep error in
        bnep_session (bsc#1031784).
    
      - bluetooth: cmtp: fix possible might sleep error in
        cmtp_session (bsc#1031784).
    
      - btrfs: fix early ENOSPC due to delalloc (bsc#1049226).
    
      - nfs: flush data when locking a file to ensure cache
        coherence for mmap (bsc#981309).
    
      - Revert '/proc/iomem: only expose physical resource
        addresses to privileged users' (kabi).
    
      - Revert 'Make file credentials available to the seqfile
        interfaces' (kabi).
    
      - usb: core: fix device node leak (bsc#1047487).
    
      - Update
        patches.drivers/tpm-141-fix-RC-value-check-in-tpm2_seal_
        trusted.patch (bsc#1020645, fate#321435, fate#321507,
        fate#321600, bsc#1034048, git-fixes 5ca4c20cfd37).
    
      - bnxt: add a missing rcu synchronization (bnc#1038583).
    
      - bnxt: do not busy-poll when link is down (bnc#1038583).
    
      - bnxt_en: Enable MRU enables bit when configuring VNIC
        MRU (bnc#1038583).
    
      - bnxt_en: Fix 'uninitialized variable' bug in TPA code
        path (bnc#1038583).
    
      - bnxt_en: Fix NULL pointer dereference in a failure path
        during open (bnc#1038583).
    
      - bnxt_en: Fix NULL pointer dereference in reopen failure
        path (bnc#1038583).
    
      - bnxt_en: Fix TX push operation on ARM64 (bnc#1038583).
    
      - bnxt_en: Fix VF virtual link state (bnc#1038583).
    
      - bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583).
    
      - bnxt_en: Fix and clarify link_info->advertising
        (bnc#1038583).
    
      - bnxt_en: Fix ring arithmetic in bnxt_setup_tc()
        (bnc#1038583).
    
      - bnxt_en: Pad TX packets below 52 bytes (bnc#1038583).
    
      - bnxt_en: Refactor TPA code path (bnc#1038583).
    
      - bnxt_en: fix pci cleanup in bnxt_init_one() failure path
        (bnc#1038583).
    
      - bnxt_en: initialize rc to zero to avoid returning
        garbage (bnc#1038583).
    
      - ceph: fix readpage from fscache (bsc#1057015).
    
      - cxgb4: Fix stack out-of-bounds read due to wrong size to
        t4_record_mbox() (bsc#1021424 bsc#1022743).
    
      - drivers: net: xgene: Fix wrong logical operation
        (bsc#1056827).
    
      - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K
        (bsc#1048155).
    
      - fuse: initialize the flock flag in fuse_file on
        allocation (git-fixes).
    
      - gfs2: Do not clear SGID when inheriting ACLs
        (bsc#1012829).
    
      - ibmvnic: Clean up resources on probe failure
        (fate#323285, bsc#1058116).
    
      - iwlwifi: missing error code in iwl_trans_pcie_alloc()
        (bsc#1031717).
    
      - iwlwifi: mvm: do not send CTDP commands via debugfs if
        not supported (bsc#1031717).
    
      - kernel/*: switch to memdup_user_nul() (bsc#1048893).
    
      - lib: test_rhashtable: Fix KASAN warning (bsc#1055359).
    
      - lib: test_rhashtable: fix for large entry counts
        (bsc#1055359).
    
      - lightnvm: remove unused rq parameter of
        nvme_nvm_rqtocmd() to kill warning (FATE#319466).
    
      - md/raid5: fix a race condition in stripe batch
        (linux-stable).
    
      - mm, madvise: ensure poisoned pages are removed from
        per-cpu lists (VM hw poison -- git fixes).
    
      - mm/page_alloc.c: apply gfp_allowed_mask before the first
        allocation attempt (bnc#971975 VM -- git fixes).
    
      - mptsas: Fixup device hotplug for VMware ESXi
        (bsc#1030850).
    
      - netfilter: fix IS_ERR_VALUE usage (bsc#1052888).
    
      - netfilter: x_tables: pack percpu counter allocations
        (bsc#1052888).
    
      - netfilter: x_tables: pass xt_counters struct instead of
        packet counter (bsc#1052888).
    
      - netfilter: x_tables: pass xt_counters struct to counter
        allocator (bsc#1052888).
    
      - new helper: memdup_user_nul() (bsc#1048893).
    
      - of: fix '/cpus' reference leak in
        of_numa_parse_cpu_nodes() (bsc#1056827).
    
      - ovl: fix dentry leak for default_permissions
        (bsc#1054084).
    
      - percpu_ref: allow operation mode switching operations to
        be called concurrently (bsc#1055096).
    
      - percpu_ref: remove unnecessary RCU grace period for
        staggered atomic switching confirmation (bsc#1055096).
    
      - percpu_ref: reorganize __percpu_ref_switch_to_atomic()
        and relocate percpu_ref_switch_to_atomic()
        (bsc#1055096).
    
      - percpu_ref: restructure operation mode switching
        (bsc#1055096).
    
      - percpu_ref: unify staggered atomic switching wait
        behavior (bsc#1055096).
    
      - rtnetlink: fix rtnl_vfinfo_size (bsc#1056261).
    
      - s390: export symbols for crash-kmp (bsc#1053915).
    
      - supported.conf: clear mistaken external support flag for
        cifs.ko (bsc#1053802).
    
      - sysctl: fix lax sysctl_check_table() sanity check
        (bsc#1048893).
    
      - sysctl: fold sysctl_writes_strict checks into helper
        (bsc#1048893).
    
      - sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893).
    
      - sysctl: simplify unsigned int support (bsc#1048893).
    
      - tpm: Issue a TPM2_Shutdown for TPM2 devices
        (bsc#1053117).
    
      - tpm: KABI fix (bsc#1053117).
    
      - tpm: fix: return rc when devm_add_action() fails
        (bsc#1020645, fate#321435, fate#321507, fate#321600,
        bsc#1034048, git-fixes 8e0ee3c9faed).
    
      - tpm: read burstcount from TPM_STS in one 32-bit
        transaction (bsc#1020645, fate#321435, fate#321507,
        fate#321600, bsc#1034048, git-fixes 27084efee0c3).
    
      - tpm_tis_core: Choose appropriate timeout for reading
        burstcount (bsc#1020645, fate#321435, fate#321507,
        fate#321600, bsc#1034048, git-fixes aec04cbdf723).
    
      - tpm_tis_core: convert max timeouts from msec to jiffies
        (bsc#1020645, fate#321435, fate#321507, fate#321600,
        bsc#1034048, git-fixes aec04cbdf723).
    
      - tty: serial: msm: Support more bauds (git-fixes).
    
      - ubifs: Correctly evict xattr inodes (bsc#1012829).
    
      - ubifs: Do not leak kernel memory to the MTD
        (bsc#1012829).
    
