Vulnerabilities > CVE-2017-16649 - Divide By Zero vulnerability in Linux Kernel

047910
CVSS 6.6 - MEDIUM
Attack vector
PHYSICAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
low complexity
linux
CWE-369
nessus

Summary

The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.

Vulnerable Configurations

Part Description Count
OS
Linux
3259

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0040-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. - CVE-2017-5715: Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. Please contact your CPU / hardware vendor for potential microcode or BIOS updates needed for this fix. As this feature can have a performance impact, it can be disabled using the
    last seen2020-06-05
    modified2018-01-09
    plugin id105685
    published2018-01-09
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105685
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2018:0040-1) (BlueBorne) (KRACK) (Meltdown) (Spectre)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:0040-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105685);
      script_version("3.11");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-1000251", "CVE-2017-11600", "CVE-2017-12192", "CVE-2017-13080", "CVE-2017-13167", "CVE-2017-14106", "CVE-2017-14140", "CVE-2017-14340", "CVE-2017-15102", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-15274", "CVE-2017-15868", "CVE-2017-16525", "CVE-2017-16527", "CVE-2017-16529", "CVE-2017-16531", "CVE-2017-16534", "CVE-2017-16535", "CVE-2017-16536", "CVE-2017-16537", "CVE-2017-16538", "CVE-2017-16649", "CVE-2017-16939", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17805", "CVE-2017-17806", "CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-7472", "CVE-2017-8824");
      script_xref(name:"IAVA", value:"2017-A-0310");
      script_xref(name:"IAVA", value:"2018-A-0019");
      script_xref(name:"IAVA", value:"2018-A-0020");
    
      script_name(english:"SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0040-1) (BlueBorne) (KRACK) (Meltdown) (Spectre)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive
    various security and bugfixes. This update adds mitigations for
    various side channel attacks against modern CPUs that could disclose
    content of otherwise unreadable memory (bnc#1068032).
    
      - CVE-2017-5753: Local attackers on systems with modern
        CPUs featuring deep instruction pipelining could use
        attacker controllable speculative execution over code
        patterns in the Linux Kernel to leak content from
        otherwise not readable memory in the same address space,
        allowing retrieval of passwords, cryptographic keys and
        other secrets. This problem is mitigated by adding
        speculative fencing on affected code paths throughout
        the Linux kernel.
    
      - CVE-2017-5715: Local attackers on systems with modern
        CPUs featuring branch prediction could use mispredicted
        branches to speculatively execute code patterns that in
        turn could be made to leak other non-readable content in
        the same address space, an attack similar to
        CVE-2017-5753. This problem is mitigated by disabling
        predictive branches, depending on CPU architecture
        either by firmware updates and/or fixes in the
        user-kernel privilege boundaries. Please contact your
        CPU / hardware vendor for potential microcode or BIOS
        updates needed for this fix. As this feature can have a
        performance impact, it can be disabled using the
        'nospec' kernel commandline option.
    
      - CVE-2017-5754: Local attackers on systems with modern
        CPUs featuring deep instruction pipelining could use
        code patterns in userspace to speculative executive code
        that would read otherwise read protected memory, an
        attack similar to CVE-2017-5753. This problem is
        mitigated by unmapping the Linux Kernel from the user
        address space during user code execution, following a
        approach called 'KAISER'. The terms used here are
        'KAISER' / 'Kernel Address Isolation' and 'PTI' / 'Page
        Table Isolation'. This feature is disabled on unaffected
        architectures. This feature can be enabled / disabled by
        the 'pti=[on|off|auto]' or 'nopti' commandline options.
        The following security bugs were fixed :
    
      - CVE-2017-1000251: The native Bluetooth stack in the
        Linux Kernel (BlueZ) was vulnerable to a stack overflow
        vulnerability in the processing of L2CAP configuration
        responses resulting in Remote code execution in kernel
        space (bnc#1057389).
    
      - CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux
        kernel did not ensure that the dir value of
        xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which
        allowed local users to cause a denial of service
        (out-of-bounds access) or possibly have unspecified
        other impact via an XFRM_MSG_MIGRATE xfrm Netlink
        message (bnc#1050231).
    
      - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2)
        allowed reinstallation of the Group Temporal Key (GTK)
        during the group key handshake, allowing an attacker
        within radio range to replay frames from access points
        to clients (bnc#1063667).
    
      - CVE-2017-13167: An elevation of privilege vulnerability
        in the kernel sound timer was fixed. (bnc#1072876).
    
      - CVE-2017-14106: The tcp_disconnect function in
        net/ipv4/tcp.c in the Linux kernel allowed local users
        to cause a denial of service (__tcp_select_window
        divide-by-zero error and system crash) by triggering a
        disconnect within a certain tcp_recvmsg code path
        (bnc#1056982).
    
      - CVE-2017-14140: The move_pages system call in
        mm/migrate.c in the Linux kernel didn't check the
        effective uid of the target process, enabling a local
        attacker to learn the memory layout of a setuid
        executable despite ASLR (bnc#1057179).
    
      - CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in
        fs/xfs/xfs_linux.h in the Linux kernel did not verify
        that a filesystem has a realtime device, which allowed
        local users to cause a denial of service (NULL pointer
        dereference and OOPS) via vectors related to setting an
        RHINHERIT flag on a directory (bnc#1058524).
    
      - CVE-2017-15102: The tower_probe function in
        drivers/usb/misc/legousbtower.c in the Linux kernel
        allowed local users (who are physically proximate for
        inserting a crafted USB device) to gain privileges by
        leveraging a write-what-where condition that occurs
        after a race condition and a NULL pointer dereference
        (bnc#1066705).
    
      - CVE-2017-15115: The sctp_do_peeloff function in
        net/sctp/socket.c in the Linux kernel did not check
        whether the intended netns is used in a peel-off action,
        which allowed local users to cause a denial of service
        (use-after-free and system crash) or possibly have
        unspecified other impact via crafted system calls
        (bnc#1068671).
    
      - CVE-2017-15265: Race condition in the ALSA subsystem in
        the Linux kernel allowed local users to cause a denial
        of service (use-after-free) or possibly have unspecified
        other impact via crafted /dev/snd/seq ioctl calls,
        related to sound/core/seq/seq_clientmgr.c and
        sound/core/seq/seq_ports.c (bnc#1062520).
    
      - CVE-2017-15274: security/keys/keyctl.c in the Linux
        kernel did not consider the case of a NULL payload in
        conjunction with a nonzero length value, which allowed
        local users to cause a denial of service (NULL pointer
        dereference and OOPS) via a crafted add_key or keyctl
        system call, a different vulnerability than
        CVE-2017-12192 (bnc#1045327).
    
      - CVE-2017-15868: The bnep_add_connection function in
        net/bluetooth/bnep/core.c in the Linux kernel did not
        ensure that an l2cap socket is available, which allowed
        local users to gain privileges via a crafted application
        (bnc#1071470).
    
