Vulnerabilities > CVE-2019-0136 - Unspecified vulnerability in Intel Proset/Wireless Wifi

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(131349);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");

  script_cve_id(
    "CVE-2019-0136",
    "CVE-2019-16234",
    "CVE-2019-16746",
    "CVE-2019-17052",
    "CVE-2019-17053",
    "CVE-2019-17054",
    "CVE-2019-17055",
    "CVE-2019-17056",
    "CVE-2019-17075",
    "CVE-2019-17133",
    "CVE-2019-17666",
    "CVE-2019-18806",
    "CVE-2019-18809",
    "CVE-2019-18813"
  );

  script_name(english:"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2019-2283)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - A memory leak in the af9005_identify_state() function
    in drivers/media/usb/dvb-usb/af9005.c in the Linux
    kernel through 5.3.9 allows attackers to cause a denial
    of service (memory consumption), aka
    CID-2289adbfa559.(CVE-2019-18809)

  - A memory leak in the dwc3_pci_probe() function in
    drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through
    5.3.9 allows attackers to cause a denial of service
    (memory consumption) by triggering
    platform_device_add_properties() failures, aka
    CID-9bbfceea12a8.(CVE-2019-18813)

  - A memory leak in the ql_alloc_large_buffers() function
    in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux
    kernel before 5.3.5 allows local users to cause a
    denial of service (memory consumption) by triggering
    pci_dma_mapping_error() failures, aka
    CID-1acb8f2a7a9f.(CVE-2019-18806)

  - drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the
    Linux kernel 5.2.14 does not check the alloc_workqueue
    return value, leading to a NULL pointer
    dereference.(CVE-2019-16234)

  - Insufficient access control in the Intel(R)
    PROSet/Wireless WiFi Software driver before version
    21.10 may allow an unauthenticated user to potentially
    enable denial of service via adjacent
    access.(CVE-2019-0136)

  - An issue was discovered in net/wireless/nl80211.c in
    the Linux kernel through 5.2.17. It does not check the
    length of variable elements in a beacon head, leading
    to a buffer overflow.(CVE-2019-16746)

  - In the Linux kernel through 5.3.2,
    cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c
    does not reject a long SSID IE, leading to a Buffer
    Overflow.(CVE-2019-17133)

  - rtl_p2p_noa_ie in
    drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux
    kernel through 5.3.6 lacks a certain upper-bound check,
    leading to a buffer overflow.(CVE-2019-17666)

  - An issue was discovered in write_tpt_entry in
    drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel
    through 5.3.2. The cxgb4 driver is directly calling
    dma_map_single (a DMA function) from a stack variable.
    This could allow an attacker to trigger a Denial of
    Service, exploitable if this driver is used on an
    architecture for which this stack/DMA interaction has
    security relevance.(CVE-2019-17075)

  - ax25_create in net/ax25/af_ax25.c in the AF_AX25
    network module in the Linux kernel through 5.3.2 does
    not enforce CAP_NET_RAW, which means that unprivileged
    users can create a raw socket, aka
    CID-0614e2b73768.(CVE-2019-17052)

  - ieee802154_create in net/ieee802154/socket.c in the
    AF_IEEE802154 network module in the Linux kernel
    through 5.3.2 does not enforce CAP_NET_RAW, which means
    that unprivileged users can create a raw socket, aka
    CID-e69dbd4619e7.(CVE-2019-17053)

  - atalk_create in net/appletalk/ddp.c in the AF_APPLETALK
    network module in the Linux kernel through 5.3.2 does
    not enforce CAP_NET_RAW, which means that unprivileged
    users can create a raw socket, aka
    CID-6cc03e8aa36c.(CVE-2019-17054)

  - base_sock_create in drivers/isdn/mISDN/socket.c in the
    AF_ISDN network module in the Linux kernel through
    5.3.2 does not enforce CAP_NET_RAW, which means that
    unprivileged users can create a raw socket, aka
    CID-b91ee4aa2a21.(CVE-2019-17055)

  - llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC
    network module in the Linux kernel through 5.3.2 does
    not enforce CAP_NET_RAW, which means that unprivileged
    users can create a raw socket, aka
    CID-3a359798b176.(CVE-2019-17056)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2283
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?751dbe06");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bpftool");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["bpftool-4.19.36-vhulk1907.1.0.h529.eulerosv2r8",
        "kernel-4.19.36-vhulk1907.1.0.h529.eulerosv2r8",
        "kernel-devel-4.19.36-vhulk1907.1.0.h529.eulerosv2r8",
        "kernel-headers-4.19.36-vhulk1907.1.0.h529.eulerosv2r8",
        "kernel-source-4.19.36-vhulk1907.1.0.h529.eulerosv2r8",
        "kernel-tools-4.19.36-vhulk1907.1.0.h529.eulerosv2r8",
        "kernel-tools-libs-4.19.36-vhulk1907.1.0.h529.eulerosv2r8",
        "perf-4.19.36-vhulk1907.1.0.h529.eulerosv2r8",
        "python-perf-4.19.36-vhulk1907.1.0.h529.eulerosv2r8",
        "python3-perf-4.19.36-vhulk1907.1.0.h529.eulerosv2r8"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4147-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(129677);
  script_version("1.2");
  script_cvs_date("Date: 2019/12/19");

  script_cve_id("CVE-2019-0136", "CVE-2019-10207", "CVE-2019-13631", "CVE-2019-15090", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15215", "CVE-2019-15217", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15223", "CVE-2019-15538", "CVE-2019-15925", "CVE-2019-15926", "CVE-2019-9506");
  script_xref(name:"USN", value:"4147-1");

  script_name(english:"Ubuntu 18.04 LTS / 19.04 : linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, (USN-4147-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that the Intel Wi-Fi device driver in the Linux
kernel did not properly validate certain Tunneled Direct Link Setup
(TDLS). A physically proximate attacker could use this to cause a
denial of service (Wi-Fi disconnect). (CVE-2019-0136)

It was discovered that the Bluetooth UART implementation in the Linux
kernel did not properly check for missing tty operations. A local
attacker could use this to cause a denial of service. (CVE-2019-10207)