      - xfs: fix inobt inode allocation search optimization
        (bsc#1012829)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012829"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1020645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1020657"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1022743"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1024405"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1030850"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1031717"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1031784"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1034048"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1038583"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048155"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048893"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048934"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049580"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051790"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1052580"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1052888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053117"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053802"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053915"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053919"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1054084"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055096"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055359"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056261"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056588"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056827"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056982"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1057015"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1057389"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1058116"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=971975"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=981309"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected the Linux Kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-pdf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/09/15");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-base-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-base-debuginfo-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-debuginfo-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-debugsource-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-devel-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-devel-debuginfo-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-base-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-base-debuginfo-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-debuginfo-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-debugsource-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-devel-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-devel-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-docs-html-4.4.87-18.29.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-docs-pdf-4.4.87-18.29.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-macros-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-obs-build-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-obs-build-debugsource-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-obs-qa-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-source-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-source-vanilla-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-syms-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-base-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-base-debuginfo-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-debuginfo-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-debugsource-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-devel-4.4.87-18.29.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-docs-html / kernel-docs-pdf / kernel-devel / kernel-macros / etc");
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3657.NASL
    descriptionDescription of changes: [3.8.13-118.20.1.el7uek] - tty: Fix race in pty_write() leading to NULL deref (Todd Vierling) [Orabug: 25392692] - ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) [Orabug: 26479780] - KEYS: fix dereferencing NULL payload with nonzero length (Eric Biggers) [Orabug: 26592025] - oracleasm: Copy the integrity descriptor (Martin K. Petersen) [Orabug: 26649818] - mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug: 26675925] {CVE-2017-7889} - xscore: add dma address check (Zhu Yanjun) [Orabug: 27058468] - more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069042] {CVE-2017-12190} - fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069042] {CVE-2017-12190} - nvme: Drop nvmeq->q_lock before dma_pool_alloc(), so as to prevent hard lockups (Aruna Ramakrishna) [Orabug: 25409587] - nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600] - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403940] {CVE-2017-1000363} - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404005] {CVE-2017-9077} - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26427126] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26427126] - ping: implement proper locking (Eric Dumazet) [Orabug: 26540286] {CVE-2017-2671} - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598] {CVE-2016-10044} - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643598] {CVE-2016-10044} - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643598] {CVE-2016-10044} - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643645] {CVE-2017-11473} - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650883] {CVE-2017-9075} - [media] saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675142] {CVE-2017-8831} - [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675142] {CVE-2017-8831} - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797306] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899787] {CVE-2017-10661} - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn
    last seen2020-06-05
    modified2017-12-11
    plugin id105144
    published2017-12-11
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105144
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3657) (BlueBorne) (Stack Clash)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Oracle Linux Security Advisory ELSA-2017-3657.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105144);
      script_version("3.13");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-10044", "CVE-2016-10200", "CVE-2016-7097", "CVE-2016-9604", "CVE-2016-9685", "CVE-2017-1000111", "CVE-2017-1000251", "CVE-2017-1000363", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-10661", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-12134", "CVE-2017-12190", "CVE-2017-14489", "CVE-2017-2671", "CVE-2017-7542", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-8831", "CVE-2017-9075", "CVE-2017-9077", "CVE-2017-9242");
    
      script_name(english:"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3657) (BlueBorne) (Stack Clash)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Description of changes:
    
    [3.8.13-118.20.1.el7uek]
    - tty: Fix race in pty_write() leading to NULL deref (Todd Vierling) 
    [Orabug: 25392692]
    - ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) 
      [Orabug: 26479780]
    - KEYS: fix dereferencing NULL payload with nonzero length (Eric 
    Biggers)  [Orabug: 26592025]
    - oracleasm: Copy the integrity descriptor (Martin K. Petersen) 
    [Orabug: 26649818]
    - mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook)  [Orabug: 
    26675925]  {CVE-2017-7889}
    - xscore: add dma address check (Zhu Yanjun)  [Orabug: 27058468]
    - more bio_map_user_iov() leak fixes (Al Viro)  [Orabug: 27069042] 
    {CVE-2017-12190}
    - fix unbalanced page refcounting in bio_map_user_iov (Vitaly 
    Mayatskikh)  [Orabug: 27069042]  {CVE-2017-12190}
    - nvme: Drop nvmeq->q_lock before dma_pool_alloc(), so as to prevent 
    hard lockups (Aruna Ramakrishna)  [Orabug: 25409587]
    - nvme: Handle PM1725 HIL reset (Martin K. Petersen)  [Orabug: 26277600]
    - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) 
    [Orabug: 26403940]  {CVE-2017-1000363}
    - ALSA: timer: Fix missing queue indices reset at 
    SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai)  [Orabug: 26403956] 
    {CVE-2017-1000380}
    - ALSA: timer: Fix race between read and ioctl (Takashi Iwai)  [Orabug: 
    26403956]  {CVE-2017-1000380}
    - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race 
    (Vegard Nossum)  [Orabug: 26403956]  {CVE-2017-1000380}
    - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) 
    [Orabug: 26403956]  {CVE-2017-1000380}
    - ALSA: timer: Fix race at concurrent reads (Takashi Iwai)  [Orabug: 
    26403956]  {CVE-2017-1000380}
    - ALSA: timer: Fix race among timer ioctls (Takashi Iwai)  [Orabug: 
    26403956]  {CVE-2017-1000380}
    - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) 
    [Orabug: 26404005]  {CVE-2017-9077}
    - ocfs2: fix deadlock issue when taking inode lock at vfs entry points 
    (Eric Ren)  [Orabug: 26427126]
    - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock 
    (Eric Ren)  [Orabug: 26427126]
    - ping: implement proper locking (Eric Dumazet)  [Orabug: 26540286] 
    {CVE-2017-2671}
    - aio: mark AIO pseudo-fs noexec (Jann Horn)  [Orabug: 26643598] 
    {CVE-2016-10044}
    - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. 
    Biederman)  [Orabug: 26643598]  {CVE-2016-10044}
    - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun 
    Heo)  [Orabug: 26643598]  {CVE-2016-10044}
    - x86/acpi: Prevent out of bound access caused by broken ACPI tables 
    (Seunghun Han)  [Orabug: 26643645]  {CVE-2017-11473}
    - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) 
    [Orabug: 26650883]  {CVE-2017-9075}
    - [media] saa7164: fix double fetch PCIe access condition (Steven Toth) 
    [Orabug: 26675142]  {CVE-2017-8831}
    - [media] saa7164: fix sparse warnings (Hans Verkuil)  [Orabug: 
    26675142]  {CVE-2017-8831}
    - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE 
    (Abhi Das)  [Orabug: 26797306]
    - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) 
    [Orabug: 26899787]  {CVE-2017-10661}
    - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't 
    parse nlmsg properly (Xin Long)  [Orabug: 26988627]  {CVE-2017-14489}
    - mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang)  [Orabug: 
    26643556]  {CVE-2017-11176}
    - ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina 
    Dubroca)  [Orabug: 27011273]  {CVE-2017-7542}
    - packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) 
    [Orabug: 27002450]  {CVE-2017-1000111}
    - mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin 
    Guay)  [Orabug: 26883934]
    - xen/x86: Add interface for querying amount of host memory (Boris 
    Ostrovsky)  [Orabug: 26883934]
    - Bluetooth: Properly check L2CAP config option output buffer length 
    (Ben Seri)  [Orabug: 26796364]  {CVE-2017-1000251}
    - xen: fix bio vec merging (Roger Pau Monne)  [Orabug: 26645550] 
    {CVE-2017-12134}
    - fs/exec.c: account for argv/envp pointers (Kees Cook)  [Orabug: 
    26638921]  {CVE-2017-1000365} {CVE-2017-1000365}
    - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume 
    Nault)  [Orabug: 26586047]  {CVE-2016-10200}
    - xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz 
    Guzik)  [Orabug: 26586022]  {CVE-2016-9685}
    - KEYS: Disallow keyrings beginning with '.' to be joined as session 
    keyrings (David Howells)  [Orabug: 26585994]  {CVE-2016-9604}
    - ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) 
    [Orabug: 26578198]  {CVE-2017-9242}
    - posix_acl: Clear SGID bit when setting file permissions (Jan Kara) 
    [Orabug: 25507344]  {CVE-2016-7097} {CVE-2016-7097}
    - nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) 
    [Orabug: 26366022]  {CVE-2017-7645}"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2017-December/007407.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2017-December/007408.html"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected unbreakable enterprise kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.20.1.el6uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.20.1.el7uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/11");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(6|7)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6 / 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2016-10044", "CVE-2016-10200", "CVE-2016-7097", "CVE-2016-9604", "CVE-2016-9685", "CVE-2017-1000111", "CVE-2017-1000251", "CVE-2017-1000363", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-10661", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-12134", "CVE-2017-12190", "CVE-2017-14489", "CVE-2017-2671", "CVE-2017-7542", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-8831", "CVE-2017-9075", "CVE-2017-9077", "CVE-2017-9242");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2017-3657");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "3.8";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_check(release:"EL6", cpu:"x86_64", reference:"dtrace-modules-3.8.13-118.20.1.el6uek-0.4.5-3.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-3.8.13-118.20.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-3.8.13-118.20.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-debug-devel-3.8.13-118.20.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-devel-3.8.13-118.20.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-doc-3.8.13-118.20.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-3.8.13") && rpm_check(release:"EL6", cpu:"x86_64", reference:"kernel-uek-firmware-3.8.13-118.20.1.el6uek")) flag++;
    