      - CVE-2017-16525: The usb_serial_console_disconnect
        function in drivers/usb/serial/console.c in the Linux
        kernel allowed local users to cause a denial of service
        (use-after-free and system crash) or possibly have
        unspecified other impact via a crafted USB device,
        related to disconnection and failed setup (bnc#1066618).
    
      - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel
        allowed local users to cause a denial of service
        (snd_usb_mixer_interrupt use-after-free and system
        crash) or possibly have unspecified other impact via a
        crafted USB device (bnc#1066625).
    
      - CVE-2017-16529: The snd_usb_create_streams function in
        sound/usb/card.c in the Linux kernel allowed local users
        to cause a denial of service (out-of-bounds read and
        system crash) or possibly have unspecified other impact
        via a crafted USB device (bnc#1066650).
    
      - CVE-2017-16531: drivers/usb/core/config.c in the Linux
        kernel allowed local users to cause a denial of service
        (out-of-bounds read and system crash) or possibly have
        unspecified other impact via a crafted USB device,
        related to the USB_DT_INTERFACE_ASSOCIATION descriptor
        (bnc#1066671).
    
      - CVE-2017-16534: The cdc_parse_cdc_header function in
        drivers/usb/core/message.c in the Linux kernel allowed
        local users to cause a denial of service (out-of-bounds
        read and system crash) or possibly have unspecified
        other impact via a crafted USB device (bnc#1066693).
    
      - CVE-2017-16535: The usb_get_bos_descriptor function in
        drivers/usb/core/config.c in the Linux kernel allowed
        local users to cause a denial of service (out-of-bounds
        read and system crash) or possibly have unspecified
        other impact via a crafted USB device (bnc#1066700).
    
      - CVE-2017-16536: The cx231xx_usb_probe function in
        drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux
        kernel allowed local users to cause a denial of service
        (NULL pointer dereference and system crash) or possibly
        have unspecified other impact via a crafted USB device
        (bnc#1066606).
    
      - CVE-2017-16537: The imon_probe function in
        drivers/media/rc/imon.c in the Linux kernel allowed
        local users to cause a denial of service (NULL pointer
        dereference and system crash) or possibly have
        unspecified other impact via a crafted USB device
        (bnc#1066573).
    
      - CVE-2017-16538: drivers/media/usb/dvb-usb-v2/lmedm04.c
        in the Linux kernel allowed local users to cause a
        denial of service (general protection fault and system
        crash) or possibly have unspecified other impact via a
        crafted USB device, related to a missing warm-start
        check and incorrect attach timing
        (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner)
        (bnc#1066569).
    
      - CVE-2017-16649: The usbnet_generic_cdc_bind function in
        drivers/net/usb/cdc_ether.c in the Linux kernel allowed
        local users to cause a denial of service (divide-by-zero
        error and system crash) or possibly have unspecified
        other impact via a crafted USB device (bnc#1067085).
    
      - CVE-2017-16939: The XFRM dump policy implementation in
        net/xfrm/xfrm_user.c in the Linux kernel allowed local
        users to gain privileges or cause a denial of service
        (use-after-free) via a crafted SO_RCVBUF setsockopt
        system call in conjunction with XFRM_MSG_GETPOLICY
        Netlink messages (bnc#1069702 1069708).
    
      - CVE-2017-17450: net/netfilter/xt_osf.c in the Linux
        kernel did not require the CAP_NET_ADMIN capability for
        add_callback and remove_callback operations, which
        allowed local users to bypass intended access
        restrictions because the xt_osf_fingers data structure
        is shared across all net namespaces (bnc#1071695
        1074033).
    
      - CVE-2017-17558: The usb_destroy_configuration function
        in drivers/usb/core/config.c in the USB core subsystem
        in the Linux kernel did not consider the maximum number
        of configurations and interfaces before attempting to
        release resources, which allowed local users to cause a
        denial of service (out-of-bounds write access) or
        possibly have unspecified other impact via a crafted USB
        device (bnc#1072561).
    
      - CVE-2017-17805: The Salsa20 encryption algorithm in the
        Linux kernel did not correctly handle zero-length
        inputs, allowing a local attacker able to use the
        AF_ALG-based skcipher interface
        (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of
        service (uninitialized-memory free and kernel crash) or
        have unspecified other impact by executing a crafted
        sequence of system calls that use the blkcipher_walk
        API. Both the generic implementation
        (crypto/salsa20_generic.c) and x86 implementation
        (arch/x86/crypto/salsa20_glue.c) of Salsa20 were
        vulnerable (bnc#1073792).
    
      - CVE-2017-17806: The HMAC implementation (crypto/hmac.c)
        in the Linux kernel did not validate that the underlying
        cryptographic hash algorithm is unkeyed, allowing a
        local attacker able to use the AF_ALG-based hash
        interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3
        hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel
        stack-based buffer overflow by executing a crafted
        sequence of system calls that encounter a missing SHA-3
        initialization (bnc#1073874).
    
      - CVE-2017-7472: The KEYS subsystem in the Linux kernel
        allowed local users to cause a denial of service (memory
        consumption) via a series of
        KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring
        calls (bnc#1034862).
    
      - CVE-2017-8824: The dccp_disconnect function in
        net/dccp/proto.c in the Linux kernel allowed local users
        to gain privileges or cause a denial of service
        (use-after-free) via an AF_UNSPEC connect system call
        during the DCCP_LISTEN state (bnc#1070771).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1010175"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1034862"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045327"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050231"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052593"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056982"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057179"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057389"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058524"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1062520"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063544"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063667"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066295"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066472"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066569"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066573"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066606"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066618"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066625"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066650"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066671"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066693"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066700"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066705"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1067085"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1068032"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1068671"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1069702"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1069708"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1070771"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1071074"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1071470"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1071695"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1072561"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1072876"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1073792"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1073874"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1074033"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=999245"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-1000251/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-11600/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-13080/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-13167/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14106/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14140/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14340/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-15102/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-15115/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-15265/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-15274/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-15868/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16525/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16527/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16529/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16531/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16534/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16535/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16536/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16537/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16538/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16649/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16939/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-17450/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-17558/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-17805/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-17806/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-5715/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-5753/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-5754/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-7472/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-8824/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20180040-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f0ddb86e"
      );
      script_set_attribute(
        attribute:"solution",
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch
    slessp3-kernel-20170109-13398=1
    
    SUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch
    slexsp3-kernel-20170109-13398=1
    
    SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch
    sleposp3-kernel-20170109-13398=1
    
    SUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch
    dbgsp3-kernel-20170109-13398=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-bigsmp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-bigsmp-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/11");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/01/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/09");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-ec2-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-ec2-base-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-ec2-devel-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-xen-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-xen-base-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-bigsmp-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-bigsmp-base-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-bigsmp-devel-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-pae-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-pae-base-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"x86_64", reference:"kernel-pae-devel-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"s390x", reference:"kernel-default-man-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-default-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-default-base-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-default-devel-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-source-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-syms-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-trace-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-trace-base-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", reference:"kernel-trace-devel-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-ec2-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-ec2-base-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-ec2-devel-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-xen-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-xen-base-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-xen-devel-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-pae-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-pae-base-3.0.101-0.47.106.11.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"3", cpu:"i586", reference:"kernel-pae-devel-3.0.101-0.47.106.11.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3617-2.NASL
    descriptionUSN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407) It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129) Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532) Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537) Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645) Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646) Andrey Konovalov discovered that the ASIX Ethernet USB driver in the Linux kernel did not properly handle suspend and resume events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16647) Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649) Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650) It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994) It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448) It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741) It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805) It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806) It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a tasks
    last seen2020-06-01
    modified2020-06-02
    plugin id108835
    published2018-04-04
    reporterUbuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108835
    titleUbuntu 16.04 LTS : linux-hwe, linux-gcp, linux-oem vulnerabilities (USN-3617-2)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3617-2. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(108835);
      script_version("1.6");
      script_cvs_date("Date: 2020/01/23");
    
      script_cve_id("CVE-2017-0861", "CVE-2017-1000407", "CVE-2017-15129", "CVE-2017-16532", "CVE-2017-16537", "CVE-2017-16645", "CVE-2017-16646", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-16994", "CVE-2017-17448", "CVE-2017-17450", "CVE-2017-17741", "CVE-2017-17805", "CVE-2017-17806", "CVE-2017-17807", "CVE-2017-18204", "CVE-2018-1000026", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344");
      script_xref(name:"USN", value:"3617-2");
    
      script_name(english:"Ubuntu 16.04 LTS : linux-hwe, linux-gcp, linux-oem vulnerabilities (USN-3617-2)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10.
    This update provides the corresponding updates for the Linux Hardware
    Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.
    
    It was discovered that a race condition leading to a use-after-free
    vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A
    local attacker could use this to cause a denial of service (system
    crash) or possibly execute arbitrary code. (CVE-2017-0861)
    
    It was discovered that the KVM implementation in the Linux kernel
    allowed passthrough of the diagnostic I/O port 0x80. An attacker in a
    guest VM could use this to cause a denial of service (system crash) in
    the host OS. (CVE-2017-1000407)
    
    It was discovered that a use-after-free vulnerability existed in the
    network namespaces implementation in the Linux kernel. A local
    attacker could use this to cause a denial of service (system crash) or
    possibly execute arbitrary code. (CVE-2017-15129)
    
    Andrey Konovalov discovered that the usbtest device driver in the
    Linux kernel did not properly validate endpoint metadata. A physically
    proximate attacker could use this to cause a denial of service (system
    crash). (CVE-2017-16532)
    
    Andrey Konovalov discovered that the SoundGraph iMON USB driver in the
    Linux kernel did not properly validate device metadata. A physically
    proximate attacker could use this to cause a denial of service (system
    crash). (CVE-2017-16537)
    
    Andrey Konovalov discovered that the IMS Passenger Control Unit USB
    driver in the Linux kernel did not properly validate device
    descriptors. A physically proximate attacker could use this to cause a
    denial of service (system crash). (CVE-2017-16645)
    
    Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in
    the Linux kernel did not properly handle detach events. A physically
    proximate attacker could use this to cause a denial of service (system
    crash). (CVE-2017-16646)
    
    Andrey Konovalov discovered that the ASIX Ethernet USB driver in the
    Linux kernel did not properly handle suspend and resume events. A
    physically proximate attacker could use this to cause a denial of
    service (system crash). (CVE-2017-16647)
    
    Andrey Konovalov discovered that the CDC USB Ethernet driver did not
    properly validate device descriptors. A physically proximate attacker
    could use this to cause a denial of service (system crash).
    (CVE-2017-16649)
    
    Andrey Konovalov discovered that the QMI WWAN USB driver did not
    properly validate device descriptors. A physically proximate attacker
    could use this to cause a denial of service (system crash).
    (CVE-2017-16650)
    
    It was discovered that the HugeTLB component of the Linux kernel did
    not properly handle holes in hugetlb ranges. A local attacker could
    use this to expose sensitive information (kernel memory).
    (CVE-2017-16994)
    
    It was discovered that the netfilter component of the Linux did not
    properly restrict access to the connection tracking helpers list. A
    local attacker could use this to bypass intended access restrictions.
    (CVE-2017-17448)
    
    It was discovered that the netfilter passive OS fingerprinting
    (xt_osf) module did not properly perform access control checks. A
    local attacker could improperly modify the system-wide OS fingerprint
    list. (CVE-2017-17450)
    
    Dmitry Vyukov discovered that the KVM implementation in the Linux
    kernel contained an out-of-bounds read when handling memory-mapped
    I/O. A local attacker could use this to expose sensitive information.
    (CVE-2017-17741)
    
    It was discovered that the Salsa20 encryption algorithm
    implementations in the Linux kernel did not properly handle
    zero-length inputs. A local attacker could use this to cause a denial
    of service (system crash). (CVE-2017-17805)
    
    It was discovered that the HMAC implementation did not validate the
    state of the underlying cryptographic hash algorithm. A local attacker
    could use this to cause a denial of service (system crash) or possibly
    execute arbitrary code. (CVE-2017-17806)
    
    It was discovered that the keyring implementation in the Linux kernel
    did not properly check permissions when a key request was performed on
    a tasks' default keyring. A local attacker could use this to add keys
    to unauthorized keyrings. (CVE-2017-17807)
    
    It was discovered that a race condition existed in the OCFS2 file
    system implementation in the Linux kernel. A local attacker could use
    this to cause a denial of service (kernel deadlock). (CVE-2017-18204)
    
    It was discovered that the Broadcom NetXtremeII ethernet driver in the
    Linux kernel did not properly validate Generic Segment Offload (GSO)
    packet sizes. An attacker could use this to cause a denial of service
    (interface unavailability). (CVE-2018-1000026)
    
    It was discovered that the Reliable Datagram Socket (RDS)
    implementation in the Linux kernel contained an out-of-bounds during
    RDMA page allocation. An attacker could use this to cause a denial of
    service (system crash) or possibly execute arbitrary code.
    (CVE-2018-5332)
    
    Mohamed Ghannam discovered a NULL pointer dereference in the RDS
    (Reliable Datagram Sockets) protocol implementation of the Linux
    kernel. A local attacker could use this to cause a denial of service
    (system crash). (CVE-2018-5333)
    
    Fan Long Fei  discovered that a race condition existed in loop block
    device implementation in the Linux kernel. A local attacker could use
    this to cause a denial of service (system crash) or possibly execute
    arbitrary code. (CVE-2018-5344).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3617-2/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-gcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic-lpae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-oem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/04/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/04/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("ksplice.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2017-0861", "CVE-2017-1000407", "CVE-2017-15129", "CVE-2017-16532", "CVE-2017-16537", "CVE-2017-16645", "CVE-2017-16646", "CVE-2017-16647", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-16994", "CVE-2017-17448", "CVE-2017-17450", "CVE-2017-17741", "CVE-2017-17805", "CVE-2017-17806", "CVE-2017-17807", "CVE-2017-18204", "CVE-2018-1000026", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5344");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-3617-2");
      }
      else
      {
        _ubuntu_report = ksplice_reporting_text();
      }
    }
    
    flag = 0;
    