It was discovered that the GTCO tablet input driver in the Linux
kernel did not properly bounds check the initial HID report sent by
the device. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2019-13631)

It was discovered that an out-of-bounds read existed in the QLogic
QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker
could possibly use this to expose sensitive information (kernel
memory). (CVE-2019-15090)

Hui Peng and Mathias Payer discovered that the USB audio driver for
the Linux kernel did not properly validate device meta data. A
physically proximate attacker could use this to cause a denial of
service (system crash). (CVE-2019-15117)

Hui Peng and Mathias Payer discovered that the USB audio driver for
the Linux kernel improperly performed recursion while handling device
meta data. A physically proximate attacker could use this to cause a
denial of service (system crash). (CVE-2019-15118)

It was discovered that the Raremono AM/FM/SW radio device driver in
the Linux kernel did not properly allocate memory, leading to a
use-after-free. A physically proximate attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2019-15211)

It was discovered at a double-free error existed in the USB Rio 500
device driver for the Linux kernel. A physically proximate attacker
could use this to cause a denial of service. (CVE-2019-15212)

It was discovered that a race condition existed in the CPiA2
video4linux device driver for the Linux kernel, leading to a
use-after-free. A physically proximate attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2019-15215)

It was discovered that a race condition existed in the Softmac USB
Prism54 device driver in the Linux kernel. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2019-15220)

Benjamin Moody discovered that the XFS file system in the Linux kernel
did not properly handle an error condition when out of disk quota. A
local attacker could possibly use this to cause a denial of service.
(CVE-2019-15538)

It was discovered that the Hisilicon HNS3 ethernet device driver in
the Linux kernel contained an out of bounds access vulnerability. A
local attacker could use this to possibly cause a denial of service
(system crash). (CVE-2019-15925)

It was discovered that the Atheros mobile chipset driver in the Linux
kernel did not properly validate data in some situations. An attacker
could use this to cause a denial of service (system crash).
(CVE-2019-15926)

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen
discovered that the Bluetooth protocol BR/EDR specification did not
properly require sufficiently strong encryption key lengths. A
physically proximate attacker could use this to expose sensitive
information. (CVE-2019-9506)

It was discovered that ZR364XX Camera USB device driver for the Linux
kernel did not properly initialize memory. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2019-15217)

It was discovered that the Siano USB MDTV receiver device driver in
the Linux kernel made improper assumptions about the device
characteristics. A physically proximate attacker could use this cause
a denial of service (system crash). (CVE-2019-15218)

It was discovered that the Line 6 POD USB device driver in the Linux
kernel did not properly validate data size information from the
device. A physically proximate attacker could use this to cause a
denial of service (system crash). (CVE-2019-15221)

It was discovered that the Line 6 USB driver for the Linux kernel
contained a race condition when the device was disconnected. A
physically proximate attacker could use this to cause a denial of
service (system crash). (CVE-2019-15223).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/4147-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-azure");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gcp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gke");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-raspi2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-snapdragon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/10/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/07");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(18\.04|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 18.04 / 19.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2019-0136", "CVE-2019-10207", "CVE-2019-13631", "CVE-2019-15090", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15215", "CVE-2019-15217", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15223", "CVE-2019-15538", "CVE-2019-15925", "CVE-2019-15926", "CVE-2019-9506");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-4147-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"18.04", pkgname:"linux-image-5.0.0-1020-gke", pkgver:"5.0.0-1020.20~18.04.1")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-5.0.0-31-generic", pkgver:"5.0.0-31.33~18.04.1")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-5.0.0-31-generic-lpae", pkgver:"5.0.0-31.33~18.04.1")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-5.0.0-31-lowlatency", pkgver:"5.0.0-31.33~18.04.1")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-generic-hwe-18.04", pkgver:"5.0.0.31.88")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-generic-lpae-hwe-18.04", pkgver:"5.0.0.31.88")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-gke-5.0", pkgver:"5.0.0.1020.9")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-lowlatency-hwe-18.04", pkgver:"5.0.0.31.88")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-snapdragon-hwe-18.04", pkgver:"5.0.0.31.88")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-virtual-hwe-18.04", pkgver:"5.0.0.31.88")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1018-aws", pkgver:"5.0.0-1018.20")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1019-kvm", pkgver:"5.0.0-1019.20")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1019-raspi2", pkgver:"5.0.0-1019.19")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1020-gcp", pkgver:"5.0.0-1020.20")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1022-azure", pkgver:"5.0.0-1022.23")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-1023-snapdragon", pkgver:"5.0.0-1023.24")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-31-generic", pkgver:"5.0.0-31.33")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-31-generic-lpae", pkgver:"5.0.0-31.33")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-5.0.0-31-lowlatency", pkgver:"5.0.0-31.33")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-aws", pkgver:"5.0.0.1018.19")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-azure", pkgver:"5.0.0.1022.21")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-gcp", pkgver:"5.0.0.1020.46")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-generic", pkgver:"5.0.0.31.32")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-generic-lpae", pkgver:"5.0.0.31.32")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-gke", pkgver:"5.0.0.1020.46")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-kvm", pkgver:"5.0.0.1019.19")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-lowlatency", pkgver:"5.0.0.31.32")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-raspi2", pkgver:"5.0.0.1019.16")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-snapdragon", pkgver:"5.0.0.1023.16")) flag++;
if (ubuntu_check(osver:"19.04", pkgname:"linux-image-virtual", pkgver:"5.0.0.31.32")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-5.0-aws / linux-image-5.0-azure / linux-image-5.0-gcp / etc");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4118-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(128478);
  script_version("1.4");
  script_cvs_date("Date: 2019/10/24 11:30:51");

  script_cve_id("CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13096", "CVE-2018-13097", "CVE-2018-13098", "CVE-2018-13099", "CVE-2018-13100", "CVE-2018-14609", "CVE-2018-14610", "CVE-2018-14611", "CVE-2018-14612", "CVE-2018-14613", "CVE-2018-14614", "CVE-2018-14615", "CVE-2018-14616", "CVE-2018-14617", "CVE-2018-16862", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-20511", "CVE-2018-20784", "CVE-2018-20856", "CVE-2018-5383", "CVE-2019-0136", "CVE-2019-10126", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11085", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12818", "CVE-2019-12819", "CVE-2019-12984", "CVE-2019-13233", "CVE-2019-13272", "CVE-2019-13631", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14763", "CVE-2019-15090", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-2024", "CVE-2019-2101", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-3846", "CVE-2019-3900", "CVE-2019-9506");
  script_xref(name:"USN", value:"4118-1");

  script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS : linux-aws vulnerabilities (USN-4118-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that the alarmtimer implementation in the Linux
kernel contained an integer overflow vulnerability. A local attacker
could use this to cause a denial of service. (CVE-2018-13053)