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"dtrace-modules-3.8.13-118.20.1.el7uek-0.4.5-3.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-3.8.13-118.20.1.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-3.8.13-118.20.1.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-debug-devel-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-debug-devel-3.8.13-118.20.1.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-devel-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-devel-3.8.13-118.20.1.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-doc-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-doc-3.8.13-118.20.1.el7uek")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-uek-firmware-3.8.13") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-uek-firmware-3.8.13-118.20.1.el7uek")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3981.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks. - CVE-2017-7518 Andy Lutomirski discovered that KVM is prone to an incorrect debug exception (#DB) error occurring while emulating a syscall instruction. A process inside a guest can take advantage of this flaw for privilege escalation inside a guest. - CVE-2017-7558 (stretch only) Stefano Brivio of Red Hat discovered that the SCTP subsystem is prone to a data leak vulnerability due to an out-of-bounds read flaw, allowing to leak up to 100 uninitialized bytes to userspace. - CVE-2017-10661 (jessie only) Dmitry Vyukov of Google reported that the timerfd facility does not properly handle certain concurrent operations on a single file descriptor. This allows a local attacker to cause a denial of service or potentially execute arbitrary code. - CVE-2017-11600 Bo Zhang reported that the xfrm subsystem does not properly validate one of the parameters to a netlink message. Local users with the CAP_NET_ADMIN capability can use this to cause a denial of service or potentially to execute arbitrary code. - CVE-2017-12134 / #866511 / XSA-229 Jan H. Schoenherr of Amazon discovered that when Linux is running in a Xen PV domain on an x86 system, it may incorrectly merge block I/O requests. A buggy or malicious guest may trigger this bug in dom0 or a PV driver domain, causing a denial of service or potentially execution of arbitrary code. This issue can be mitigated by disabling merges on the underlying back-end block devices, e.g.:echo 2 > /sys/block/nvme0n1/queue/nomerges - CVE-2017-12146 (stretch only) Adrian Salido of Google reported a race condition in access to the
    last seen2020-06-05
    modified2017-09-21
    plugin id103365
    published2017-09-21
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103365
    titleDebian DSA-3981-1 : linux - security update (BlueBorne) (Stack Clash)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-3981. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(103365);
      script_version("3.10");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000252", "CVE-2017-1000370", "CVE-2017-1000371", "CVE-2017-1000380", "CVE-2017-10661", "CVE-2017-11600", "CVE-2017-12134", "CVE-2017-12146", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-14106", "CVE-2017-14140", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-14489", "CVE-2017-14497", "CVE-2017-7518", "CVE-2017-7558");
      script_xref(name:"DSA", value:"3981");
    
      script_name(english:"Debian DSA-3981-1 : linux - security update (BlueBorne) (Stack Clash)");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Several vulnerabilities have been discovered in the Linux kernel that
    may lead to privilege escalation, denial of service or information
    leaks.
    
      - CVE-2017-7518
        Andy Lutomirski discovered that KVM is prone to an
        incorrect debug exception (#DB) error occurring while
        emulating a syscall instruction. A process inside a
        guest can take advantage of this flaw for privilege
        escalation inside a guest.
    
      - CVE-2017-7558 (stretch only)
        Stefano Brivio of Red Hat discovered that the SCTP
        subsystem is prone to a data leak vulnerability due to
        an out-of-bounds read flaw, allowing to leak up to 100
        uninitialized bytes to userspace.
    
      - CVE-2017-10661 (jessie only)
        Dmitry Vyukov of Google reported that the timerfd
        facility does not properly handle certain concurrent
        operations on a single file descriptor. This allows a
        local attacker to cause a denial of service or
        potentially execute arbitrary code.
    
      - CVE-2017-11600
        Bo Zhang reported that the xfrm subsystem does not
        properly validate one of the parameters to a netlink
        message. Local users with the CAP_NET_ADMIN capability
        can use this to cause a denial of service or potentially
        to execute arbitrary code.
    
      - CVE-2017-12134 / #866511 / XSA-229
        Jan H. Schoenherr of Amazon discovered that when Linux
        is running in a Xen PV domain on an x86 system, it may
        incorrectly merge block I/O requests. A buggy or
        malicious guest may trigger this bug in dom0 or a PV
        driver domain, causing a denial of service or
        potentially execution of arbitrary code.
    
      This issue can be mitigated by disabling merges on the underlying
      back-end block devices, e.g.:echo 2 >
      /sys/block/nvme0n1/queue/nomerges
    
      - CVE-2017-12146 (stretch only)
        Adrian Salido of Google reported a race condition in
        access to the'driver_override' attribute for platform
        devices in sysfs. If unprivileged users are permitted to
        access this attribute, this might allow them to gain
        privileges.
    
      - CVE-2017-12153
        Bo Zhang reported that the cfg80211 (wifi) subsystem
        does not properly validate the parameters to a netlink
        message. Local users with the CAP_NET_ADMIN capability
        (in any user namespace with a wifi device) can use this
        to cause a denial of service.
    
      - CVE-2017-12154
        Jim Mattson of Google reported that the KVM
        implementation for Intel x86 processors did not
        correctly handle certain nested hypervisor
        configurations. A malicious guest (or nested guest in a
        suitable L1 hypervisor) could use this for denial of
        service.
    
      - CVE-2017-14106
        Andrey Konovalov discovered that a user-triggerable
        division by zero in the tcp_disconnect() function could
        result in local denial of service.
    
      - CVE-2017-14140
        Otto Ebeling reported that the move_pages() system call
        performed insufficient validation of the UIDs of the
        calling and target processes, resulting in a partial
        ASLR bypass. This made it easier for local users to
        exploit vulnerabilities in programs installed with the
        set-UID permission bit set.
    
      - CVE-2017-14156
        'sohu0106' reported an information leak in the atyfb
        video driver. A local user with access to a framebuffer
        device handled by this driver could use this to obtain
        sensitive information.
    
      - CVE-2017-14340
        Richard Wareing discovered that the XFS implementation
        allows the creation of files with the 'realtime' flag on
        a filesystem with no realtime device, which can result
        in a crash (oops). A local user with access to an XFS
        filesystem that does not have a realtime device can use
        this for denial of service.
    
      - CVE-2017-14489
        ChunYu Wang of Red Hat discovered that the iSCSI
        subsystem does not properly validate the length of a
        netlink message, leading to memory corruption. A local
        user with permission to manage iSCSI devices can use
        this for denial of service or possibly to execute
        arbitrary code.
    
      - CVE-2017-14497 (stretch only)
        Benjamin Poirier of SUSE reported that vnet headers are
        not properly handled within the tpacket_rcv() function
        in the raw packet (af_packet) feature. A local user with
        the CAP_NET_RAW capability can take advantage of this
        flaw to cause a denial of service (buffer overflow, and
        disk and memory corruption) or have other impact.
    
      - CVE-2017-1000111
        Andrey Konovalov of Google reported a race condition in
        the raw packet (af_packet) feature. Local users with the
        CAP_NET_RAW capability can use this for denial of
        service or possibly to execute arbitrary code.
    
      - CVE-2017-1000112
        Andrey Konovalov of Google reported a race condition
        flaw in the UDP Fragmentation Offload (UFO) code. A
        local user can use this flaw for denial of service or
        possibly to execute arbitrary code.
    
      - CVE-2017-1000251 / #875881
        Armis Labs discovered that the Bluetooth subsystem does
        not properly validate L2CAP configuration responses,
        leading to a stack-based buffer overflow. This is one of
        several vulnerabilities dubbed 'Blueborne'. A nearby
        attacker can use this to cause a denial of service or
        possibly to execute arbitrary code on a system with
        Bluetooth enabled.
    
      - CVE-2017-1000252 (stretch only)
        Jan H. Schoenherr of Amazon reported that the KVM
        implementation for Intel x86 processors did not
        correctly validate interrupt injection requests. A local
        user with permission to use KVM could use this for
        denial of service.
    
      - CVE-2017-1000370
        The Qualys Research Labs reported that a large argument
        or environment list can result in ASLR bypass for 32-bit
        PIE binaries.
    
      - CVE-2017-1000371
        The Qualys Research Labs reported that a large argument
        or environment list can result in a stack/heap clash for
        32-bit PIE binaries.
    
      - CVE-2017-1000380
        Alexander Potapenko of Google reported a race condition
        in the ALSA (sound) timer driver, leading to an
        information leak. A local user with permission to access
        sound devices could use this to obtain sensitive
        information.
    
