Vulnerabilities > CVE-2019-11478 - Resource Exhaustion vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH

Summary

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.

Vulnerable Configurations

Part Description Count
OS
Linux
3354
OS
Canonical
6
OS
Redhat
9
Application
F5
785
Application
Redhat
1
Application
Pulsesecure
2
Application
Ivanti
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • XML Ping of the Death
    An attacker initiates a resource depletion attack where a large number of small XML messages are delivered at a sufficiently rapid rate to cause a denial of service or crash of the target. Transactions such as repetitive SOAP transactions can deplete resources faster than a simple flooding attack because of the additional resources used by the SOAP protocol and the resources necessary to process SOAP messages. The transactions used are immaterial as long as they cause resource utilization on the target. In other words, this is a normal flooding attack augmented by using messages that will require extra processing on the target.
  • XML Entity Expansion
    An attacker submits an XML document to a target application where the XML document uses nested entity expansion to produce an excessively large output XML. XML allows the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.
  • Inducing Account Lockout
    An attacker leverages the security functionality of the system aimed at thwarting potential attacks to launch a denial of service attack against a legitimate system user. Many systems, for instance, implement a password throttling mechanism that locks an account after a certain number of incorrect log in attempts. An attacker can leverage this throttling mechanism to lock a legitimate user out of their own account. The weakness that is being leveraged by an attacker is the very security feature that has been put in place to counteract attacks.
  • Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Service (XDoS))
    XML Denial of Service (XDoS) can be applied to any technology that utilizes XML data. This is, of course, most distributed systems technology including Java, .Net, databases, and so on. XDoS is most closely associated with web services, SOAP, and Rest, because remote service requesters can post malicious XML payloads to the service provider designed to exhaust the service provider's memory, CPU, and/or disk space. The main weakness in XDoS is that the service provider generally must inspect, parse, and validate the XML messages to determine routing, workflow, security considerations, and so on. It is exactly these inspection, parsing, and validation routines that XDoS targets. There are three primary attack vectors that XDoS can navigate Target CPU through recursion: attacker creates a recursive payload and sends to service provider Target memory through jumbo payloads: service provider uses DOM to parse XML. DOM creates in memory representation of XML document, but when document is very large (for example, north of 1 Gb) service provider host may exhaust memory trying to build memory objects. XML Ping of death: attack service provider with numerous small files that clog the system. All of the above attacks exploit the loosely coupled nature of web services, where the service provider has little to no control over the service requester and any messages the service requester sends.

Nessus

  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190617_KERNEL_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - An integer overflow flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2019-06-18
    plugin id125980
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125980
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20190617) (SACK Panic) (SACK Slowness)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125980);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/24");
    
      script_cve_id("CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-3896");
    
      script_name(english:"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20190617) (SACK Panic) (SACK Slowness)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security Fix(es) :
    
      - An integer overflow flaw was found in the way the Linux
        kernel's networking subsystem processed TCP Selective
        Acknowledgment (SACK) segments. While processing SACK
        segments, the Linux kernel's socket buffer (SKB) data
        structure becomes fragmented. Each fragment is about TCP
        maximum segment size (MSS) bytes. To efficiently process
        SACK blocks, the Linux kernel merges multiple fragmented
        SKBs into one, potentially overflowing the variable
        holding the number of segments. A remote attacker could
        use this flaw to crash the Linux kernel by sending a
        crafted sequence of SACK segments on a TCP connection
        with small value of TCP MSS, resulting in a denial of
        service (DoS). (CVE-2019-11477)
    
      - kernel: Double free in lib/idr.c (CVE-2019-3896)
    
      - Kernel: tcp: excessive resource consumption while
        processing SACK blocks allows remote denial of service
        (CVE-2019-11478)
    
      - Kernel: tcp: excessive resource consumption for TCP
        connections with low MSS allows remote denial of service
        (CVE-2019-11479)
    
    Bug Fix(es) :
    