Wen Xu discovered that the XFS filesystem implementation in the Linux
kernel did not properly track inode validations. An attacker could use
this to construct a malicious XFS image that, when mounted, could
cause a denial of service (system crash). (CVE-2018-13093)

Wen Xu discovered that the f2fs file system implementation in the
Linux kernel did not properly validate metadata. An attacker could use
this to construct a malicious f2fs image that, when mounted, could
cause a denial of service (system crash). (CVE-2018-13096,
CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100,
CVE-2018-14614, CVE-2018-14615, CVE-2018-14616)

Wen Xu and Po-Ning Tseng discovered that btrfs file system
implementation in the Linux kernel did not properly validate metadata.
An attacker could use this to construct a malicious btrfs image that,
when mounted, could cause a denial of service (system crash).
(CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612,
CVE-2018-14613)

Wen Xu discovered that the HFS+ filesystem implementation in the Linux
kernel did not properly handle malformed catalog data in some
situations. An attacker could use this to construct a malicious HFS+
image that, when mounted, could cause a denial of service (system
crash). (CVE-2018-14617)

Vasily Averin and Pavel Tikhomirov discovered that the cleancache
subsystem of the Linux kernel did not properly initialize new files in
some situations. A local attacker could use this to expose sensitive
information. (CVE-2018-16862)

Hui Peng and Mathias Payer discovered that the Option USB High Speed
driver in the Linux kernel did not properly validate metadata received
from the device. A physically proximate attacker could use this to
cause a denial of service (system crash). (CVE-2018-19985)

Hui Peng and Mathias Payer discovered that the USB subsystem in the
Linux kernel did not properly handle size checks when handling an
extra USB descriptor. A physically proximate attacker could use this
to cause a denial of service (system crash). (CVE-2018-20169)

Zhipeng Xie discovered that an infinite loop could triggered in the
CFS Linux kernel process scheduler. A local attacker could possibly
use this to cause a denial of service. (CVE-2018-20784)

It was discovered that a use-after-free error existed in the block
layer subsystem of the Linux kernel when certain failure conditions
occurred. A local attacker could possibly use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2018-20856)

Eli Biham and Lior Neumann discovered that the Bluetooth
implementation in the Linux kernel did not properly validate elliptic
curve parameters during Diffie-Hellman key exchange in some
situations. An attacker could use this to expose sensitive
information. (CVE-2018-5383)

It was discovered that the Intel wifi device driver in the Linux
kernel did not properly validate certain Tunneled Direct Link Setup
(TDLS). A physically proximate attacker could use this to cause a
denial of service (wifi disconnect). (CVE-2019-0136)

It was discovered that a heap buffer overflow existed in the Marvell
Wireless LAN device driver for the Linux kernel. An attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2019-10126)

It was discovered that the Bluetooth UART implementation in the Linux
kernel did not properly check for missing tty operations. A local
attacker could use this to cause a denial of service. (CVE-2019-10207)

Amit Klein and Benny Pinkas discovered that the Linux kernel did not
sufficiently randomize IP ID values generated for connectionless
networking protocols. A remote attacker could use this to track
particular Linux devices. (CVE-2019-10638)

Amit Klein and Benny Pinkas discovered that the location of kernel
addresses could exposed by the implementation of connection-less
network protocols in the Linux kernel. A remote attacker could
possibly use this to assist in the exploitation of another
vulnerability in the Linux kernel. (CVE-2019-10639)

Adam Zabrocki discovered that the Intel i915 kernel mode graphics
driver in the Linux kernel did not properly restrict mmap() ranges in
some situations. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code.
(CVE-2019-11085)

It was discovered that an integer overflow existed in the Linux kernel
when reference counting pages, leading to potential use-after-free
issues. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2019-11487)

Jann Horn discovered that a race condition existed in the Linux kernel
when performing core dumps. A local attacker could use this to cause a
denial of service (system crash) or expose sensitive information.
(CVE-2019-11599)

It was discovered that a NULL pointer dereference vulnerability
existed in the LSI Logic MegaRAID driver in the Linux kernel. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2019-11810)

It was discovered that a race condition leading to a use-after-free
existed in the Reliable Datagram Sockets (RDS) protocol implementation
in the Linux kernel. The RDS protocol is blacklisted by default in
Ubuntu. If enabled, a local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2019-11815)

It was discovered that the ext4 file system implementation in the
Linux kernel did not properly zero out memory in some situations. A
local attacker could use this to expose sensitive information (kernel
memory). (CVE-2019-11833)

It was discovered that the Bluetooth Human Interface Device Protocol
(HIDP) implementation in the Linux kernel did not properly verify
strings were NULL terminated in certain situations. A local attacker
could use this to expose sensitive information (kernel memory).
(CVE-2019-11884)

It was discovered that a NULL pointer dereference vulnerabilty existed
in the Near-field communication (NFC) implementation in the Linux
kernel. An attacker could use this to cause a denial of service
(system crash). (CVE-2019-12818)

It was discovered that the MDIO bus devices subsystem in the Linux
kernel improperly dropped a device reference in an error condition,
leading to a use-after-free. An attacker could use this to cause a
denial of service (system crash). (CVE-2019-12819)

It was discovered that a NULL pointer dereference vulnerability
existed in the Near-field communication (NFC) implementation in the
Linux kernel. A local attacker could use this to cause a denial of
service (system crash). (CVE-2019-12984)

Jann Horn discovered a use-after-free vulnerability in the Linux
kernel when accessing LDT entries in some situations. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2019-13233)