    Debian disables unprivileged user namespaces by default, but if they
    are enabled (via the kernel.unprivileged_userns_clone sysctl) then
    CVE-2017-11600, CVE-2017-14497 and CVE-2017-1000111 can be exploited
    by any local user."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866511"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875881"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-7518"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-7558"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-10661"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-11600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-12134"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-12146"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-12153"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-12154"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-14106"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-14140"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-14156"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-14340"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-14489"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-14497"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-1000111"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-1000112"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-1000251"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-1000252"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-1000370"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-1000371"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-1000380"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-11600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-14497"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2017-1000111"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/jessie/linux"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/stretch/linux"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2017/dsa-3981"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "Upgrade the linux packages.
    
    For the oldstable distribution (jessie), these problems have been
    fixed in version 3.16.43-2+deb8u5.
    
    For the stable distribution (stretch), these problems have been fixed
    in version 4.9.30-2+deb9u5."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/09/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/21");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"8.0", prefix:"linux-compiler-gcc-4.8-arm", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-compiler-gcc-4.8-x86", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-compiler-gcc-4.9-x86", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-doc-3.16", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-586", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-686-pae", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-all", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-all-amd64", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-all-armel", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-all-armhf", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-all-i386", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-amd64", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-armmp", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-armmp-lpae", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-common", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-ixp4xx", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-kirkwood", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-orion5x", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-versatile", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-586", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-686-pae", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-686-pae-dbg", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-amd64", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-amd64-dbg", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-armmp", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-armmp-lpae", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-ixp4xx", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-kirkwood", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-orion5x", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-versatile", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-libc-dev", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-manual-3.16", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-source-3.16", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"linux-support-3.16.0-9", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"8.0", prefix:"xen-linux-system-3.16.0-9-amd64", reference:"3.16.43-2+deb8u5")) flag++;
    if (deb_check(release:"9.0", prefix:"hyperv-daemons", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"libcpupower-dev", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"libcpupower1", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"libusbip-dev", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-compiler-gcc-6-arm", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-compiler-gcc-6-s390", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-compiler-gcc-6-x86", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-cpupower", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-doc-4.9", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-4kc-malta", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-5kc-malta", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-686", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-686-pae", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-amd64", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-arm64", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-armel", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-armhf", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-i386", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-mips", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-mips64el", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-mipsel", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-ppc64el", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-s390x", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-amd64", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-arm64", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-armmp", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-armmp-lpae", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-common", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-common-rt", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-loongson-3", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-marvell", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-octeon", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-powerpc64le", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-rt-686-pae", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-rt-amd64", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-s390x", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-4kc-malta", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-4kc-malta-dbg", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-5kc-malta", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-5kc-malta-dbg", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-686", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-686-dbg", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-686-pae", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-686-pae-dbg", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-amd64", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-amd64-dbg", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-arm64", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-arm64-dbg", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-armmp", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-armmp-dbg", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-armmp-lpae", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-armmp-lpae-dbg", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-loongson-3", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-loongson-3-dbg", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-marvell", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-marvell-dbg", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-octeon", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-octeon-dbg", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-powerpc64le", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-powerpc64le-dbg", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-rt-686-pae", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-rt-686-pae-dbg", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-rt-amd64", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-rt-amd64-dbg", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-s390x", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-s390x-dbg", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-kbuild-4.9", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-libc-dev", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-manual-4.9", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-perf-4.9", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-source-4.9", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-support-4.9.0-9", reference:"4.9.30-2+deb9u5")) flag++;
    if (deb_check(release:"9.0", prefix:"usbip", reference:"4.9.30-2+deb9u5")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3658.NASL
    descriptionDescription of changes: [2.6.39-400.298.1.el6uek] - ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) [Orabug: 23320090] - tty: Fix race in pty_write() leading to NULL deref (Todd Vierling) [Orabug: 24337879] - xen-netfront: cast grant table reference first to type int (Dongli Zhang) [Orabug: 25102637] - xen-netfront: do not cast grant table reference to signed short (Dongli Zhang) [Orabug: 25102637] - RDS: Print failed rdma op details if failure is remote access error (Rama Nichanamatlu) [Orabug: 25440316] - ping: implement proper locking (Eric Dumazet) [Orabug: 26540288] {CVE-2017-2671} - KEYS: fix dereferencing NULL payload with nonzero length (Eric Biggers) [Orabug: 26592013] - oracleasm: Copy the integrity descriptor (Martin K. Petersen) [Orabug: 26650039] - mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug: 26675934] {CVE-2017-7889} - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797307] - xscore: add dma address check (Zhu Yanjun) [Orabug: 27058559] - more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069045] {CVE-2017-12190} - fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069045] {CVE-2017-12190} - xsigo: [backport] Fix race in freeing aged Forwarding tables (Pradeep Gopanapalli) [Orabug: 24823234] - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 25671723] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 25671723] - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308} - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308} - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403941] {CVE-2017-1000363} - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403974] {CVE-2017-9074} - ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403974] {CVE-2017-9074} - ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403974] {CVE-2017-9074} - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404007] {CVE-2017-9077} - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643601] {CVE-2016-10044} - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643601] {CVE-2016-10044} - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643601] {CVE-2016-10044} - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643652] {CVE-2017-11473} - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650889] {CVE-2017-9075} - saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675148] {CVE-2017-8831} - saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675148] {CVE-2017-8831} - saa7164: get rid of warning: no previous prototype (Mauro Carvalho Chehab) [Orabug: 26675148] {CVE-2017-8831} - [scsi] lpfc 8.3.44: Fix kernel panics from corrupted ndlp (James Smart) [Orabug: 26765341] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899791] {CVE-2017-10661} - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn
    last seen2020-06-05
    modified2017-12-11
    plugin id105145
    published2017-12-11
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105145
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3658) (BlueBorne) (Stack Clash)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Oracle Linux Security Advisory ELSA-2017-3658.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105145);
      script_version("3.18");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2014-9710", "CVE-2015-1465", "CVE-2015-2686", "CVE-2015-4167", "CVE-2016-10044", "CVE-2016-10200", "CVE-2016-9604", "CVE-2016-9685", "CVE-2017-1000111", "CVE-2017-1000251", "CVE-2017-1000253", "CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-10661", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-12134", "CVE-2017-12190", "CVE-2017-14489", "CVE-2017-2671", "CVE-2017-7273", "CVE-2017-7308", "CVE-2017-7542", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-8831", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9077", "CVE-2017-9242");
    
      script_name(english:"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3658) (BlueBorne) (Stack Clash)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "Description of changes:
    