      - MDS mitigations not enabled on Intel Skylake CPUs
    
      - kernel does not disable SMT with mds=full,nosmt
    
      - md_clear flag missing from /proc/cpuinfo"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1906&L=SCIENTIFIC-LINUX-ERRATA&P=1368
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?95793eee"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-3896");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL6", reference:"kernel-2.6.32-754.15.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-abi-whitelists-2.6.32-754.15.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debug-2.6.32-754.15.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debug-debuginfo-2.6.32-754.15.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debug-devel-2.6.32-754.15.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debuginfo-2.6.32-754.15.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debuginfo-common-i686-2.6.32-754.15.3.el6")) flag++;
    if (rpm_check(release:"SL6", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-754.15.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-devel-2.6.32-754.15.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-doc-2.6.32-754.15.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-firmware-2.6.32-754.15.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-headers-2.6.32-754.15.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perf-2.6.32-754.15.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perf-debuginfo-2.6.32-754.15.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"python-perf-2.6.32-754.15.3.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"python-perf-debuginfo-2.6.32-754.15.3.el6")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1527-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.180 to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586) CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: It was possible to send a crafted sequence of SACKs which will fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843). CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. (bnc#1135603) CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. (bnc#1131543) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a
    last seen2020-06-01
    modified2020-06-02
    plugin id125990
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125990
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:1527-1) (SACK Panic) (SACK Slowness)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:1527-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125990);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/10");
    
      script_cve_id("CVE-2013-4343", "CVE-2018-17972", "CVE-2018-7191", "CVE-2019-11190", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11486", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-3846", "CVE-2019-5489");
      script_bugtraq_id(62360);
    
      script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1527-1) (SACK Panic) (SACK Slowness)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.180 to
    receive various security and bugfixes.
    
    The following security bugs were fixed :
    
    CVE-2019-11477: A sequence of SACKs may have been crafted such that
    one can trigger an integer overflow, leading to a kernel panic.
    (bsc#1137586)
    
    CVE-2019-11478: It was possible to send a crafted sequence of SACKs
    which will fragment the TCP retransmission queue. An attacker may have
    been able to further exploit the fragmented queue to cause an
    expensive linked-list walk for subsequent SACKs received for that same
    TCP connection.
    
    CVE-2019-11479: It was possible to send a crafted sequence of SACKs
    which will fragment the RACK send map. A remote attacker may be able
    to further exploit the fragmented send map to cause an expensive
    linked-list walk for subsequent SACKs received for that same TCP
    connection. This would have resulted in excess resource consumption
    due to low mss values.
    
    CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and
    possibly escalate privileges was found in the mwifiex kernel module
    while connecting to a malicious wireless network. (bnc#1136424)
    
    CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in
    drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an
    unchecked kstrdup of fwstr, which might allow an attacker to cause a
    denial of service (NULL pointer dereference and system crash).
    (bnc#1136586)
    
    CVE-2019-5489: The mincore() implementation in mm/mincore.c in the
    Linux kernel allowed local attackers to observe page cache access
    patterns of other processes on the same system, potentially allowing
    sniffing of secret information. (Fixing this affects the output of the
    fincore program.) Limited remote exploitation may be possible, as
    demonstrated by latency differences in accessing public files from an
    Apache HTTP Server. (bnc#1120843).
    
    CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out
    the unused memory region in the extent tree block, which might allow
    local users to obtain sensitive information by reading uninitialized
    data in the filesystem. (bnc#1135281)
    
    CVE-2018-7191: In the tun subsystem in the Linux kernel before
    4.13.14, dev_get_valid_name is not called before register_netdevice.
    This allowed local users to cause a denial of service (NULL pointer
    dereference and panic) via an ioctl(TUNSETIFF) call with a dev name
    containing a / character. This is similar to CVE-2013-4343.
    (bnc#1135603)
    
    CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on
    setuid programs (such as /bin/su) because install_exec_creds() is
    called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the
    ptrace_may_access() check has a race condition when reading
    /proc/pid/stat. (bnc#1131543)
    
    CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in
    net/rds/tcp.c in the Linux kernel There was a race condition leading
    to a use-after-free, related to net namespace cleanup. (bnc#1134537)
    
    CVE-2019-11884: The do_hidp_sock_ioctl function in
    net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to
    obtain potentially sensitive information from kernel stack memory via
    a HIDPCONNADD command, because a name field may not end with a '\0'
    character. (bnc#1134848)
    
    CVE-2018-17972: An issue was discovered in the proc_pid_stack function
    in fs/proc/base.c in the Linux kernel It did not ensure that only root
    may inspect the kernel stack of an arbitrary task, allowing a local
    attacker to exploit racy stack unwinding and leak kernel task stack
    contents. (bnc#1110785)
    
    CVE-2019-11486: The Siemens R3964 line discipline driver in
    drivers/tty/n_r3964.c in the Linux kernel has multiple race
    conditions. (bnc#1133188)
    
    The following new features were implemented: Updated the Chelsio
    cxgb4vf driver with the latest upstream patches. (fate#321660)
    
    Backported changes into e1000e kernel module to support systems using
    the Intel I219-LM NIC chip. (fate#326719)
    
    Import QLogic/Cavium qedr driver (RDMA) into the kernel. (fate#321747)
    
    Update the QLogic/Cavium qed driver (NET). (fate#321703)
    
    Update the QLogic/Cavium qede driver (NET). (fate#321702)
    
    Update the Chelsio iw_cxgb4 driver with the latest upstream patches.
    (fate#321661)
    
    Update the Chelsio cxgb4 driver with the latest upstream patches.
    (fate#321658)
    
    Update support for Intel Omni Path (OPA) kernel driver. (fate#321473)
    
    Update the QIB driver to the latest upstream version for up-to-date
    functionality and hardware support. (fate#321231)
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005778"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005780"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005781"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1012382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019695"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019696"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022604"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1053043"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063638"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1065600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1066223"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1085535"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1085539"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1090888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099658"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1100132"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106110"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106284"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106929"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108293"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1110785"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1110946"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112063"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112178"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1116803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117562"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119086"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120642"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120843"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120885"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122776"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1125580"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126040"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126356"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128052"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129138"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129770"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1130972"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131107"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131488"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131543"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131565"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1132212"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1132374"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1132472"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133188"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133874"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134160"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134162"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134338"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134537"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134564"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134565"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134566"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134651"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134760"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134806"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134813"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134848"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135014"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135015"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135100"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135120"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135281"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135603"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135642"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135661"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135878"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136438"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136446"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136448"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136449"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136451"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136452"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136455"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136458"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136539"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136573"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136575"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136586"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136590"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136623"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136810"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136935"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136990"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137142"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137162"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137586"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137739"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137752"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=843419"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2013-4343/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-17972/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-7191/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11190/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11477/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11478/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11479/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11486/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11815/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11833/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11884/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12382/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-3846/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-5489/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20191527-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0e04b4ee"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2019-1527=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11815");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-azure-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms-azure");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2013/09/25");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-4.4.180-4.31.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-base-4.4.180-4.31.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-base-debuginfo-4.4.180-4.31.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-debuginfo-4.4.180-4.31.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-debugsource-4.4.180-4.31.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-azure-devel-4.4.180-4.31.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"x86_64", reference:"kernel-syms-azure-4.4.180-4.31.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2821-1.NASL
    descriptionThis update for the Linux Kernel 3.12.74-60_64_110 fixes several issues. The following security issues were fixed : CVE-2019-10220: Fixed a relative path escape in the Samba client module (bsc#1144903, bsc#1153108). CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130423
    published2019-10-31
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130423
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:2821-1) (SACK Panic) (SACK Slowness)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:2821-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130423);
      script_version("1.4");
      script_cvs_date("Date: 2019/12/18");
    
      script_cve_id("CVE-2018-5390", "CVE-2019-10220", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11487", "CVE-2019-14835", "CVE-2019-17133", "CVE-2019-3846");
    
      script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2821-1) (SACK Panic) (SACK Slowness)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for the Linux Kernel 3.12.74-60_64_110 fixes several
    issues.
    