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.13.0-1012-gcp", pkgver:"4.13.0-1012.16")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.13.0-1022-oem", pkgver:"4.13.0-1022.24")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.13.0-38-generic", pkgver:"4.13.0-38.43~16.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.13.0-38-generic-lpae", pkgver:"4.13.0-38.43~16.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.13.0-38-lowlatency", pkgver:"4.13.0-38.43~16.04.1")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-gcp", pkgver:"4.13.0.1012.14")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic-hwe-16.04", pkgver:"4.13.0.38.57")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic-lpae-hwe-16.04", pkgver:"4.13.0.38.57")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-gke", pkgver:"4.13.0.1012.14")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-lowlatency-hwe-16.04", pkgver:"4.13.0.38.57")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"linux-image-oem", pkgver:"4.13.0.1022.26")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.13-gcp / linux-image-4.13-generic / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3249-1.NASL
    descriptionThe SUSE Linux Enterprise 12 kernel was updated to 3.12.61 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bnc#1069702 1069708). - CVE-2017-1000405: The Linux Kernel had a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() could be reached by get_user_pages(). In such case, the pmd would become dirty. This scenario breaks the new can_follow_write_pmd()
    last seen2020-06-01
    modified2020-06-02
    plugin id105150
    published2017-12-11
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105150
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3249-1) (Dirty COW)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:3249-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105150);
      script_version("3.8");
      script_cvs_date("Date: 2019/09/11 11:22:16");
    
      script_cve_id("CVE-2014-0038", "CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15102", "CVE-2017-16525", "CVE-2017-16527", "CVE-2017-16529", "CVE-2017-16531", "CVE-2017-16535", "CVE-2017-16536", "CVE-2017-16537", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-16939");
      script_bugtraq_id(65255);
    
      script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3249-1) (Dirty COW)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 12 kernel was updated to 3.12.61 to receive
    various security and bugfixes. The following security bugs were 
    fixed :
    
      - CVE-2017-16939: The XFRM dump policy implementation in
        net/xfrm/xfrm_user.c in the Linux kernel allowed local
        users to gain privileges or cause a denial of service
        (use-after-free) via a crafted SO_RCVBUF setsockopt
        system call in conjunction with XFRM_MSG_GETPOLICY
        Netlink messages (bnc#1069702 1069708).
    
      - CVE-2017-1000405: The Linux Kernel had a problematic use
        of pmd_mkdirty() in the touch_pmd() function inside the
        THP implementation. touch_pmd() could be reached by
        get_user_pages(). In such case, the pmd would become
        dirty. This scenario breaks the new
        can_follow_write_pmd()'s logic - pmd could become dirty
        without going through a COW cycle. This bug was not as
        severe as the original 'Dirty cow' because an ext4 file
        (or any other regular file) could not be mapped using
        THP. Nevertheless, it did allow us to overwrite
        read-only huge pages. For example, the zero huge page
        and sealed shmem files could be overwritten (since their
        mapping could be populated using THP). Note that after
        the first write page-fault to the zero page, it will be
        replaced with a new fresh (and zeroed) thp (bnc#1069496
        1070307).
    
      - CVE-2017-16649: The usbnet_generic_cdc_bind function in
        drivers/net/usb/cdc_ether.c in the Linux kernel allowed
        local users to cause a denial of service (divide-by-zero
        error and system crash) or possibly have unspecified
        other impact via a crafted USB device (bnc#1067085).
    
      - CVE-2014-0038: The compat_sys_recvmmsg function in
        net/compat.c in the Linux kernel, when CONFIG_X86_X32 is
        enabled, allowed local users to gain privileges via a
        recvmmsg system call with a crafted timeout pointer
        parameter (bnc#860993).
    
      - CVE-2017-16650: The qmi_wwan_bind function in
        drivers/net/usb/qmi_wwan.c in the Linux kernel allowed
        local users to cause a denial of service (divide-by-zero
        error and system crash) or possibly have unspecified
        other impact via a crafted USB device (bnc#1067086).
    
      - CVE-2017-16535: The usb_get_bos_descriptor function in
        drivers/usb/core/config.c in the Linux kernel allowed
        local users to cause a denial of service (out-of-bounds
        read and system crash) or possibly have unspecified
        other impact via a crafted USB device (bnc#1066700).
    
      - CVE-2017-15102: The tower_probe function in
        drivers/usb/misc/legousbtower.c in the Linux kernel
        allowed local users (who are physically proximate for
        inserting a crafted USB device) to gain privileges by
        leveraging a write-what-where condition that occurs
        after a race condition and a NULL pointer dereference
        (bnc#1066705).
    
      - CVE-2017-16531: drivers/usb/core/config.c in the Linux
        kernel allowed local users to cause a denial of service
        (out-of-bounds read and system crash) or possibly have
        unspecified other impact via a crafted USB device,
        related to the USB_DT_INTERFACE_ASSOCIATION descriptor
        (bnc#1066671).
    
      - CVE-2017-12193: The
        assoc_array_insert_into_terminal_node function in
        lib/assoc_array.c in the Linux kernel mishandled node
        splitting, which allowed local users to cause a denial
        of service (NULL pointer dereference and panic) via a
        crafted application, as demonstrated by the keyring key
        type, and key addition and link creation operations
        (bnc#1066192).
    
      - CVE-2017-16529: The snd_usb_create_streams function in
        sound/usb/card.c in the Linux kernel allowed local users
        to cause a denial of service (out-of-bounds read and
        system crash) or possibly have unspecified other impact
        via a crafted USB device (bnc#1066650).
    
      - CVE-2017-16525: The usb_serial_console_disconnect
        function in drivers/usb/serial/console.c in the Linux
        kernel allowed local users to cause a denial of service
        (use-after-free and system crash) or possibly have
        unspecified other impact via a crafted USB device,
        related to disconnection and failed setup (bnc#1066618).
    
      - CVE-2017-16537: The imon_probe function in
        drivers/media/rc/imon.c in the Linux kernel allowed
        local users to cause a denial of service (NULL pointer
        dereference and system crash) or possibly have
        unspecified other impact via a crafted USB device
        (bnc#1066573).
    
      - CVE-2017-16536: The cx231xx_usb_probe function in
        drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux
        kernel allowed local users to cause a denial of service
        (NULL pointer dereference and system crash) or possibly
        have unspecified other impact via a crafted USB device
        (bnc#1066606).
    
      - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel
        allowed local users to cause a denial of service
        (snd_usb_mixer_interrupt use-after-free and system
        crash) or possibly have unspecified other impact via a
        crafted USB device (bnc#1066625).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1043652"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047626"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066192"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066471"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066472"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066573"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066606"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066618"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066625"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066650"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066671"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066700"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066705"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1067085"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1067086"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1067997"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1069496"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1069702"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1069708"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1070307"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1070781"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=860993"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-0038/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-1000405/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-12193/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-15102/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16525/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16527/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16529/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16531/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16535/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16536/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16537/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16649/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16650/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16939/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20173249-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?73fbeea3"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-2017-2024=1
    
    SUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch
    SUSE-SLE-Module-Public-Cloud-12-2017-2024=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel recvmmsg Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_106-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_106-xen");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/11");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-3.12.61-52.106.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-base-3.12.61-52.106.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.12.61-52.106.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.12.61-52.106.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-debugsource-3.12.61-52.106.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-devel-3.12.61-52.106.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kgraft-patch-3_12_61-52_106-default-1-5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kgraft-patch-3_12_61-52_106-xen-1-5.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", cpu:"s390x", reference:"kernel-default-man-3.12.61-52.106.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-3.12.61-52.106.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-base-3.12.61-52.106.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-base-debuginfo-3.12.61-52.106.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-debuginfo-3.12.61-52.106.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-debugsource-3.12.61-52.106.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-devel-3.12.61-52.106.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-syms-3.12.61-52.106.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3265-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-16649: The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067085). - CVE-2017-16535: The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066700). - CVE-2017-15102: The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference (bnc#1066705). - CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor (bnc#1066671). - CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066650). - CVE-2017-16525: The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup (bnc#1066618). - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066573). - CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066606). - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066625). - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667). - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192 (bnc#1045327). - CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520). - CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local users to cause a denial of service (panic) by leveraging incorrect length validation (bnc#1059051). - CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel did not verify that a filesystem has a realtime device, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (bnc#1058524). - CVE-2017-14140: The move_pages system call in mm/migrate.c in the Linux kernel doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id105172
    published2017-12-12
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105172
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2017:3265-1) (KRACK)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:3265-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105172);
      script_version("3.15");
      script_cvs_date("Date: 2019/09/11 11:22:16");
    
      script_cve_id("CVE-2017-1000112", "CVE-2017-10661", "CVE-2017-12192", "CVE-2017-12762", "CVE-2017-13080", "CVE-2017-14051", "CVE-2017-14140", "CVE-2017-14340", "CVE-2017-14489", "CVE-2017-15102", "CVE-2017-15265", "CVE-2017-15274", "CVE-2017-16525", "CVE-2017-16527", "CVE-2017-16529", "CVE-2017-16531", "CVE-2017-16535", "CVE-2017-16536", "CVE-2017-16537", "CVE-2017-16649", "CVE-2017-8831");
      script_xref(name:"IAVA", value:"2017-A-0310");
    
      script_name(english:"SUSE SLES11 Security Update : kernel (SUSE-SU-2017:3265-1) (KRACK)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
    security and bugfixes. The following security bugs were fixed :
    
      - CVE-2017-16649: The usbnet_generic_cdc_bind function in
        drivers/net/usb/cdc_ether.c in the Linux kernel allowed
        local users to cause a denial of service (divide-by-zero
        error and system crash) or possibly have unspecified
        other impact via a crafted USB device (bnc#1067085).
    
      - CVE-2017-16535: The usb_get_bos_descriptor function in
        drivers/usb/core/config.c in the Linux kernel allowed
        local users to cause a denial of service (out-of-bounds
        read and system crash) or possibly have unspecified
        other impact via a crafted USB device (bnc#1066700).
    
      - CVE-2017-15102: The tower_probe function in
        drivers/usb/misc/legousbtower.c in the Linux kernel
        allowed local users (who are physically proximate for
        inserting a crafted USB device) to gain privileges by
        leveraging a write-what-where condition that occurs
        after a race condition and a NULL pointer dereference
        (bnc#1066705).
    
      - CVE-2017-16531: drivers/usb/core/config.c in the Linux
        kernel allowed local users to cause a denial of service
        (out-of-bounds read and system crash) or possibly have
        unspecified other impact via a crafted USB device,
        related to the USB_DT_INTERFACE_ASSOCIATION descriptor
        (bnc#1066671).
    
      - CVE-2017-16529: The snd_usb_create_streams function in
        sound/usb/card.c in the Linux kernel allowed local users
        to cause a denial of service (out-of-bounds read and
        system crash) or possibly have unspecified other impact
        via a crafted USB device (bnc#1066650).
    
      - CVE-2017-16525: The usb_serial_console_disconnect
        function in drivers/usb/serial/console.c in the Linux
        kernel allowed local users to cause a denial of service
        (use-after-free and system crash) or possibly have
        unspecified other impact via a crafted USB device,
        related to disconnection and failed setup (bnc#1066618).
    
      - CVE-2017-16537: The imon_probe function in
        drivers/media/rc/imon.c in the Linux kernel allowed
        local users to cause a denial of service (NULL pointer
        dereference and system crash) or possibly have
        unspecified other impact via a crafted USB device
        (bnc#1066573).
    
      - CVE-2017-16536: The cx231xx_usb_probe function in
        drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux
        kernel allowed local users to cause a denial of service
        (NULL pointer dereference and system crash) or possibly
        have unspecified other impact via a crafted USB device
        (bnc#1066606).
    
      - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel
        allowed local users to cause a denial of service
        (snd_usb_mixer_interrupt use-after-free and system
        crash) or possibly have unspecified other impact via a
        crafted USB device (bnc#1066625).
    
      - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2)
        allowed reinstallation of the Group Temporal Key (GTK)
        during the group key handshake, allowing an attacker
        within radio range to replay frames from access points
        to clients (bnc#1063667).
    
      - CVE-2017-15274: security/keys/keyctl.c in the Linux
        kernel did not consider the case of a NULL payload in
        conjunction with a nonzero length value, which allowed
        local users to cause a denial of service (NULL pointer
        dereference and OOPS) via a crafted add_key or keyctl
        system call, a different vulnerability than
        CVE-2017-12192 (bnc#1045327).
    
      - CVE-2017-15265: Race condition in the ALSA subsystem in
        the Linux kernel allowed local users to cause a denial
        of service (use-after-free) or possibly have unspecified
        other impact via crafted /dev/snd/seq ioctl calls,
        related to sound/core/seq/seq_clientmgr.c and
        sound/core/seq/seq_ports.c (bnc#1062520).
    
      - CVE-2017-14489: The iscsi_if_rx function in
        drivers/scsi/scsi_transport_iscsi.c in the Linux kernel
        allowed local users to cause a denial of service (panic)
        by leveraging incorrect length validation (bnc#1059051).
    
      - CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in
        fs/xfs/xfs_linux.h in the Linux kernel did not verify
        that a filesystem has a realtime device, which allowed
        local users to cause a denial of service (NULL pointer
        dereference and OOPS) via vectors related to setting an
        RHINHERIT flag on a directory (bnc#1058524).
    