Jann Horn discovered that the ptrace implementation in the Linux
kernel did not properly record credentials in some situations. A local
attacker could use this to cause a denial of service (system crash) or
possibly gain administrative privileges. (CVE-2019-13272)

It was discovered that the GTCO tablet input driver in the Linux
kernel did not properly bounds check the initial HID report sent by
the device. A physically proximate attacker could use to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2019-13631)

It was discovered that the floppy driver in the Linux kernel did not
properly validate meta data, leading to a buffer overread. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2019-14283)

It was discovered that the floppy driver in the Linux kernel did not
properly validate ioctl() calls, leading to a division-by-zero. A
local attacker could use this to cause a denial of service (system
crash). (CVE-2019-14284)

Tuba Yavuz discovered that a race condition existed in the DesignWare
USB3 DRD Controller device driver in the Linux kernel. A physically
proximate attacker could use this to cause a denial of service.
(CVE-2019-14763)

It was discovered that an out-of-bounds read existed in the QLogic
QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker
could possibly use this to expose sensitive information (kernel
memory). (CVE-2019-15090)

It was discovered that the Raremono AM/FM/SW radio device driver in
the Linux kernel did not properly allocate memory, leading to a
use-after-free. A physically proximate attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2019-15211)

It was discovered at a double-free error existed in the USB Rio 500
device driver for the Linux kernel. A physically proximate attacker
could use this to cause a denial of service. (CVE-2019-15212)

It was discovered that a race condition existed in the Advanced Linux
Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a
potential use-after-free. A physically proximate attacker could use
this to cause a denial of service (system crash) pro possibly execute
arbitrary code. (CVE-2019-15214)

It was discovered that a race condition existed in the CPiA2
video4linux device driver for the Linux kernel, leading to a
use-after-free. A physically proximate attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2019-15215)

It was discovered that a race condition existed in the Softmac USB
Prism54 device driver in the Linux kernel. A physically proximate
attacker could use this to cause a denial of service (system crash).
(CVE-2019-15220)

It was discovered that a use-after-free vulnerability existed in the
Appletalk implementation in the Linux kernel if an error occurs during
initialization. A local attacker could use this to cause a denial of
service (system crash). (CVE-2019-15292)

It was discovered that the Empia EM28xx DVB USB device driver
implementation in the Linux kernel contained a use-after-free
vulnerability when disconnecting the device. An attacker could use
this to cause a denial of service (system crash). (CVE-2019-2024)

It was discovered that the USB video device class implementation in
the Linux kernel did not properly validate control bits, resulting in
an out of bounds buffer read. A local attacker could use this to
possibly expose sensitive information (kernel memory). (CVE-2019-2101)

It was discovered that the Marvell Wireless LAN device driver in the
Linux kernel did not properly validate the BSS descriptor. A local
attacker could possibly use this to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2019-3846)

Jason Wang discovered that an infinite loop vulnerability existed in
the virtio net driver in the Linux kernel. A local attacker in a guest
VM could possibly use this to cause a denial of service in the host
system. (CVE-2019-3900)

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen
discovered that the Bluetooth protocol BR/EDR specification did not
properly require sufficiently strong encryption key lengths. A
physicall proximate attacker could use this to expose sensitive
information. (CVE-2019-9506)

It was discovered that the Appletalk IP encapsulation driver in the
Linux kernel did not properly prevent kernel addresses from being
copied to user space. A local attacker with the CAP_NET_ADMIN
capability could use this to expose sensitive information.
(CVE-2018-20511)

It was discovered that a race condition existed in the USB YUREX
device driver in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash).
(CVE-2019-15216)

It was discovered that the Siano USB MDTV receiver device driver in
the Linux kernel made improper assumptions about the device
characteristics. A physically proximate attacker could use this cause
a denial of service (system crash). (CVE-2019-15218)

It was discovered that the Line 6 POD USB device driver in the Linux
kernel did not properly validate data size information from the
device. A physically proximate attacker could use this to cause a
denial of service (system crash). (CVE-2019-15221)

Muyu Yu discovered that the CAN implementation in the Linux kernel in
some situations did not properly restrict the field size when
processing outgoing frames. A local attacker with CAP_NET_ADMIN
privileges could use this to execute arbitrary code. (CVE-2019-3701)

Vladis Dronov discovered that the debug interface for the Linux
kernel's HID subsystem did not properly validate passed parameters in
some situations. A local privileged attacker could use this to cause a
denial of service (infinite loop). (CVE-2019-3819).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/4118-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected linux-image-4.15-aws, linux-image-aws and / or
linux-image-aws-hwe packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/09/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/03");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(16\.04|18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13096", "CVE-2018-13097", "CVE-2018-13098", "CVE-2018-13099", "CVE-2018-13100", "CVE-2018-14609", "CVE-2018-14610", "CVE-2018-14611", "CVE-2018-14612", "CVE-2018-14613", "CVE-2018-14614", "CVE-2018-14615", "CVE-2018-14616", "CVE-2018-14617", "CVE-2018-16862", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-20511", "CVE-2018-20784", "CVE-2018-20856", "CVE-2018-5383", "CVE-2019-0136", "CVE-2019-10126", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11085", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12818", "CVE-2019-12819", "CVE-2019-12984", "CVE-2019-13233", "CVE-2019-13272", "CVE-2019-13631", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14763", "CVE-2019-15090", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-2024", "CVE-2019-2101", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-3846", "CVE-2019-3900", "CVE-2019-9506");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-4118-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.15.0-1047-aws", pkgver:"4.15.0-1047.49~16.04.1")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-aws-hwe", pkgver:"4.15.0.1047.47")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-4.15.0-1047-aws", pkgver:"4.15.0-1047.49")) flag++;
if (ubuntu_check(osver:"18.04", pkgname:"linux-image-aws", pkgver:"4.15.0.1047.46")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.15-aws / linux-image-aws / linux-image-aws-hwe");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-1930-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(129361);
  script_version("1.2");
  script_cvs_date("Date: 2019/12/23");

  script_cve_id("CVE-2016-10905", "CVE-2018-20976", "CVE-2018-21008", "CVE-2019-0136", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15215", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-15807", "CVE-2019-15917", "CVE-2019-15926", "CVE-2019-9506");

  script_name(english:"Debian DLA-1930-1 : linux security update");
  script_summary(english:"Checks dpkg output for the updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

CVE-2016-10905

A race condition was discovered in the GFS2 file-system
implementation, which could lead to a use-after-free. On a system
using GFS2, a local attacker could use this for denial of service
(memory corruption or crash) or possibly for privilege escalation.