    The following security issues were fixed :
    
    CVE-2019-10220: Fixed a relative path escape in the Samba client
    module (bsc#1144903, bsc#1153108).
    
    CVE-2019-17133: Fixed a buffer overflow in cfg80211_mgd_wext_giwessid
    in net/wireless/wext-sme.c caused by long SSID IEs (bsc#1153158).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1102682"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1103203"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133191"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136446"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137597"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1140747"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1144903"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1151021"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153108"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153158"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1153161"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=904970"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=907150"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=920615"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=920633"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=930408"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-5390/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-10220/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11477/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11478/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11487/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-14835/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-17133/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-3846/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20192821-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f782fb1b"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
    SUSE-SLE-SAP-12-SP1-2019-2821=1
    
    SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2019-2821=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-10220");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_110-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_110-xen");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/31");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    if (cpu >!< "x86_64") audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_110-default-6-2.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_110-xen-6-2.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1222.NASL
    descriptionCVE-2019-11477 , CVE-2019-11478 and CVE-2019-11479 describe vulnerabilities in the Linux kernel that can be remotely exploited using a specially crafted TCP connection, crashing the targeted system. The latest Amazon Linux 2 AMIs as available in AWS EC2 already contain these kernels and are not vulnerable.
    last seen2020-06-01
    modified2020-06-02
    plugin id125954
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125954
    titleAmazon Linux 2 : kernel (ALAS-2019-1222) (SACK Panic) (SACK Slowness)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Amazon Linux 2 Security Advisory ALAS-2019-1222.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125954);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/10");
    
      script_cve_id("CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479");
      script_xref(name:"ALAS", value:"2019-1222");
    
      script_name(english:"Amazon Linux 2 : kernel (ALAS-2019-1222) (SACK Panic) (SACK Slowness)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Amazon Linux 2 host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "CVE-2019-11477 , CVE-2019-11478 and CVE-2019-11479 describe
    vulnerabilities in the Linux kernel that can be remotely exploited
    using a specially crafted TCP connection, crashing the targeted
    system.
    
    The latest Amazon Linux 2 AMIs as available in AWS EC2 already contain
    these kernels and are not vulnerable."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://alas.aws.amazon.com/AL2/ALAS-2019-1222.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Run 'yum update kernel' and reboot to update your system."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/06/19");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Amazon Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/AmazonLinux/release");
    if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
    os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
    os_ver = os_ver[1];
    if (os_ver != "2")
    {
      if (os_ver == 'A') os_ver = 'AMI';
      audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
    }
    