      - CVE-2017-14140: The move_pages system call in
        mm/migrate.c in the Linux kernel doesn't check the
        effective uid of the target process, enabling a local
        attacker to learn the memory layout of a setuid
        executable despite ASLR (bnc#1057179).
    
      - CVE-2017-14051: An integer overflow in the
        qla2x00_sysfs_write_optrom_ctl function in
        drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel
        allowed local users to cause a denial of service (memory
        corruption and system crash) by leveraging root access
        (bnc#1056588).
    
      - CVE-2017-10661: Race condition in fs/timerfd.c in the
        Linux kernel allowed local users to gain privileges or
        cause a denial of service (list corruption or
        use-after-free) via simultaneous file-descriptor
        operations that leverage improper might_cancel queueing
        (bnc#1053152).
    
      - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A
        user-controlled buffer is copied into a local buffer of
        constant size using strcpy without a length check which
        can cause a buffer overflow. (bnc#1053148).
    
      - CVE-2017-8831: The saa7164_bus_get function in
        drivers/media/pci/saa7164/saa7164-bus.c in the Linux
        kernel allowed local users to cause a denial of service
        (out-of-bounds array access) or possibly have
        unspecified other impact by changing a certain
        sequence-number value, aka a 'double fetch'
        vulnerability (bnc#1037994).
    
      - CVE-2017-1000112: An exploitable memory corruption due
        to UFO to non-UFO path switch was fixed. (bnc#1052311
        bnc#1052365).
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1012917"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1013018"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022967"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1024450"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1031358"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1036286"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1036629"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037441"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037667"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037669"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1037994"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1039803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1040609"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1042863"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045154"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045205"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045327"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1045538"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047523"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050381"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1050431"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051133"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1051932"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052311"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052365"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052370"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1052593"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053148"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053152"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053317"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053802"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053933"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1054070"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1054076"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1054093"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1054247"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1054305"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1054706"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056230"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056504"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1056588"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057179"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1057796"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1058524"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1059051"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1060245"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1060665"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061017"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1061180"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1062520"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1062842"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063301"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063544"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063667"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1064861"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1065180"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066471"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066472"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066573"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066606"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066618"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066625"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066650"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066671"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066700"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066705"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1067085"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1067816"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1067888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=909484"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=984530"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=996376"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-1000112/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-10661/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-12762/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-13080/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14051/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14140/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14340/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-14489/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-15102/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-15265/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-15274/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16525/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16527/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16529/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16531/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16535/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16536/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16537/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16649/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-8831/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20173265-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f1e5f1fa"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
    patch sdksp4-kernel-20171124-13375=1
    
    SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
    slessp4-kernel-20171124-13375=1
    
    SUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch
    slexsp3-kernel-20171124-13375=1
    
    SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
    dbgsp4-kernel-20171124-13375=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-ec2-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-pae-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/12");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"II");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-ec2-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-ec2-base-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-ec2-devel-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-xen-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-xen-base-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-xen-devel-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-pae-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-pae-base-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"x86_64", reference:"kernel-pae-devel-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"s390x", reference:"kernel-default-man-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-default-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-default-base-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-default-devel-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-source-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-syms-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-trace-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-trace-base-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", reference:"kernel-trace-devel-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-ec2-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-ec2-base-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-ec2-devel-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-xen-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-xen-base-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-xen-devel-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-pae-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-pae-base-3.0.101-108.18.1")) flag++;
    if (rpm_check(release:"SLES11", sp:"4", cpu:"i586", reference:"kernel-pae-devel-3.0.101-108.18.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-3210-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages. (bnc#1069702) - CVE-2017-1000405: mm, thp: do not dirty huge pages on read fault (bnc#1069496). - CVE-2017-16649: The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. (bnc#1067085) - CVE-2014-0038: The compat_sys_recvmmsg function in net/compat.c, when CONFIG_X86_X32 is enabled, allowed local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter (bnc#860993). - CVE-2017-16650: The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel allowed local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. (bnc#1067086) - CVE-2017-16535: The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. (bnc#1066700) - CVE-2017-15102: The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference. (bnc#1066705) - CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor. (bnc#1066671) - CVE-2017-12193: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel mishandled node splitting, which allowed local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations. (bnc#1066192) - CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. (bnc#1066650) - CVE-2017-16525: The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup. (bnc#1066618) - CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. (bnc#1066573) - CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. (bnc#1066606) - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. (bnc#1066625) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id105020
    published2017-12-05
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105020
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:3210-1) (Dirty COW)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2017:3210-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105020);
      script_version("3.8");
      script_cvs_date("Date: 2019/09/11 11:22:16");
    
      script_cve_id("CVE-2014-0038", "CVE-2017-1000405", "CVE-2017-12193", "CVE-2017-15102", "CVE-2017-16525", "CVE-2017-16527", "CVE-2017-16529", "CVE-2017-16531", "CVE-2017-16535", "CVE-2017-16536", "CVE-2017-16537", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-16939");
      script_bugtraq_id(65255);
    
      script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3210-1) (Dirty COW)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various
    security and bugfixes. The following security bugs were fixed :
    
      - CVE-2017-16939: The XFRM dump policy implementation in
        net/xfrm/xfrm_user.c in the Linux kernel allowed local
        users to gain privileges or cause a denial of service
        (use-after-free) via a crafted SO_RCVBUF setsockopt
        system call in conjunction with XFRM_MSG_GETPOLICY
        Netlink messages. (bnc#1069702)
    
      - CVE-2017-1000405: mm, thp: do not dirty huge pages on
        read fault (bnc#1069496).
    
      - CVE-2017-16649: The usbnet_generic_cdc_bind function in
        drivers/net/usb/cdc_ether.c in the Linux kernel allowed
        local users to cause a denial of service (divide-by-zero
        error and system crash) or possibly have unspecified
        other impact via a crafted USB device. (bnc#1067085)
    
      - CVE-2014-0038: The compat_sys_recvmmsg function in
        net/compat.c, when CONFIG_X86_X32 is enabled, allowed
        local users to gain privileges via a recvmmsg system
        call with a crafted timeout pointer parameter
        (bnc#860993).
    