CVE-2018-20976

It was discovered that the XFS file-system implementation did not
correctly handle some mount failure conditions, which could lead to a
use-after-free. The security impact of this is unclear.

CVE-2018-21008

It was discovered that the rsi wifi driver did not correctly handle
some failure conditions, which could lead to a use-after- free. The
security impact of this is unclear.

CVE-2019-0136

It was discovered that the wifi soft-MAC implementation (mac80211) did
not properly authenticate Tunneled Direct Link Setup (TDLS) messages.
A nearby attacker could use this for denial of service (loss of wifi
connectivity).

CVE-2019-9506

Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen
discovered a weakness in the Bluetooth pairing protocols, dubbed the
'KNOB attack'. An attacker that is nearby during pairing could use
this to weaken the encryption used between the paired devices, and
then to eavesdrop on and/or spoof communication between them.

This update mitigates the attack by requiring a minimum
encryption key length of 56 bits.

CVE-2019-14814, CVE-2019-14815, CVE-2019-14816

Multiple bugs were discovered in the mwifiex wifi driver, which could
lead to heap buffer overflows. A local user permitted to configure a
device handled by this driver could probably use this for privilege
escalation.

CVE-2019-14821

Matt Delco reported a race condition in KVM's coalesced MMIO facility,
which could lead to out-of-bounds access in the kernel. A local
attacker permitted to access /dev/kvm could use this to cause a denial
of service (memory corruption or crash) or possibly for privilege
escalation.

CVE-2019-14835

Peter Pi of Tencent Blade Team discovered a missing bounds check in
vhost_net, the network back-end driver for KVM hosts, leading to a
buffer overflow when the host begins live migration of a VM. An
attacker in control of a VM could use this to cause a denial of
service (memory corruption or crash) or possibly for privilege
escalation on the host.

CVE-2019-15117

Hui Peng and Mathias Payer reported a missing bounds check in the
usb-audio driver's descriptor parsing code, leading to a buffer
over-read. An attacker able to add USB devices could possibly use this
to cause a denial of service (crash).

CVE-2019-15118

Hui Peng and Mathias Payer reported unbounded recursion in the
usb-audio driver's descriptor parsing code, leading to a stack
overflow. An attacker able to add USB devices could use this to cause
a denial of service (memory corruption or crash) or possibly for
privilege escalation.

CVE-2019-15211

The syzkaller tool found a bug in the radio-raremono driver that could
lead to a use-after-free. An attacker able to add and remove USB
devices could use this to cause a denial of service (memory corruption
or crash) or possibly for privilege escalation.

CVE-2019-15212

The syzkaller tool found that the rio500 driver does not work
correctly if more than one device is bound to it. An attacker able to
add USB devices could use this to cause a denial of service (memory
corruption or crash) or possibly for privilege escalation.

CVE-2019-15215

The syzkaller tool found a bug in the cpia2_usb driver that leads to a
use-after-free. An attacker able to add and remove USB devices could
use this to cause a denial of service (memory corruption or crash) or
possibly for privilege escalation.

CVE-2019-15218

The syzkaller tool found that the smsusb driver did not validate that
USB devices have the expected endpoints, potentially leading to a NULL pointer dereference. An attacker able to add USB devices could use
this to cause a denial of service (BUG/oops).

CVE-2019-15219

The syzkaller tool found that a device initialisation error in the
sisusbvga driver could lead to a NULL pointer dereference. An attacker
able to add USB devices could use this to cause a denial of service
(BUG/oops).

CVE-2019-15220

The syzkaller tool found a race condition in the p54usb driver which
could lead to a use-after-free. An attacker able to add and remove USB
devices could use this to cause a denial of service (memory corruption
or crash) or possibly for privilege escalation.

CVE-2019-15221

The syzkaller tool found that the line6 driver did not validate USB
devices' maximum packet sizes, which could lead to a heap buffer
overrun. An attacker able to add USB devices could use this to cause a
denial of service (memory corruption or crash) or possibly for
privilege escalation.

CVE-2019-15292

The Hulk Robot tool found missing error checks in the Appletalk
protocol implementation, which could lead to a use-after-free. The
security impact of this is unclear.

CVE-2019-15807

Jian Luo reported that the Serial Attached SCSI library (libsas) did
not correctly handle failure to discover devices beyond a SAS
expander. This could lead to a resource leak and crash (BUG). The
security impact of this is unclear.

CVE-2019-15917

The syzkaller tool found a race condition in code supporting
UART-attached Bluetooth adapters, which could lead to a use-
after-free. A local user with access to a pty device or other suitable
tty device could use this to cause a denial of service (memory
corruption or crash) or possibly for privilege escalation.

CVE-2019-15926

It was found that the ath6kl wifi driver did not consistently validate
traffic class numbers in received control packets, leading to
out-of-bounds memory accesses. A nearby attacker on the same wifi
network could use this to cause a denial of service (memory corruption
or crash) or possibly for privilege escalation.

For Debian 8 'Jessie', these problems have been fixed in version
3.16.74-1.