    if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"kernel-4.14.123-111.109.amzn2")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"kernel-debuginfo-4.14.123-111.109.amzn2")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-4.14.123-111.109.amzn2")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"kernel-devel-4.14.123-111.109.amzn2")) flag++;
    if (rpm_check(release:"AL2", reference:"kernel-headers-4.14.123-111.109.amzn2")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"kernel-tools-4.14.123-111.109.amzn2")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"kernel-tools-debuginfo-4.14.123-111.109.amzn2")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"kernel-tools-devel-4.14.123-111.109.amzn2")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"perf-4.14.123-111.109.amzn2")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"perf-debuginfo-4.14.123-111.109.amzn2")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"python-perf-4.14.123-111.109.amzn2")) flag++;
    if (rpm_check(release:"AL2", cpu:"x86_64", reference:"python-perf-debuginfo-4.14.123-111.109.amzn2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4465.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2019-3846, CVE-2019-10126 huangwen reported multiple buffer overflows in the Marvell wifi (mwifiex) driver, which a local user could use to cause denial of service or the execution of arbitrary code. - CVE-2019-5489 Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari Trachtenberg, Jason Hennessey, Alex Ionescu, and Anders Fogh discovered that local users could use the mincore() system call to obtain sensitive information from other processes that access the same memory-mapped file. - CVE-2019-9500, CVE-2019-9503 Hugues Anguelkov discovered a buffer overflow and missing access validation in the Broadcom FullMAC wifi driver (brcmfmac), which a attacker on the same wifi network could use to cause denial of service or the execution of arbitrary code. - CVE-2019-11477 Jonathan Looney reported that a specially crafted sequence of TCP selective acknowledgements (SACKs) allows a remotely triggerable kernel panic. - CVE-2019-11478 Jonathan Looney reported that a specially crafted sequence of TCP selective acknowledgements (SACKs) will fragment the TCP retransmission queue, allowing an attacker to cause excessive resource usage. - CVE-2019-11479 Jonathan Looney reported that an attacker could force the Linux kernel to segment its responses into multiple TCP segments, each of which contains only 8 bytes of data, drastically increasing the bandwidth required to deliver the same amount of data. This update introduces a new sysctl value to control the minimal MSS (net.ipv4.tcp_min_snd_mss), which by default uses the formerly hard coded value of 48. We recommend raising this to 536 unless you know that your network requires a lower value. - CVE-2019-11486 Jann Horn of Google reported numerous race conditions in the Siemens R3964 line discipline. A local user could use these to cause unspecified security impact. This module has therefore been disabled. - CVE-2019-11599 Jann Horn of Google reported a race condition in the core dump implementation which could lead to a use-after-free. A local user could use this to read sensitive information, to cause a denial of service (memory corruption), or for privilege escalation. - CVE-2019-11815 It was discovered that a use-after-free in the Reliable Datagram Sockets protocol could result in denial of service and potentially privilege escalation. This protocol module (rds) is not auto loaded on Debian systems, so this issue only affects systems where it is explicitly loaded. - CVE-2019-11833 It was discovered that the ext4 filesystem implementation writes uninitialised data from kernel memory to new extent blocks. A local user able to write to an ext4 filesystem and then read the filesystem image, for example using a removable drive, might be able to use this to obtain sensitive information. - CVE-2019-11884 It was discovered that the Bluetooth HIDP implementation did not ensure that new connection names were null-terminated. A local user with CAP_NET_ADMIN capability might be able to use this to obtain sensitive information from the kernel stack.
    last seen2020-06-01
    modified2020-06-02
    plugin id125959
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125959
    titleDebian DSA-4465-1 : linux - security update (SACK Panic) (SACK Slowness)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-4465. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125959);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/10");
    
      script_cve_id("CVE-2019-10126", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11486", "CVE-2019-11599", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-3846", "CVE-2019-5489", "CVE-2019-9500", "CVE-2019-9503");
      script_xref(name:"DSA", value:"4465");
    
      script_name(english:"Debian DSA-4465-1 : linux - security update (SACK Panic) (SACK Slowness)");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in the Linux kernel that
    may lead to a privilege escalation, denial of service or information
    leaks.
    
      - CVE-2019-3846, CVE-2019-10126
        huangwen reported multiple buffer overflows in the
        Marvell wifi (mwifiex) driver, which a local user could
        use to cause denial of service or the execution of
        arbitrary code.
    
      - CVE-2019-5489
        Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael
        Schwarz, Ari Trachtenberg, Jason Hennessey, Alex
        Ionescu, and Anders Fogh discovered that local users
        could use the mincore() system call to obtain sensitive
        information from other processes that access the same
        memory-mapped file.
    
      - CVE-2019-9500, CVE-2019-9503
        Hugues Anguelkov discovered a buffer overflow and
        missing access validation in the Broadcom FullMAC wifi
        driver (brcmfmac), which a attacker on the same wifi
        network could use to cause denial of service or the
        execution of arbitrary code.
    
      - CVE-2019-11477
        Jonathan Looney reported that a specially crafted
        sequence of TCP selective acknowledgements (SACKs)
        allows a remotely triggerable kernel panic.
    