      - CVE-2017-16650: The qmi_wwan_bind function in
        drivers/net/usb/qmi_wwan.c in the Linux kernel allowed
        local users to cause a denial of service (divide-by-zero
        error and system crash) or possibly have unspecified
        other impact via a crafted USB device. (bnc#1067086)
    
      - CVE-2017-16535: The usb_get_bos_descriptor function in
        drivers/usb/core/config.c in the Linux kernel allowed
        local users to cause a denial of service (out-of-bounds
        read and system crash) or possibly have unspecified
        other impact via a crafted USB device. (bnc#1066700)
    
      - CVE-2017-15102: The tower_probe function in
        drivers/usb/misc/legousbtower.c in the Linux kernel
        allowed local users (who are physically proximate for
        inserting a crafted USB device) to gain privileges by
        leveraging a write-what-where condition that occurs
        after a race condition and a NULL pointer dereference.
        (bnc#1066705)
    
      - CVE-2017-16531: drivers/usb/core/config.c in the Linux
        kernel allowed local users to cause a denial of service
        (out-of-bounds read and system crash) or possibly have
        unspecified other impact via a crafted USB device,
        related to the USB_DT_INTERFACE_ASSOCIATION descriptor.
        (bnc#1066671)
    
      - CVE-2017-12193: The
        assoc_array_insert_into_terminal_node function in
        lib/assoc_array.c in the Linux kernel mishandled node
        splitting, which allowed local users to cause a denial
        of service (NULL pointer dereference and panic) via a
        crafted application, as demonstrated by the keyring key
        type, and key addition and link creation operations.
        (bnc#1066192)
    
      - CVE-2017-16529: The snd_usb_create_streams function in
        sound/usb/card.c in the Linux kernel allowed local users
        to cause a denial of service (out-of-bounds read and
        system crash) or possibly have unspecified other impact
        via a crafted USB device. (bnc#1066650)
    
      - CVE-2017-16525: The usb_serial_console_disconnect
        function in drivers/usb/serial/console.c in the Linux
        kernel allowed local users to cause a denial of service
        (use-after-free and system crash) or possibly have
        unspecified other impact via a crafted USB device,
        related to disconnection and failed setup. (bnc#1066618)
    
      - CVE-2017-16537: The imon_probe function in
        drivers/media/rc/imon.c in the Linux kernel allowed
        local users to cause a denial of service (NULL pointer
        dereference and system crash) or possibly have
        unspecified other impact via a crafted USB device.
        (bnc#1066573)
    
      - CVE-2017-16536: The cx231xx_usb_probe function in
        drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux
        kernel allowed local users to cause a denial of service
        (NULL pointer dereference and system crash) or possibly
        have unspecified other impact via a crafted USB device.
        (bnc#1066606)
    
      - CVE-2017-16527: sound/usb/mixer.c in the Linux kernel
        allowed local users to cause a denial of service
        (snd_usb_mixer_interrupt use-after-free and system
        crash) or possibly have unspecified other impact via a
        crafted USB device. (bnc#1066625)
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1047626"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1059465"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066471"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066472"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1069496"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=860993"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=975788"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2014-0038/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-1000405/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-12193/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-15102/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16525/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16527/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16529/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16531/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16535/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16536/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16537/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16649/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16650/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2017-16939/"
      );
      # https://www.suse.com/support/update/announcement/2017/suse-su-20173210-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?928d702a"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use YaST online_update.
    Alternatively you can run the command listed for your product :
    
    SUSE OpenStack Cloud 6:zypper in -t patch
    SUSE-OpenStack-Cloud-6-2017-1995=1
    
    SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
    SUSE-SLE-SAP-12-SP1-2017-1995=1
    
    SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2017-1995=1
    
    SUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch
    SUSE-SLE-Module-Public-Cloud-12-2017-1995=1
    