    [2.6.39-400.298.1.el6uek]
    - ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) 
      [Orabug: 23320090]
    - tty: Fix race in pty_write() leading to NULL deref (Todd Vierling) 
    [Orabug: 24337879]
    - xen-netfront: cast grant table reference first to type int (Dongli 
    Zhang)  [Orabug: 25102637]
    - xen-netfront: do not cast grant table reference to signed short 
    (Dongli Zhang)  [Orabug: 25102637]
    - RDS: Print failed rdma op details if failure is remote access error 
    (Rama Nichanamatlu)  [Orabug: 25440316]
    - ping: implement proper locking (Eric Dumazet)  [Orabug: 26540288] 
    {CVE-2017-2671}
    - KEYS: fix dereferencing NULL payload with nonzero length (Eric 
    Biggers)  [Orabug: 26592013]
    - oracleasm: Copy the integrity descriptor (Martin K. Petersen) 
    [Orabug: 26650039]
    - mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook)  [Orabug: 
    26675934]  {CVE-2017-7889}
    - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE 
    (Abhi Das)  [Orabug: 26797307]
    - xscore: add dma address check (Zhu Yanjun)  [Orabug: 27058559]
    - more bio_map_user_iov() leak fixes (Al Viro)  [Orabug: 27069045] 
    {CVE-2017-12190}
    - fix unbalanced page refcounting in bio_map_user_iov (Vitaly 
    Mayatskikh)  [Orabug: 27069045]  {CVE-2017-12190}
    - xsigo: [backport] Fix race in freeing aged Forwarding tables (Pradeep 
    Gopanapalli)  [Orabug: 24823234]
    - ocfs2: fix deadlock issue when taking inode lock at vfs entry points 
    (Eric Ren)  [Orabug: 25671723]
    - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock 
    (Eric Ren)  [Orabug: 25671723]
    - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) 
    [Orabug: 26143563]  {CVE-2017-7308}
    - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) 
    [Orabug: 26143563]  {CVE-2017-7308}
    - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) 
    [Orabug: 26403941]  {CVE-2017-1000363}
    - ALSA: timer: Fix missing queue indices reset at 
    SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai)  [Orabug: 26403958] 
    {CVE-2017-1000380}
    - ALSA: timer: Fix race between read and ioctl (Takashi Iwai)  [Orabug: 
    26403958]  {CVE-2017-1000380}
    - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race 
    (Vegard Nossum)  [Orabug: 26403958]  {CVE-2017-1000380}
    - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) 
    [Orabug: 26403958]  {CVE-2017-1000380}
    - ALSA: timer: Fix race at concurrent reads (Takashi Iwai)  [Orabug: 
    26403958]  {CVE-2017-1000380}
    - ALSA: timer: Fix race among timer ioctls (Takashi Iwai)  [Orabug: 
    26403958]  {CVE-2017-1000380}
    - ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben 
    Hutchings)  [Orabug: 26403974]  {CVE-2017-9074}
    - ipv6: Check ip6_find_1stfragopt() return value properly. (David S. 
    Miller)  [Orabug: 26403974]  {CVE-2017-9074}
    - ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) 
    [Orabug: 26403974]  {CVE-2017-9074}
    - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) 
    [Orabug: 26404007]  {CVE-2017-9077}
    - aio: mark AIO pseudo-fs noexec (Jann Horn)  [Orabug: 26643601] 
    {CVE-2016-10044}
    - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. 
    Biederman)  [Orabug: 26643601]  {CVE-2016-10044}
    - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun 
    Heo)  [Orabug: 26643601]  {CVE-2016-10044}
    - x86/acpi: Prevent out of bound access caused by broken ACPI tables 
    (Seunghun Han)  [Orabug: 26643652]  {CVE-2017-11473}
    - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) 
    [Orabug: 26650889]  {CVE-2017-9075}
    - saa7164: fix double fetch PCIe access condition (Steven Toth) 
    [Orabug: 26675148]  {CVE-2017-8831}
    - saa7164: fix sparse warnings (Hans Verkuil)  [Orabug: 26675148] 
    {CVE-2017-8831}
    - saa7164: get rid of warning: no previous prototype (Mauro Carvalho 
    Chehab)  [Orabug: 26675148]  {CVE-2017-8831}
    - [scsi] lpfc 8.3.44: Fix kernel panics from corrupted ndlp (James 
    Smart)  [Orabug: 26765341]
    - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) 
    [Orabug: 26899791]  {CVE-2017-10661}
    - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't 
    parse nlmsg properly (Xin Long)  [Orabug: 26988628]  {CVE-2017-14489}
    - mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang)  [Orabug: 
    26643562]  {CVE-2017-11176}
    - ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina 
    Dubroca)  [Orabug: 27011278]  {CVE-2017-7542}
    - packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) 
    [Orabug: 27002453]  {CVE-2017-1000111}
    - mlx4_core: calculate log_mtt based on total system memory (Wei Lin 
    Guay)  [Orabug: 26867355]
    - xen/x86: Add interface for querying amount of host memory (Boris 
    Ostrovsky)  [Orabug: 26867355]
    - fs/binfmt_elf.c: fix bug in loading of PIE binaries (Michael Davidson) 
      [Orabug: 26870958]  {CVE-2017-1000253}
    - Bluetooth: Properly check L2CAP config option output buffer length 
    (Ben Seri)  [Orabug: 26796428]  {CVE-2017-1000251}
    - xen: fix bio vec merging (Roger Pau Monne)  [Orabug: 26645562] 
    {CVE-2017-12134}
    - fs/exec.c: account for argv/envp pointers (Kees Cook)  [Orabug: 
    26638926]  {CVE-2017-1000365} {CVE-2017-1000365}
    - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume 
    Nault)  [Orabug: 26586050]  {CVE-2016-10200}
    - xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz 
    Guzik)  [Orabug: 26586024]  {CVE-2016-9685}
    - KEYS: Disallow keyrings beginning with '.' to be joined as session 
    keyrings (David Howells)  [Orabug: 26586002]  {CVE-2016-9604}
    - ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) 
    [Orabug: 26578202]  {CVE-2017-9242}
    - selinux: quiet the filesystem labeling behavior message (Paul Moore) 
    [Orabug: 25721485]
    - RDS/IB: active bonding port state fix for intfs added late (Mukesh 
    Kacker)  [Orabug: 25875426]
    - HID: hid-cypress: validate length of report (Greg Kroah-Hartman) 
    [Orabug: 25891914]  {CVE-2017-7273}
    - udf: Remove repeated loads blocksize (Jan Kara)  [Orabug: 25905722] 
    {CVE-2015-4167}
    - udf: Check length of extended attributes and allocation descriptors 
    (Jan Kara)  [Orabug: 25905722]  {CVE-2015-4167}
    - udf: Verify i_size when loading inode (Jan Kara)  [Orabug: 25905722] 
    {CVE-2015-4167}
    - btrfs: drop unused parameter from btrfs_item_nr (Ross Kirk)  [Orabug: 
    25948102]  {CVE-2014-9710}
    - Btrfs: cleanup of function where fixup_low_keys() is called (Tsutomu 
    Itoh)  [Orabug: 25948102]  {CVE-2014-9710}
    - Btrfs: remove unused argument of fixup_low_keys() (Tsutomu Itoh) 
    [Orabug: 25948102]  {CVE-2014-9710}
    - Btrfs: remove unused argument of btrfs_extend_item() (Tsutomu Itoh) 
    [Orabug: 25948102]  {CVE-2014-9710}
    - Btrfs: add support for asserts (Josef Bacik)  [Orabug: 25948102] 
    {CVE-2014-9710}
    - Btrfs: make xattr replace operations atomic (Filipe Manana)  [Orabug: 
    25948102]  {CVE-2014-9710}
    - net: validate the range we feed to iov_iter_init() in 
    sys_sendto/sys_recvfrom (Al Viro)  [Orabug: 25948149]  {CVE-2015-2686}
    - xsigo: Compute node crash on FC failover (Joe Jin)  [Orabug: 25965445]
    - PCI: Prevent VPD access for QLogic ISP2722 (Ethan Zhao)  [Orabug: 
    25975513]
    - PCI: Prevent VPD access for buggy devices (Babu Moger)  [Orabug: 
    25975513]
    - ipv4: try to cache dst_entries which would cause a redirect (Hannes 
    Frederic Sowa)  [Orabug: 26032377]  {CVE-2015-1465}
    - mm: larger stack guard gap, between vmas (Hugh Dickins)  [Orabug: 
    26326145]  {CVE-2017-1000364}
    - nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) 
    [Orabug: 26366024]  {CVE-2017-7645}
    - dm mpath: allow ioctls to trigger pg init (Mikulas Patocka)  [Orabug: 
    25645229]
    - xen/manage: Always freeze/thaw processes when suspend/resuming (Ross 
    Lagerwall)  [Orabug: 25795530]
    - lpfc cannot establish connection with targets that send PRLI under P2P 
    mode (Joe Jin)  [Orabug: 25955028]"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2017-December/007409.html"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected unbreakable enterprise kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'AF_PACKET packet_set_ring Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/11");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2014-9710", "CVE-2015-1465", "CVE-2015-2686", "CVE-2015-4167", "CVE-2016-10044", "CVE-2016-10200", "CVE-2016-9604", "CVE-2016-9685", "CVE-2017-1000111", "CVE-2017-1000251", "CVE-2017-1000253", "CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-10661", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-12134", "CVE-2017-12190", "CVE-2017-14489", "CVE-2017-2671", "CVE-2017-7273", "CVE-2017-7308", "CVE-2017-7542", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-8831", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9077", "CVE-2017-9242");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2017-3658");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "2.6";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-2.6.39-400.298.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-debug-2.6.39-400.298.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-debug-devel-2.6.39-400.298.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-devel-2.6.39-400.298.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-doc-2.6.39-400.298.1.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-2.6.39") && rpm_check(release:"EL6", reference:"kernel-uek-firmware-2.6.39-400.298.1.el6uek")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2847-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.92 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038). - CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table (bnc#1049580). - CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 bsc#1053919). - CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410). - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel did not ensure that the
    last seen2020-06-01
    modified2020-06-02
    plugin id104171
    published2017-10-26
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104171
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2847-1) (KRACK)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:2847-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(104171);
      script_version("3.14");
      script_cvs_date("Date: 2019/09/11 11:22:16");
    
      script_cve_id("CVE-2017-1000252", "CVE-2017-11472", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-13080", "CVE-2017-14051", "CVE-2017-14106", "CVE-2017-14489", "CVE-2017-15265", "CVE-2017-15649", "CVE-2017-6346");
      script_xref(name:"IAVA", value:"2017-A-0310");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2847-1) (KRACK)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.92 to
    receive various security and bugfixes. The following security bugs
    were fixed :
    
      - CVE-2017-1000252: The KVM subsystem in the Linux kernel
        allowed guest OS users to cause a denial of service
        (assertion failure, and hypervisor hang or crash) via an
        out-of bounds guest_irq value, related to
        arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).
    