      - CVE-2019-11478
        Jonathan Looney reported that a specially crafted
        sequence of TCP selective acknowledgements (SACKs) will
        fragment the TCP retransmission queue, allowing an
        attacker to cause excessive resource usage.
    
      - CVE-2019-11479
        Jonathan Looney reported that an attacker could force
        the Linux kernel to segment its responses into multiple
        TCP segments, each of which contains only 8 bytes of
        data, drastically increasing the bandwidth required to
        deliver the same amount of data.
    
      This update introduces a new sysctl value to control the minimal MSS
      (net.ipv4.tcp_min_snd_mss), which by default uses the formerly hard
      coded value of 48. We recommend raising this to 536 unless you know
      that your network requires a lower value.
    
      - CVE-2019-11486
        Jann Horn of Google reported numerous race conditions in
        the Siemens R3964 line discipline. A local user could
        use these to cause unspecified security impact. This
        module has therefore been disabled.
    
      - CVE-2019-11599
        Jann Horn of Google reported a race condition in the
        core dump implementation which could lead to a
        use-after-free. A local user could use this to read
        sensitive information, to cause a denial of service
        (memory corruption), or for privilege escalation.
    
      - CVE-2019-11815
        It was discovered that a use-after-free in the Reliable
        Datagram Sockets protocol could result in denial of
        service and potentially privilege escalation. This
        protocol module (rds) is not auto loaded on Debian
        systems, so this issue only affects systems where it is
        explicitly loaded.
    
      - CVE-2019-11833
        It was discovered that the ext4 filesystem
        implementation writes uninitialised data from kernel
        memory to new extent blocks. A local user able to write
        to an ext4 filesystem and then read the filesystem
        image, for example using a removable drive, might be
        able to use this to obtain sensitive information.
    
      - CVE-2019-11884
        It was discovered that the Bluetooth HIDP implementation
        did not ensure that new connection names were
        null-terminated. A local user with CAP_NET_ADMIN
        capability might be able to use this to obtain sensitive
        information from the kernel stack."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928989"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-3846"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-10126"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-5489"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-9500"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-9503"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-11477"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-11478"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-11479"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-11486"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-11599"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-11815"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-11833"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2019-11884"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/source-package/linux"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/stretch/linux"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2019/dsa-4465"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the linux packages.
    
    For the stable distribution (stretch), these problems have been fixed
    in version 4.9.168-1+deb9u3."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11815");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"9.0", prefix:"hyperv-daemons", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"libcpupower-dev", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"libcpupower1", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"libusbip-dev", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-compiler-gcc-6-arm", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-compiler-gcc-6-s390", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-compiler-gcc-6-x86", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-cpupower", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-doc-4.9", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-4kc-malta", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-5kc-malta", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-686", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-686-pae", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-amd64", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-arm64", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-armel", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-armhf", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-i386", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-mips", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-mips64el", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-mipsel", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-ppc64el", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-s390x", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-amd64", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-arm64", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-armmp", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-armmp-lpae", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-common", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-common-rt", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-loongson-3", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-marvell", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-octeon", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-powerpc64le", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-rt-686-pae", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-rt-amd64", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-s390x", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-4kc-malta", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-4kc-malta-dbg", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-5kc-malta", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-5kc-malta-dbg", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-686", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-686-dbg", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-686-pae", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-686-pae-dbg", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-amd64", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-amd64-dbg", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-arm64", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-arm64-dbg", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-armmp", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-armmp-dbg", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-armmp-lpae", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-armmp-lpae-dbg", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-loongson-3", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-loongson-3-dbg", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-marvell", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-marvell-dbg", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-octeon", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-octeon-dbg", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-powerpc64le", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-powerpc64le-dbg", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-rt-686-pae", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-rt-686-pae-dbg", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-rt-amd64", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-rt-amd64-dbg", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-s390x", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-s390x-dbg", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-kbuild-4.9", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-libc-dev", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-manual-4.9", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-perf-4.9", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-source-4.9", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"linux-support-4.9.0-9", reference:"4.9.168-1+deb9u3")) flag++;
    if (deb_check(release:"9.0", prefix:"usbip", reference:"4.9.168-1+deb9u3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1532-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.180 to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() was called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check had a race condition when reading /proc/pid/stat. (bnc#1132472) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a
    last seen2020-06-01
    modified2020-06-02
    plugin id125993
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125993
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1532-1) (SACK Panic) (SACK Slowness)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:1532-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125993);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/10");
    