    To bring your system up-to-date, use 'zypper patch'."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel recvmmsg Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_66-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_66-xen");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/05");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-3.12.74-60.64.66.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-3.12.74-60.64.66.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.12.74-60.64.66.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.12.74-60.64.66.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-debugsource-3.12.74-60.64.66.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-devel-3.12.74-60.64.66.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_66-default-1-2.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_66-xen-1-2.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"s390x", reference:"kernel-default-man-3.12.74-60.64.66.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-3.12.74-60.64.66.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-base-3.12.74-60.64.66.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-base-debuginfo-3.12.74-60.64.66.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-debuginfo-3.12.74-60.64.66.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-debugsource-3.12.74-60.64.66.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-devel-3.12.74-60.64.66.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-syms-3.12.74-60.64.66.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1291.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in the key management subsystem of the Linux kernel. An update on an uninstantiated key could cause a kernel panic, leading to denial of service (DoS).(CVE-2017-15299) - The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.(CVE-2017-16525) - drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16526) - drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.(CVE-2017-16531) - The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16532) - The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16533) - The uas driver in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to drivers/usb/storage/uas-detect.h and drivers/usb/storage/uas.c.(CVE-2017-16530) - The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16535) - A flaw was found that sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users. Uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.(CVE-2017-1000380) - The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16537) - drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).(CVE-2017-16538) - The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16536) - The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16645) - The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16643) - The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16644) - The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16534) - The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16650) - The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16649) - The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16529) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-12-01
    plugin id104910
    published2017-12-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104910
    titleEulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1291)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3617-3.NASL
    descriptionIt was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129) Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532) Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537) Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645) Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646) Andrey Konovalov discovered that the ASIX Ethernet USB driver in the Linux kernel did not properly handle suspend and resume events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16647) Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649) Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650) It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994) It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448) It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741) It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805) It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806) It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a tasks
    last seen2020-06-01
    modified2020-06-02
    plugin id108840
    published2018-04-05
    reporterUbuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108840
    titleUbuntu 17.10 : linux-raspi2 vulnerabilities (USN-3617-3)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-F9F3D80442.NASL
    descriptionThe 4.13.16 update contains various fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-12-01
    plugin id104943
    published2017-12-01
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104943
    titleFedora 26 : kernel (2017-f9f3d80442)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0041.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - x86/entry/64: Don
    last seen2020-06-01
    modified2020-06-02
    plugin id109668
    published2018-05-10
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109668
    titleOracleVM 3.3 : Unbreakable / etc (OVMSA-2018-0041) (Spectre)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-4109.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id109829
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109829
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4109) (Meltdown) (Spectre)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3617-1.NASL
    descriptionIt was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407) It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129) Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532) Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537) Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645) Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646) Andrey Konovalov discovered that the ASIX Ethernet USB driver in the Linux kernel did not properly handle suspend and resume events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16647) Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649) Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650) It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994) It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448) It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741) It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805) It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806) It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a tasks
    last seen2020-06-01
    modified2020-06-02
    plugin id108834
    published2018-04-04
    reporterUbuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108834
    titleUbuntu 17.10 : linux vulnerabilities (USN-3617-1)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0035.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0035 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id109158
    published2018-04-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109158
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0035) (Dirty COW) (Meltdown) (Spectre)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-4071.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id109156
    published2018-04-19
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109156
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4071) (Dirty COW) (Meltdown) (Spectre)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-4110.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id109881
    published2018-05-17
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109881
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4110) (Meltdown) (Spectre)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-937.NASL
    descriptionA flaw was found in the patches used to fix the
    last seen2020-06-01
    modified2020-06-02
    plugin id105422
    published2017-12-26
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105422
    titleAmazon Linux AMI : kernel (ALAS-2017-937) (Dirty COW)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-4089.NASL
    descriptionDescription of changes: kernel-uek [3.8.13-118.20.6.el7uek] - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947608] {CVE-2018-100199} [3.8.13-118.20.5.el7uek] - x86/microcode: probe CPU features on microcode update (Ankur Arora) [Orabug: 27806667] - x86/microcode: microcode_write() should not reference boot_cpu_data (Ankur Arora) [Orabug: 27806667] - x86/cpufeatures: use cpu_data in init_scattered_cpuid_flags() (Ankur Arora) [Orabug: 27806667] [3.8.13-118.20.4.el7uek] - Drivers: hv: fcopy: set .owner reference for file operations (Joe Jin) [Orabug: 21191022] - ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148281] {CVE-2017-16527} - HID: usbhid: fix out-of-bounds bug (Jaejoong Kim) [Orabug: 27207929] {CVE-2017-16533} - [media] cx231xx-cards: fix NULL-deref on missing association descriptor (Johan Hovold) [Orabug: 27208072] {CVE-2017-16536} - net: cdc_ether: fix divide by 0 on bad descriptors (Bj&oslash rn Mork) [Orabug: 27215201] {CVE-2017-16649} - x86/microcode/intel: Extend BDW late-loading with a revision check (Jia Zhang) [Orabug: 27343577] - x86/microcode/intel: Disable late loading on model 79 (Borislav Petkov) [Orabug: 27343577] - Bluetooth: bnep: bnep_add_connection() should verify that it
    last seen2020-06-01
    modified2020-06-02
    plugin id109543
    published2018-05-03
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109543
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4089) (Spectre)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3619-2.NASL
    descriptionUSN-3619-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16995) It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407) It was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses). (CVE-2017-11472) It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129) It was discovered that the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel contained a use-after-free when handling device removal. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16528) Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532) Andrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536) Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537) Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645) Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646) Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649) Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650) It was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911) It was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912) It was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913) It was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16914) It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994) It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448) It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449) It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450) It was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741) It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805) It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806) It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task
    last seen2020-06-01
    modified2020-06-02
    plugin id108878
    published2018-04-06
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108878
    titleUbuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3619-2)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1513.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the
    last seen2020-03-19
    modified2019-05-15
    plugin id125101
    published2019-05-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125101
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1513)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3619-1.NASL
    descriptionJann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16995) It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861) It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407) It was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses). (CVE-2017-11472) It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129) It was discovered that the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel contained a use-after-free when handling device removal. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16528) Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532) Andrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536) Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537) Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645) Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646) Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649) Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16650) It was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911) It was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912) It was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913) It was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16914) It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16994) It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions. (CVE-2017-17448) It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449) It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450) It was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558) Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information. (CVE-2017-17741) It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805) It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806) It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task
    last seen2020-06-01
    modified2020-06-02
    plugin id108842
    published2018-04-05
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108842
    titleUbuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3619-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3822-1.NASL
    descriptionJim Mattson discovered that the KVM implementation in the Linux kernel mismanages the #BP and #OF exceptions. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash). (CVE-2016-9588) It was discovered that the generic SCSI driver in the Linux kernel did not properly enforce permissions on kernel memory access. A local attacker could use this to expose sensitive information or possibly elevate privileges. (CVE-2017-13168) Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16649) It was discovered that an integer overflow existed in the CD-ROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-16658) It was discovered that an integer overflow existed in the HID Bluetooth implementation in the Linux kernel that could lead to a buffer overwrite. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9363). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id118973
    published2018-11-15
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118973
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-3822-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1319.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the processing of incoming L2CAP bluetooth commands. Uninitialized stack variables can be sent to an attacker leaking data in kernel address space.(CVE-2017-1000410) - The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16650) - The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16649) - The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16645) - The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16644) - The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16643) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2017-12-07
    plugin id105047
    published2017-12-07
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105047
    titleEulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1319)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-4088.NASL
    descriptionDescription of changes: [2.6.39-400.298.6.el6uek] - perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947612] {CVE-2018-100199} [2.6.39-400.298.5.el6uek] - xen-netfront: fix rx stall when req_prod_pvt goes back to more than zero again (Dongli Zhang) [Orabug: 25053376] - x86/IBRS: Remove support for IBRS_ENABLED_USER mode (Boris Ostrovsky) [Orabug: 27430615] - x86/microcode/intel: Disable late loading on model 79 (Borislav Petkov) [Orabug: 27343579] [2.6.39-400.298.4.el6uek] - ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148283] {CVE-2017-16527} - uwb: properly check kthread_run return value (Andrey Konovalov) [Orabug: 27206900] {CVE-2017-16526} - HID: usbhid: fix out-of-bounds bug (Jaejoong Kim) [Orabug: 27207935] {CVE-2017-16533} - cx231xx-cards: fix NULL-deref on missing association descriptor (Johan Hovold) [Orabug: 27208080] {CVE-2017-16536} - net: cdc_ether: fix divide by 0 on bad descriptors (Bj&oslash rn Mork) [Orabug: 27215206] {CVE-2017-16649} - Bluetooth: bnep: bnep_add_connection() should verify that it
    last seen2020-06-01
    modified2020-06-02
    plugin id109524
    published2018-05-02
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109524
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2018-4088) (Spectre)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-905BB449BC.NASL
    descriptionThe 4.13.16 update contains various fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-12-04
    plugin id104979
    published2017-12-04
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104979
    titleFedora 25 : kernel (2017-905bb449bc)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1200.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2016-10208 Sergej Schumilo and Ralf Spenneberg discovered that a crafted ext4 filesystem could trigger memory corruption when it is mounted. A user that can provide a device or filesystem image to be mounted could use this for denial of service (crash or data corruption) or possibly for privilege escalation. CVE-2017-8824 Mohamed Ghannam discovered that the DCCP implementation did not correctly manage resources when a socket is disconnected and reconnected, potentially leading to a use-after-free. A local user could use this for denial of service (crash or data corruption) or possibly for privilege escalation. On systems that do not already have the dccp module loaded, this can be mitigated by disabling it: echo >> /etc/modprobe.d/disable-dccp.conf install dccp false CVE-2017-8831 Pengfei Wang discovered that the saa7164 video capture driver re-reads data from a PCI device after validating it. A physically present user able to attach a specially designed PCI device could use this for privilege escalation. CVE-2017-12190 Vitaly Mayatskikh discovered that the block layer did not correctly count page references for raw I/O from user-space. This can be exploited by a guest VM with access to a host SCSI device for denial of service (memory exhaustion) or potentially for privilege escalation. CVE-2017-13080 A vulnerability was found in the WPA2 protocol that could lead to reinstallation of the same Group Temporal Key (GTK), which substantially reduces the security of wifi encryption. This is one of the issues collectively known as
    last seen2020-03-17
    modified2017-12-11
    plugin id105116
    published2017-12-11
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105116
    titleDebian DLA-1200-1 : linux security update (KRACK)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-92A0AE09AA.NASL
    descriptionThe 4.13.16 update contains various fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-01-15
    plugin id105930
    published2018-01-15
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105930
    titleFedora 27 : kernel (2017-92a0ae09aa)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1501.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel, before 4.13.8, allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16533) - The cdc_parse_cdc_header() function in
    last seen2020-06-01
    modified2020-06-02
    plugin id124824
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124824
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1501)