      - CVE-2017-11472: The acpi_ns_terminate() function in
        drivers/acpi/acpica/nsutils.c in the Linux kernel did
        not flush the operand cache and causes a kernel stack
        dump, which allowed local users to obtain sensitive
        information from kernel memory and bypass the KASLR
        protection mechanism (in the kernel through 4.9) via a
        crafted ACPI table (bnc#1049580).
    
      - CVE-2017-12134: The xen_biovec_phys_mergeable function
        in drivers/xen/biomerge.c in Xen might allow local OS
        guest users to corrupt block device data streams and
        consequently obtain sensitive memory information, cause
        a denial of service, or gain host OS privileges by
        leveraging incorrect block IO merge-ability calculation
        (bnc#1051790 bsc#1053919).
    
      - CVE-2017-12153: A security flaw was discovered in the
        nl80211_set_rekey_data() function in
        net/wireless/nl80211.c in the Linux kernel This function
        did not check whether the required attributes are
        present in a Netlink request. This request can be issued
        by a user with the CAP_NET_ADMIN capability and may
        result in a NULL pointer dereference and system crash
        (bnc#1058410).
    
      - CVE-2017-12154: The prepare_vmcs02 function in
        arch/x86/kvm/vmx.c in the Linux kernel did not ensure
        that the 'CR8-load exiting' and 'CR8-store exiting' L0
        vmcs02 controls exist in cases where L1 omits the 'use
        TPR shadow' vmcs12 control, which allowed KVM L2 guest
        OS users to obtain read and write access to the hardware
        CR8 register (bnc#1058507).
    
      - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2)
        allowed reinstallation of the Group Temporal Key (GTK)
        during the group key handshake, allowing an attacker
        within radio range to replay frames from access points
        to clients (bnc#1056061 1063479 1063667 1063671).
    
      - CVE-2017-14051: An integer overflow in the
        qla2x00_sysfs_write_optrom_ctl function in
        drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel
        allowed local users to cause a denial of service (memory
        corruption and system crash) by leveraging root access
        (bnc#1056588).
    
      - CVE-2017-14106: The tcp_disconnect function in
        net/ipv4/tcp.c in the Linux kernel allowed local users
        to cause a denial of service (__tcp_select_window
        divide-by-zero error and system crash) by triggering a
        disconnect within a certain tcp_recvmsg code path
        (bnc#1056982).
    
      - CVE-2017-14489: The iscsi_if_rx function in
        drivers/scsi/scsi_transport_iscsi.c in the Linux kernel
        allowed local users to cause a denial of service (panic)
        by leveraging incorrect length validation (bnc#1059051).
    
      - CVE-2017-15265: Use-after-free vulnerability in the
        Linux kernel before 4.14-rc5 allowed local users to have
        unspecified impact via vectors related to /dev/snd/seq
        (bnc#1062520).
    
      - CVE-2017-15649: net/packet/af_packet.c in the Linux
        kernel allowed local users to gain privileges via
        crafted system calls that trigger mishandling of
        packet_fanout data structures, because of a race
        condition (involving fanout_add and packet_do_bind) that
        leads to a use-after-free, a different vulnerability
        than CVE-2017-6346 (bnc#1064388).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1004527"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005776"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005778"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005780"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005781"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1012382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1012829"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1015342"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1015343"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019675"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019680"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019695"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019699"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1020412"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1020645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1020657"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1020989"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1021424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022595"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022604"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022743"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022912"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022967"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1024346"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1024373"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1024405"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1025461"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1030850"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031717"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031784"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1032150"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1034048"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1034075"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1035479"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1036060"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1036215"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1036737"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037579"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037890"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1038583"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1040813"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1042847"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1043598"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1044503"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1046529"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047238"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047989"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048155"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048228"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048325"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048327"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048356"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048501"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048893"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048912"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1048934"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049272"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049291"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049336"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049361"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1049580"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050471"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050742"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051790"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051987"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052093"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052094"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052095"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052360"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052384"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052580"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052593"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053043"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053309"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053472"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053627"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053629"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053633"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053681"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053685"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053802"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053915"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053919"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1054082"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1054084"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1054654"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055096"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055272"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055290"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055359"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055493"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055567"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055709"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055755"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055896"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055935"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1055963"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056061"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056185"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056230"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056261"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056427"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056587"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056588"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056596"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056686"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056827"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056849"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056982"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057015"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057031"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057035"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057038"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057047"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057067"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057383"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057498"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057849"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058038"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058116"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058135"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058410"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058507"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058512"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058550"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1059051"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1059465"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1059500"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1059863"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1060197"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1060229"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1060249"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1060400"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1060985"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061017"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061046"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061064"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061067"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061172"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061451"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061721"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061775"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061831"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061872"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1062279"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1062520"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1062962"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063102"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063349"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063460"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063475"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063479"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063501"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063509"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063520"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063570"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063667"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063671"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063695"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064064"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064206"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064388"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064436"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=963575"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=964944"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=966170"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=966172"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=966186"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=966191"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=966316"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=966318"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=969476"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=969477"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=969756"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=971975"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=981309"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-1000252/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-11472/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-12134/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-12153/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-12154/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-13080/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14051/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14106/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14489/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-15265/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-15649/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20172847-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?353e456c"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch
    SUSE-SLE-WE-12-SP3-2017-1770=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
    patch SUSE-SLE-SDK-12-SP3-2017-1770=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2017-1770=1
    
    SUSE Linux Enterprise Live Patching 12-SP3:zypper in -t patch
    SUSE-SLE-Live-Patching-12-SP3-2017-1770=1
    
    SUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch
    SUSE-SLE-HA-12-SP3-2017-1770=1
    
    SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP3-2017-1770=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/03/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/10/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/26");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"II");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"s390x", reference:"kernel-default-man-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-debuginfo-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debuginfo-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debugsource-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-devel-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-syms-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-debuginfo-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-debugsource-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-devel-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-extra-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-extra-debuginfo-4.4.92-6.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-syms-4.4.92-6.18.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0174.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0174 for details.
    last seen2020-06-05
    modified2017-12-14
    plugin id105248
    published2017-12-14
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105248
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0174) (BlueBorne) (Dirty COW) (Stack Clash)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2017-0174.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105248);
      script_version("3.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-10044", "CVE-2016-10200", "CVE-2016-10318", "CVE-2016-1575", "CVE-2016-1576", "CVE-2016-6213", "CVE-2016-9191", "CVE-2016-9604", "CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-1000405", "CVE-2017-10661", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-12134", "CVE-2017-12154", "CVE-2017-12190", "CVE-2017-12192", "CVE-2017-14106", "CVE-2017-14489", "CVE-2017-15649", "CVE-2017-16527", "CVE-2017-16650", "CVE-2017-2618", "CVE-2017-2671", "CVE-2017-7477", "CVE-2017-7482", "CVE-2017-7533", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-7618", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-8797", "CVE-2017-8831", "CVE-2017-8890", "CVE-2017-9059", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9077", "CVE-2017-9242");
    