      script_cve_id("CVE-2018-17972", "CVE-2018-7191", "CVE-2019-11190", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11486", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-3846", "CVE-2019-5489");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1532-1) (SACK Panic) (SACK Slowness)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.180 to
    receive various security and bugfixes.
    
    The following security bugs were fixed :
    
    CVE-2019-11477: A sequence of SACKs may have been crafted such that
    one can trigger an integer overflow, leading to a kernel panic.
    
    CVE-2019-11478: It was possible to send a crafted sequence of SACKs
    which will fragment the TCP retransmission queue. An attacker may have
    been able to further exploit the fragmented queue to cause an
    expensive linked-list walk for subsequent SACKs received for that same
    TCP connection.
    
    CVE-2019-11479: An attacker could force the Linux kernel to segment
    its responses into multiple TCP segments. This would drastically
    increased the bandwidth required to deliver the same amount of data.
    Further, it would consume additional resources such as CPU and NIC
    processing power.
    
    CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and
    possibly escalate privileges was found in the mwifiex kernel module
    while connecting to a malicious wireless network. (bnc#1136424)
    
    CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in
    drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an
    unchecked kstrdup of fwstr, which might have allowed an attacker to
    cause a denial of service (NULL pointer dereference and system crash).
    (bnc#1136586)
    
    CVE-2019-5489: The mincore() implementation in mm/mincore.c in the
    Linux kernel allowed local attackers to observe page cache access
    patterns of other processes on the same system, potentially allowing
    sniffing of secret information. (Fixing this affects the output of the
    fincore program.) Limited remote exploitation may have been possible,
    as demonstrated by latency differences in accessing public files from
    an Apache HTTP Server. (bnc#1120843)
    
    CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out
    the unused memory region in the extent tree block, which might have
    allowed local users to obtain sensitive information by reading
    uninitialized data in the filesystem. (bnc#1135281)
    
    CVE-2018-7191: In the tun subsystem in the Linux kernel,
    dev_get_valid_name was not called before register_netdevice. This
    allowed local users to cause a denial of service (NULL pointer
    dereference and panic) via an ioctl(TUNSETIFF) call with a dev name
    containing a / character. (bnc#1135603)
    
    CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on
    setuid programs (such as /bin/su) because install_exec_creds() was
    called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the
    ptrace_may_access() check had a race condition when reading
    /proc/pid/stat. (bnc#1132472)
    
    CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in
    net/rds/tcp.c in the Linux kernel There was a race condition leading
    to a use-after-free, related to net namespace cleanup. (bnc#1134537)
    
    CVE-2019-11884: The do_hidp_sock_ioctl function in
    net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to
    obtain potentially sensitive information from kernel stack memory via
    a HIDPCONNADD command, because a name field may not end with a '\0'
    character. (bnc#1134848)
    
    CVE-2018-17972: An issue was discovered in the proc_pid_stack function
    in fs/proc/base.c in the Linux kernel It did not ensure that only root
    may inspect the kernel stack of an arbitrary task, allowing a local
    attacker to exploit racy stack unwinding and leak kernel task stack
    contents. (bnc#1110785)
    