We recommend that you upgrade your linux packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/linux"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.8-arm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.8-x86");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-x86");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-doc-3.16");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-586");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-686-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-armel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-armhf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-all-i386");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-armmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-armmp-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-ixp4xx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-kirkwood");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-orion5x");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-3.16.0-9-versatile");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-586");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-686-pae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-686-pae-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-amd64-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-armmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-armmp-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-ixp4xx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-kirkwood");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-orion5x");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-3.16.0-9-versatile");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-libc-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-manual-3.16");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-source-3.16");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-support-3.16.0-9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen-linux-system-3.16.0-9-amd64");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/09/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/26");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"linux-compiler-gcc-4.8-arm", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-compiler-gcc-4.8-x86", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-compiler-gcc-4.9-x86", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-doc-3.16", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-586", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-686-pae", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-all", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-all-amd64", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-all-armel", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-all-armhf", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-all-i386", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-amd64", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-armmp", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-armmp-lpae", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-common", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-ixp4xx", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-kirkwood", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-orion5x", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-versatile", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-586", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-686-pae", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-686-pae-dbg", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-amd64", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-amd64-dbg", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-armmp", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-armmp-lpae", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-ixp4xx", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-kirkwood", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-orion5x", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-versatile", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-libc-dev", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-manual-3.16", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-source-3.16", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"linux-support-3.16.0-9", reference:"3.16.74-1")) flag++;
if (deb_check(release:"8.0", prefix:"xen-linux-system-3.16.0-9-amd64", reference:"3.16.74-1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(132134);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");

  script_cve_id(
    "CVE-2014-4608",
    "CVE-2014-5206",
    "CVE-2014-5207",
    "CVE-2015-1350",
    "CVE-2015-3332",
    "CVE-2015-8816",
    "CVE-2015-8844",
    "CVE-2015-8845",
    "CVE-2015-9289",
    "CVE-2016-2184",
    "CVE-2016-2185",
    "CVE-2016-2186",
    "CVE-2016-2187",
    "CVE-2016-2384",
    "CVE-2016-3138",
    "CVE-2016-3139",
    "CVE-2016-3140",
    "CVE-2016-3689",
    "CVE-2016-4569",
    "CVE-2016-4578",
    "CVE-2016-6130",
    "CVE-2016-6197",
    "CVE-2016-7425",
    "CVE-2017-1000253",
    "CVE-2017-1000379",
    "CVE-2017-13168",
    "CVE-2017-18509",
    "CVE-2017-18551",
    "CVE-2017-18595",
    "CVE-2017-5753",
    "CVE-2018-14617",
    "CVE-2019-0136",
    "CVE-2019-17075",
    "CVE-2019-17133",
    "CVE-2019-17666"
  );
  script_bugtraq_id(
    68214,
    69214,
    69216,
    74232
  );