      script_name(english:"OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0174) (BlueBorne) (Dirty COW) (Stack Clash)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates : please see Oracle VM Security Advisory
    OVMSA-2017-0174 for details."
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2017-December/000805.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0059c7d1"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected kernel-uek / kernel-uek-firmware packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/14");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.4" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.4", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.4", reference:"kernel-uek-4.1.12-112.14.1.el6uek")) flag++;
    if (rpm_check(release:"OVS3.4", reference:"kernel-uek-firmware-4.1.12-112.14.1.el6uek")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-uek / kernel-uek-firmware");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1396.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely.(CVE-2019-16230) - In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).(CVE-2019-19768) - A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.(CVE-2020-2732) - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c.(CVE-2020-8647) - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.(CVE-2020-8648) - There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_region function in drivers/video/console/vgacon.c.(CVE-2020-8649) - ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.(CVE-2020-8992) - An issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.(CVE-2020-9383) - In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable.(CVE-2014-3180) - A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.(CVE-2019-14896) - A stack-based buffer overflow was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. An attacker is able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA.(CVE-2019-14897) - An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel
    last seen2020-05-06
    modified2020-04-15
    plugin id135525
    published2020-04-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135525
    titleEulerOS 2.0 SP3 : kernel (EulerOS-SA-2020-1396)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3621.NASL
    descriptionDescription of changes: kernel-uek [3.8.13-118.19.7.el7uek] - Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796364] {CVE-2017-1000251} [3.8.13-118.19.6.el7uek] - xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645550] {CVE-2017-12134} [3.8.13-118.19.5.el7uek] - fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638921] {CVE-2017-1000365} {CVE-2017-1000365}
    last seen2020-06-05
    modified2017-09-22
    plugin id103401
    published2017-09-22
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103401
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3621) (BlueBorne) (Stack Clash)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-F336BA205D.NASL
    descriptionQemu: serial: host memory leakage 16550A UART emulation [CVE-2017-5579] (#1416162) Qemu: display: cirrus: OOB read access issue [CVE-2017-7718] (#1443444) xen: various flaws (#1481765) multiple problems with transitive grants [XSA-226, CVE-2017-12135] x86: PV privilege escalation via map_grant_ref [XSA-227, CVE-2017-12137] grant_table: Race conditions with maptrack free list handling [XSA-228, CVE-2017-12136] grant_table: possibly premature clearing of GTF_writing / GTF_reading [XSA-230, CVE-2017-12855] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-08-23
    plugin id102686
    published2017-08-23
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102686
    titleFedora 26 : xen (2017-f336ba205d)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201801-14.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201801-14 (Xen: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Impact : A local attacker could potentially execute arbitrary code with the privileges of the Xen (QEMU) process on the host, gain privileges on the host system, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id106038
    published2018-01-15
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106038
    titleGLSA-201801-14 : Xen: Multiple vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2693.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-10220) - A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7.(CVE-2019-19051) - A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e.(CVE-2019-19065) - ** DISPUTED ** Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third parties dispute the relevance of this because the attacker must already have privileges for module loading.(CVE-2019-19067) - An issue was discovered in drivers/xen/balloon.c in the Linux kernel before 5.2.3, as used in Xen through 4.12.x, allowing guest OS users to cause a denial of service because of unrestricted resource consumption during the mapping of guest memory, aka CID-6ef36ab967c7.(CVE-2019-17351) - The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.(CVE-2017-12134) - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/adutux.c driver, aka CID-44efc269db79.(CVE-2019-19523) - In the Linux kernel before 5.3.7, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver, aka CID-edc4746f253d.(CVE-2019-19528) - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver, aka CID-c52873e5a1ef.(CVE-2019-19530) - In the Linux kernel before 5.3.4, there is an info-leak bug that can be caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka CID-a10feaf8c464.(CVE-2019-19533) - In the Linux kernel before 5.2.10, there is a race condition bug that can be caused by a malicious USB device in the USB character device driver layer, aka CID-303911cfc5b9. This affects drivers/usb/core/file.c.(CVE-2019-19537) - In the Linux kernel before 5.3.12, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/input/ff-memless.c driver, aka CID-fa3a5a1880c9.(CVE-2019-19524) - In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.(CVE-2019-19527) - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID drivers, aka CID-d9d4b1e46d95. This affects drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c.(CVE-2019-19532) - The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.(CVE-2015-1350) - In the Linux kernel before 5.2.9, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/usb/misc/yurex.c driver, aka CID-fc05481b2fca.(CVE-2019-19531) - The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation.(CVE-2019-18675) - A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable.(CVE-2018-1129) - A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5.(CVE-2019-19058) - A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.(CVE-2019-19074) - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10.(CVE-2019-19073) - Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.(CVE-2019-19063) - A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932.(CVE-2019-19056) - Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.(CVE-2019-19057) - An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.(CVE-2019-15291) - A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095(CVE-2019-2215) - In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69164715 References: Upstream kernel.(CVE-2018-9465) - In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.(CVE-2019-9456) - fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15.(CVE-2019-18885) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-23
    plugin id132360
    published2019-12-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132360
    titleEulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2693)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1017.NASL
    descriptionThe openSUSE Leap 42.3 kernel was updated to 4.4.85 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 bnc#1053919). The following non-security bugs were fixed : - acpi: apd: Add clock frequency for Hisilicon Hip07/08 I2C controller (bsc#1049291). - acpi: apd: Fix HID for Hisilicon Hip07/08 (bsc#1049291). - acpi: APEI: Enable APEI multiple GHES source to share a single external IRQ (bsc#1053627). - acpi: irq: Fix return code of acpi_gsi_to_irq() (bsc#1053627). - acpi: pci: fix GIC irq model default PCI IRQ polarity (bsc#1053629). - acpi: scan: Prefer devices without _HID for _ADR matching (git-fixes). - Add
    last seen2020-06-05
    modified2017-09-13
    plugin id103155
    published2017-09-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103155
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2017-1017)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1099.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-7482 Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does not properly verify metadata, leading to information disclosure, denial of service or potentially execution of arbitrary code. CVE-2017-7542 An integer overflow vulnerability in the ip6_find_1stfragopt() function was found allowing a local attacker with privileges to open raw sockets to cause a denial of service. CVE-2017-7889 Tommi Rantala and Brad Spengler reported that the mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, allowing a local attacker with access to /dev/mem to obtain sensitive information or potentially execute arbitrary code. CVE-2017-10661 Dmitry Vyukov of Google reported that the timerfd facility does not properly handle certain concurrent operations on a single file descriptor. This allows a local attacker to cause a denial of service or potentially to execute arbitrary code. CVE-2017-10911 / XSA-216 Anthony Perard of Citrix discovered an information leak flaw in Xen blkif response handling, allowing a malicious unprivileged guest to obtain sensitive information from the host or other guests. CVE-2017-11176 It was discovered that the mq_notify() function does not set the sock pointer to NULL upon entry into the retry logic. An attacker can take advantage of this flaw during a userspace close of a Netlink socket to cause a denial of service or potentially cause other impact. CVE-2017-11600 bo Zhang reported that the xfrm subsystem does not properly validate one of the parameters to a netlink message. Local users with the CAP_NET_ADMIN capability can use this to cause a denial of service or potentially to execute arbitrary code. CVE-2017-12134 / #866511 / XSA-229 Jan H. Sch&ouml;nherr of Amazon discovered that when Linux is running in a Xen PV domain on an x86 system, it may incorrectly merge block I/O requests. A buggy or malicious guest may trigger this bug in dom0 or a PV driver domain, causing a denial of service or potentially execution of arbitrary code. This issue can be mitigated by disabling merges on the underlying back-end block devices, e.g.: echo 2 > /sys/block/nvme0n1/queue/nomerges CVE-2017-12153 bo Zhang reported that the cfg80211 (wifi) subsystem does not properly validate the parameters to a netlink message. Local users with the CAP_NET_ADMIN capability on a system with a wifi device can use this to cause a denial of service. CVE-2017-12154 Jim Mattson of Google reported that the KVM implementation for Intel x86 processors did not correctly handle certain nested hypervisor configurations. A malicious guest (or nested guest in a suitable L1 hypervisor) could use this for denial of service. CVE-2017-14106 Andrey Konovalov of Google reported that a specific sequence of operations on a TCP socket could lead to division by zero. A local user could use this for denial of service. CVE-2017-14140 Otto Ebeling reported that the move_pages() system call permitted users to discover the memory layout of a set-UID process running under their real user-ID. This made it easier for local users to exploit vulnerabilities in programs installed with the set-UID permission bit set. CVE-2017-14156
    last seen2020-03-17
    modified2017-09-21
    plugin id103363
    published2017-09-21
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103363
    titleDebian DLA-1099-1 : linux security update (BlueBorne) (Stack Clash)