  script_name(english:"EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2599)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - The kernel package contains the Linux kernel (vmlinuz),
    the core of any Linux operating system. The kernel
    handles the basic functions of the operating system:
    memory allocation, process allocation, device input and
    output, etc.Security Fix(es):** DISPUTED ** Multiple
    integer overflows in the lzo1x_decompress_safe function
    in lib/lzo/lzo1x_decompress_safe.c in the LZO
    decompressor in the Linux kernel before 3.15.2 allow
    context-dependent attackers to cause a denial of
    service (memory corruption) via a crafted Literal Run.
    NOTE: the author of the LZO algorithms says 'the Linux
    kernel is *not* affected media hype.'(CVE-2014-4608)A
    certain backport in the TCP Fast Open implementation
    for the Linux kernel before 3.18 does not properly
    maintain a count value, which allow local users to
    cause a denial of service (system crash) via the Fast
    Open feature, as demonstrated by visiting the
    chrome://flags/#enable-tcp-fast-open URL when using
    certain 3.10.x through 3.16.x kernel builds, including
    longterm-maintenance releases and ckt (aka Canonical
    Kernel Team) builds.(CVE-2015-3332)An elevation of
    privilege vulnerability in the kernel scsi driver.
    Product: Android. Versions: Android kernel. Android ID
    A-65023233.(CVE-2017-13168)An issue was discovered in
    drivers/i2c/i2c-core-smbus.c in the Linux kernel before
    4.14.15. There is an out of bounds write in the
    function i2c_smbus_xfer_emulated.(CVE-2017-18551)An
    issue was discovered in net/ipv6/ip6mr.c in the Linux
    kernel before 4.11. By setting a specific socket
    option, an attacker can control a pointer in kernel
    land and cause an inet_csk_listen_stop general
    protection fault, or potentially execute arbitrary code
    under certain circumstances. The issue can be triggered
    as root (e.g., inside a default LXC container or with
    the CAP_NET_ADMIN capability) or after namespace
    unsharing. This occurs because sk_type and protocol are
    not checked in the appropriate part of the ip6_mroute_*
    functions. NOTE: this affects Linux distributions that
    use 4.9.x longterm kernels before
    4.9.187.(CVE-2017-18509)An issue was discovered in the
    Linux kernel before 4.14.11. A double free may be
    caused by the function allocate_trace_buffer in the
    file kernel/trace/trace.c.(CVE-2017-18595)An issue was
    discovered in the Linux kernel through 4.17.10. There
    is a NULL pointer dereference and panic in
    hfsplus_lookup() in fs/hfsplus/dir.c when opening a
    file (that is purportedly a hard link) in an hfs+
    filesystem that has malformed catalog data, and is
    mounted read-only without a metadata
    directory.(CVE-2018-14617)An issue was discovered in
    write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in
    the Linux kernel through 5.3.2. The cxgb4 driver is
    directly calling dma_map_single (a DMA function) from a
    stack variable. This could allow an attacker to trigger
    a Denial of Service, exploitable if this driver is used
    on an architecture for which this stack/DMA interaction
    has security relevance.(CVE-2019-17075)Double free
    vulnerability in the snd_usbmidi_create function in
    sound/usb/midi.c in the Linux kernel before 4.5 allows
    physically proximate attackers to cause a denial of
    service (panic) or possibly have unspecified other
    impact via vectors involving an invalid USB
    descriptor.(CVE-2016-2384)fsamespace.c in the Linux
    kernel through 3.16.1 does not properly restrict
    clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and
    changing MNT_ATIME_MASK during a remount of a bind
    mount, which allows local users to gain privileges,
    interfere with backups and auditing on systems that had
    atime enabled, or cause a denial of service (excessive
    filesystem updating) on systems that had atime disabled
    via a 'mount -o remount' command within a user
    namespace.(CVE-2014-5207)fs/overlayfs/dir.c in the
    OverlayFS filesystem implementation in the Linux kernel
    before 4.6 does not properly verify the upper dentry
    before proceeding with unlink and rename system-call
    processing, which allows local users to cause a denial
    of service (system crash) via a rename system call that
    specifies a self-hardlink.(CVE-2016-6197)In the Linux
    kernel before 4.1.4, a buffer overflow occurs when
    checking userspace params in
    drivers/media/dvb-frontends/cx24116.c. The maximum size
    for a DiSEqC command is 6, according to the userspace
    API. However, the code allows larger values such as
    23.(CVE-2015-9289)In the Linux kernel through 5.3.2,
    cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c
    does not reject a long SSID IE, leading to a Buffer
    Overflow.(CVE-2019-17133)Insufficient access control in
    the Intel(R) PROSet/Wireless WiFi Software driver
    before version 21.10 may allow an unauthenticated user
    to potentially enable denial of service via adjacent
    access.(CVE-2019-0136)Linux distributions that have not
    patched their long-term kernels with
    https://git.kernel.org/linus/a87938b2e246b81b4fb713edb3
    71a9fa3c5c3c86 (committed on April 14, 2015). This
    kernel vulnerability was fixed in April 2015 by commit
    a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to
    Linux 3.10.77 in May 2015), but it was not recognized
    as a security threat. With
    CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a
    normal top-down address allocation strategy,
    load_elf_binary() will attempt to map a PIE binary into
    an address range immediately below mm->mmap_base.
    Unfortunately, load_elf_ binary() does not take account
    of the need to allocate sufficient space for the entire
    binary which means that, while the first PT_LOAD
    segment is mapped below mm->mmap_base, the subsequent
    PT_LOAD segment(s) end up being mapped above
    mm->mmap_base into the are that is supposed to be the
    'gap' between the stack and the
    binary.(CVE-2017-1000253)Race condition in the
    sclp_ctl_ioctl_sccb function in
    drivers/s390/char/sclp_ctl.c in the Linux kernel before
    4.6 allows local users to obtain sensitive information
    from kernel memory by changing a certain length value,
    aka a 'double fetch'
    vulnerability.(CVE-2016-6130)rtl_p2p_noa_ie in drivers
    et/wireless/realtek/rtlwifi/ps.c in the Linux kernel
    through 5.3.6 lacks a certain upper-bound check,
    leading to a buffer
    overflow.(CVE-2019-17666)sound/core/timer.c in the
    Linux kernel through 4.6 does not initialize certain r1
    data structures, which allows local users to obtain
    sensitive information from kernel stack memory via
    crafted use of the ALSA timer interface, related to the
    (1) snd_timer_user_ccallback and (2)
    snd_timer_user_tinterrupt
    functions.(CVE-2016-4578)Systems with microprocessors
    utilizing speculative execution and branch prediction
    may allow unauthorized disclosure of information to an
    attacker with local user access via a side-channel
    analysis.(CVE-2017-5753)The acm_probe function in
    drivers/usb/class/cdc-acm.c in the Linux kernel before
    4.5.1 allows physically proximate attackers to cause a
    denial of service (NULL pointer dereference and system
    crash) via a USB device without both a control and a
    data endpoint descriptor.(CVE-2016-3138)The
    arcmsr_iop_message_xfer function in
    drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel
    through 4.8.2 does not restrict a certain length field,
    which allows local users to gain privileges or cause a
    denial of service (heap-based buffer overflow) via an
    ARCMSR_MESSAGE_WRITE_WQBUFFER control
    code.(CVE-2016-7425)The ati_remote2_probe function in
    drivers/input/misc/ati_remote2.c in the Linux kernel
    before 4.5.1 allows physically proximate attackers to
    cause a denial of service (NULL pointer dereference and
    system crash) via a crafted endpoints value in a USB
    device descriptor.(CVE-2016-2185)The
    create_fixed_stream_quirk function in
    sound/usb/quirks.c in the snd-usb-audio driver in the
    Linux kernel before 4.5.1 allows physically proximate
    attackers to cause a denial of service (NULL pointer
    dereference or double free, and system crash) via a
    crafted endpoints value in a USB device
    descriptor.(CVE-2016-2184)The digi_port_init function
    in drivers/usb/serial/digi_acceleport.c in the Linux
    kernel before 4.5.1 allows physically proximate
    attackers to cause a denial of service (NULL pointer
    dereference and system crash) via a crafted endpoints
    value in a USB device descriptor.(CVE-2016-3140)The
    do_remount function in fsamespace.c in the Linux kernel
    through 3.16.1 does not maintain the MNT_LOCK_READONLY
    bit across a remount of a bind mount, which allows
    local users to bypass an intended read-only restriction
    and defeat certain sandbox protection mechanisms via a
    'mount -o remount' command within a user
    namespace.(CVE-2014-5206)The gtco_probe function in
    drivers/input/tablet/gtco.c in the Linux kernel through
    4.5.2 allows physically proximate attackers to cause a
    denial of service (NULL pointer dereference and system
    crash) via a crafted endpoints value in a USB device
    descriptor.(CVE-2016-2187)The hub_activate function in
    drivers/usb/core/hub.c in the Linux kernel before 4.3.5
    does not properly maintain a hub-interface data
    structure, which allows physically proximate attackers
    to cause a denial of service (invalid memory access and
    system crash) or possibly have unspecified other impact
    by unplugging a USB hub device.(CVE-2015-8816)The
    ims_pcu_parse_cdc_data function in
    drivers/input/misc/ims-pcu.c in the Linux kernel before
    4.5.1 allows physically proximate attackers to cause a
    denial of service (system crash) via a USB device
    without both a master and a slave
    interface.(CVE-2016-3689)The Linux Kernel running on
    AMD64 systems will sometimes map the contents of PIE
    executable, the heap or ld.so to where the stack is
    mapped allowing attackers to more easily manipulate the
    stack. Linux Kernel version 4.11.5 is
    affected.(CVE-2017-1000379)The powermate_probe function
    in drivers/input/misc/powermate.c in the Linux kernel
    before 4.5.1 allows physically proximate attackers to
    cause a denial of service (NULL pointer dereference and
    system crash) via a crafted endpoints value in a USB
    device descriptor.(CVE-2016-2186)The signal
    implementation in the Linux kernel before 4.3.5 on
    powerpc platforms does not check for an MSR with both
    the S and T bits set, which allows local users to cause
    a denial of service (TM Bad Thing exception and panic)
    via a crafted application.(CVE-2015-8844)The
    snd_timer_user_params function in sound/core/timer.c in
    the Linux kernel through 4.6 does not initialize a
    certain data structure, which allows local users to
    obtain sensitive information from kernel stack memory
    via crafted use of the ALSA timer
    interface.(CVE-2016-4569)The tm_reclaim_thread function
    in arch/powerpc/kernel/process.c in the Linux kernel
    before 4.4.1 on powerpc platforms does not ensure that
    TM suspend mode exists before proceeding with a
    tm_reclaim call, which allows local users to cause a
    denial of service (TM Bad Thing exception and panic)
    via a crafted application.(CVE-2015-8845)The VFS
    subsystem in the Linux kernel 3.x provides an
    incomplete set of requirements for setattr operations
    that underspecifies removing extended privilege
    attributes, which allows local users to cause a denial
    of service (capability stripping) via a failed
    invocation of a system call, as demonstrated by using
    chown to remove a capability from the ping or Wireshark
    dumpcap program.(CVE-2015-1350)The wacom_probe function
    in drivers/input/tablet/wacom_sys.c in the Linux kernel
    before 3.17 allows physically proximate attackers to
    cause a denial of service (NULL pointer dereference and
    system crash) via a crafted endpoints value in a USB
    device descriptor.(CVE-2016-3139)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2599
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fc6af25f");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"patch_publication_date", value:"2019/12/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["kernel-3.10.0-514.44.5.10.h234",
        "kernel-debuginfo-3.10.0-514.44.5.10.h234",
        "kernel-debuginfo-common-x86_64-3.10.0-514.44.5.10.h234",
        "kernel-devel-3.10.0-514.44.5.10.h234",
        "kernel-headers-3.10.0-514.44.5.10.h234",
        "kernel-tools-3.10.0-514.44.5.10.h234",
        "kernel-tools-libs-3.10.0-514.44.5.10.h234",
        "perf-3.10.0-514.44.5.10.h234",
        "python-perf-3.10.0-514.44.5.10.h234"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-4145-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(129491);
  script_version("1.2");
  script_cvs_date("Date: 2019/12/23");