  • NASL familyMisc.
    NASL idXEN_SERVER_XSA-230.NASL
    descriptionAccording to its self-reported version number, the Xen hypervisor installed on the remote host is affected by multiple vulnerabilities. Note that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if patches were applied manually to the source code before a recompile and reinstall.
    last seen2020-06-01
    modified2020-06-02
    plugin id102585
    published2017-08-18
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102585
    titleXen Hypervisor Multiple Vulnerabilities (XSA-226 - XSA-230)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-73F71456D7.NASL
    descriptionThe 4.12.8 stable kernel update contains a number of important fixes across the tree. ---- The 4.12.5 kernel rebase contains new features and many bug fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-08-24
    plugin id102718
    published2017-08-24
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102718
    titleFedora 25 : kernel (2017-73f71456d7)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0015.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0015 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id106469
    published2018-01-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106469
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0015) (BlueBorne) (Meltdown) (Spectre) (Stack Clash)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-897.NASL
    descriptionThe xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation. (CVE-2017-12134)
    last seen2020-06-01
    modified2020-06-02
    plugin id103310
    published2017-09-19
    reporterThis script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/103310
    titleAmazon Linux AMI : kernel (ALAS-2017-897)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3444-2.NASL
    descriptionUSN-3444-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jan H. Schonherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service (host crash) or possibly gain administrative privileges in the host. (CVE-2017-12134) Andrey Konovalov discovered that a divide-by-zero error existed in the TCP stack implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14106) Otto Ebeling discovered that the memory manager in the Linux kernel did not properly check the effective UID in some situations. A local attacker could use this to expose sensitive information. (CVE-2017-14140). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id103779
    published2017-10-11
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103779
    titleUbuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3444-2)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3622.NASL
    descriptionDescription of changes: [2.6.39-400.297.8.el6uek] - Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796428] {CVE-2017-1000251} [2.6.39-400.297.7.el6uek] - xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645562] {CVE-2017-12134} - fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638926] {CVE-2017-1000365} {CVE-2017-1000365}
    last seen2020-06-05
    modified2017-09-22
    plugin id103402
    published2017-09-22
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103402
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3622) (BlueBorne) (Stack Clash)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0173.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - tty: Fix race in pty_write leading to NULL deref (Todd Vierling) - ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) [Orabug: 26479780] - KEYS: fix dereferencing NULL payload with nonzero length (Eric Biggers) [Orabug: 26592025] - oracleasm: Copy the integrity descriptor (Martin K. Petersen) - mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug: 26675925] (CVE-2017-7889) - xscore: add dma address check (Zhu Yanjun) [Orabug: 27058468] - more bio_map_user_iov leak fixes (Al Viro) [Orabug: 27069042] (CVE-2017-12190) - fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069042] (CVE-2017-12190) - nvme: Drop nvmeq->q_lock before dma_pool_alloc, so as to prevent hard lockups (Aruna Ramakrishna) [Orabug: 25409587] - nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600] - char: lp: fix possible integer overflow in lp_setup (Willy Tarreau) [Orabug: 26403940] (CVE-2017-1000363) - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380) - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380) - ALSA: timer: fix NULL pointer dereference in read/ioctl race (Vegard Nossum) [Orabug: 26403956] (CVE-2017-1000380) - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380) - ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380) - ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380) - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404005] (CVE-2017-9077) - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26427126] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26427126] - ping: implement proper locking (Eric Dumazet) [Orabug: 26540286] (CVE-2017-2671) - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598] (CVE-2016-10044) - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643598] (CVE-2016-10044) - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643598] (CVE-2016-10044) - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643645] (CVE-2017-11473) - sctp: do not inherit ipv6_[mc|ac|fl]_list from parent (Eric Dumazet) [Orabug: 26650883] (CVE-2017-9075) - [media] saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675142] (CVE-2017-8831) - [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675142] (CVE-2017-8831) - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797306] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899787] (CVE-2017-10661) - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn
    last seen2020-06-05
    modified2017-12-11
    plugin id105147
    published2017-12-11
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105147
    titleOracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0173) (BlueBorne) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2869-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.90 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038). - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277). - CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table (bnc#1049580). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 bnc#1053919). - CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410). - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel did not ensure that the
    last seen2020-06-01
    modified2020-06-02
    plugin id104253
    published2017-10-30
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104253
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2869-1) (KRACK)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-4336D64E21.NASL
    descriptionThe 4.12.8 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-08-24
    plugin id102717
    published2017-08-24
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102717
    titleFedora 26 : kernel (2017-4336d64e21)
  • NASL familyMisc.
    NASL idCITRIX_XENSERVER_CTX225941.NASL
    descriptionThe version of Citrix XenServer installed on the remote host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities as noted in the CTX225941 advisory.
    last seen2020-05-03
    modified2017-08-16
    plugin id102526
    published2017-08-16
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102526
    titleCitrix XenServer Multiple Vulnerabilities (CTX225941)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3659.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-05
    modified2017-12-14
    plugin id105247
    published2017-12-14
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105247
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3659) (BlueBorne) (Dirty COW) (Stack Clash)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0152.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796364] (CVE-2017-1000251) - xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645550] (CVE-2017-12134) - fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638921] (CVE-2017-1000365) (CVE-2017-1000365)
    last seen2020-06-05
    modified2017-09-22
    plugin id103404
    published2017-09-22
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103404
    titleOracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0152) (BlueBorne) (Stack Clash)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3655-1.NASL
    descriptionJann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639) Jan H. Schonherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service (host crash) or possibly gain administrative privileges in the host. (CVE-2017-12134) It was discovered that the Bluetooth HIP Protocol implementation in the Linux kernel did not properly validate HID connection setup information. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-13220) It was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2017-13305) It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449) It was discovered that a race condition existed in the i8042 serial device driver implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18079) It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203) It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204) It was discovered that an infinite loop could occur in the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208) Kefeng Wang discovered that a race condition existed in the memory locking implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2017-18221) Silvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110050
    published2018-05-23
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110050
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-3655-1) (Spectre)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3444-1.NASL
    descriptionJan H. Schonherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service (host crash) or possibly gain administrative privileges in the host. (CVE-2017-12134) Andrey Konovalov discovered that a divide-by-zero error existed in the TCP stack implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14106) Otto Ebeling discovered that the memory manager in the Linux kernel did not properly check the effective UID in some situations. A local attacker could use this to expose sensitive information. (CVE-2017-14140). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id103778
    published2017-10-11
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103778
    titleUbuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3444-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-ED735463E3.NASL
    descriptionQemu: usb: ohci: infinite loop due to incorrect return value [CVE-2017-9330] (#1457698) Qemu: qemu-nbd: server breaks with SIGPIPE upon client abort [CVE-2017-10664] (#1466466) revised full fix for XSA-226 (regressed 32-bit Dom0 or backend domains) ---- full fix for XSA-226, replacing workaround drop conflict of xendomain and libvirtd as can cause problems (#1398590) add-to-physmap error paths fail to release lock on ARM [XSA-235] (#1484476) Qemu: audio: host memory leakage via capture buffer [CVE-2017-8309] (#1446521) Qemu: input: host memory leakage via keyboard events [CVE-2017-8379] (#1446561) ---- Qemu: serial: host memory leakage 16550A UART emulation [CVE-2017-5579] (#1416162) Qemu: display: cirrus: OOB read access issue [CVE-2017-7718] (#1443444) xen: various flaws (#1481765) multiple problems with transitive grants [XSA-226, CVE-2017-12135] x86: PV privilege escalation via map_grant_ref [XSA-227, CVE-2017-12137] grant_table: Race conditions with maptrack free list handling [XSA-228, CVE-2017-12136] grant_table: possibly premature clearing of GTF_writing / GTF_reading [XSA-230, CVE-2017-12855] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-09-20
    plugin id103342
    published2017-09-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103342
    titleFedora 25 : xen (2017-ed735463e3)