  script_cve_id("CVE-2016-10905", "CVE-2017-18509", "CVE-2018-20961", "CVE-2018-20976", "CVE-2019-0136", "CVE-2019-10207", "CVE-2019-11487", "CVE-2019-13631", "CVE-2019-15211", "CVE-2019-15215", "CVE-2019-15926");
  script_xref(name:"USN", value:"4145-1");

  script_name(english:"Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-4145-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was discovered that a race condition existed in the GFS2 file
system in the Linux kernel. A local attacker could possibly use this
to cause a denial of service (system crash). (CVE-2016-10905)

It was discovered that the IPv6 implementation in the Linux kernel did
not properly validate socket options in some situations. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2017-18509)

It was discovered that the USB gadget Midi driver in the Linux kernel
contained a double-free vulnerability when handling certain error
conditions. A local attacker could use this to cause a denial of
service (system crash). (CVE-2018-20961)

It was discovered that the XFS file system in the Linux kernel did not
properly handle mount failures in some situations. A local attacker
could possibly use this to cause a denial of service (system crash) or
execute arbitrary code. (CVE-2018-20976)

It was discovered that the Intel Wi-Fi device driver in the Linux
kernel did not properly validate certain Tunneled Direct Link Setup
(TDLS). A physically proximate attacker could use this to cause a
denial of service (Wi-Fi disconnect). (CVE-2019-0136)

It was discovered that the Bluetooth UART implementation in the Linux
kernel did not properly check for missing tty operations. A local
attacker could use this to cause a denial of service. (CVE-2019-10207)

It was discovered that an integer overflow existed in the Linux kernel
when reference counting pages, leading to potential use-after-free
issues. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2019-11487)

It was discovered that the GTCO tablet input driver in the Linux
kernel did not properly bounds check the initial HID report sent by
the device. A physically proximate attacker could use this to cause a
denial of service (system crash) or possibly execute arbitrary code.
(CVE-2019-13631)

It was discovered that the Raremono AM/FM/SW radio device driver in
the Linux kernel did not properly allocate memory, leading to a
use-after-free. A physically proximate attacker could use this to
cause a denial of service or possibly execute arbitrary code.
(CVE-2019-15211)

It was discovered that a race condition existed in the CPiA2
video4linux device driver for the Linux kernel, leading to a
use-after-free. A physically proximate attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2019-15215)

It was discovered that the Atheros mobile chipset driver in the Linux
kernel did not properly validate data in some situations. An attacker
could use this to cause a denial of service (system crash).
(CVE-2019-15926).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/4145-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/10/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("ksplice.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(16\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2016-10905", "CVE-2017-18509", "CVE-2018-20961", "CVE-2018-20976", "CVE-2019-0136", "CVE-2019-10207", "CVE-2019-11487", "CVE-2019-13631", "CVE-2019-15211", "CVE-2019-15215", "CVE-2019-15926");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-4145-1");
  }
  else
  {
    _ubuntu_report = ksplice_reporting_text();
  }
}

flag = 0;

if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1059-kvm", pkgver:"4.4.0-1059.66")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1095-aws", pkgver:"4.4.0-1095.106")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1123-raspi2", pkgver:"4.4.0-1123.132")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-1127-snapdragon", pkgver:"4.4.0-1127.135")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-165-generic", pkgver:"4.4.0-165.193")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-165-generic-lpae", pkgver:"4.4.0-165.193")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-4.4.0-165-lowlatency", pkgver:"4.4.0-165.193")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-aws", pkgver:"4.4.0.1095.99")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic", pkgver:"4.4.0.165.173")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-generic-lpae", pkgver:"4.4.0.165.173")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-kvm", pkgver:"4.4.0.1059.59")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-lowlatency", pkgver:"4.4.0.165.173")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-raspi2", pkgver:"4.4.0.1123.123")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-snapdragon", pkgver:"4.4.0.1127.119")) flag++;
if (ubuntu_check(osver:"16.04", pkgname:"linux-image-virtual", pkgver:"4.4.0.165.173")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-4.4-aws / linux-image-4.4-generic / etc");
}