    CVE-2019-11486: The Siemens R3964 line discipline driver in
    drivers/tty/n_r3964.c in the Linux kernel had multiple race
    conditions. (bnc#1133188)
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005778"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005780"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1005781"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1012382"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019695"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1019696"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1022604"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1063638"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1065600"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1085535"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1085539"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1090888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1099658"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1100132"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106110"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106284"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1106929"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108293"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1108838"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1110785"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1110946"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112063"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1112178"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1116803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1117562"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1119086"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120642"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120843"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1120902"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1122776"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126040"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1126356"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1128052"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129138"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1129770"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1130972"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131107"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131488"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1131565"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1132212"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1132472"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133188"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1133874"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134160"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134162"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134338"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134537"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134564"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134565"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134566"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134651"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134760"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134806"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134813"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1134848"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135014"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135015"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135100"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135120"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135281"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135603"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135642"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135661"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1135878"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136438"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136448"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136449"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136451"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136452"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136455"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136458"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136539"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136573"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136575"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136586"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136590"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136623"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136810"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136935"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1136990"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137142"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137162"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137586"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=843419"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-17972/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-7191/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11190/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11477/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11478/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11479/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11486/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11815/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11833/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-11884/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12382/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-3846/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-5489/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20191532-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?2393585c"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch
    SUSE-SLE-WE-12-SP3-2019-1532=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
    patch SUSE-SLE-SDK-12-SP3-2019-1532=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2019-1532=1
    
    SUSE Linux Enterprise Live Patching 12-SP3:zypper in -t patch
    SUSE-SLE-Live-Patching-12-SP3-2019-1532=1
    
    SUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch
    SUSE-SLE-HA-12-SP3-2019-1532=1
    
    SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP3-2019-1532=1
    
    SUSE CaaS Platform ALL :
    
    To install this update, use the SUSE CaaS Platform Velum dashboard. It
    will inform you if it detects new updates and let you then trigger
    updating of the complete cluster in a controlled way.
    
    SUSE CaaS Platform 3.0 :
    
    To install this update, use the SUSE CaaS Platform Velum dashboard. It
    will inform you if it detects new updates and let you then trigger
    updating of the complete cluster in a controlled way."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11815");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/10/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"3", cpu:"s390x", reference:"kernel-default-man-4.4.180-94.97.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-4.4.180-94.97.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-4.4.180-94.97.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-debuginfo-4.4.180-94.97.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debuginfo-4.4.180-94.97.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debugsource-4.4.180-94.97.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-devel-4.4.180-94.97.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-syms-4.4.180-94.97.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-4.4.180-94.97.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-debuginfo-4.4.180-94.97.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-debugsource-4.4.180-94.97.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-devel-4.4.180-94.97.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-extra-4.4.180-94.97.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-extra-debuginfo-4.4.180-94.97.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-syms-4.4.180-94.97.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0177_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.06, has kernel packages installed that are affected by multiple vulnerabilities: - The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. (CVE-2017-17805) - The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (CVE-2019-5489) - An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. (CVE-2018-17972) - Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. (CVE-2019-11477) - A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel 2.6 branch. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS). (CVE-2019-3896) - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka
    last seen2020-03-18
    modified2019-09-11
    plugin id128689
    published2019-09-11
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128689
    titleNewStart CGSL MAIN 4.06 : kernel Multiple Vulnerabilities (NS-SA-2019-0177)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1870-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-5390 aka
    last seen2020-06-01
    modified2020-06-02
    plugin id126811
    published2019-07-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126811
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:1870-1) (SACK Slowness)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1529-1.NASL
    descriptionThe SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a
    last seen2020-06-01
    modified2020-06-02
    plugin id125991
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125991
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1529-1) (SACK Panic) (SACK Slowness)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0165_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by multiple vulnerabilities: - An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id127451
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127451
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0165)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1924-1.NASL
    descriptionThis update for the Linux Kernel 3.12.74-60_64_104 fixes several issues. The following security issues were fixed : CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126981
    published2019-07-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126981
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:1924-1) (SACK Panic) (SACK Slowness)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1479.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id125967
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125967
    titleRHEL 8 : kernel (RHSA-2019:1479) (SACK Panic) (SACK Slowness)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1571.NASL
    descriptionThe openSUSE Leap 15.1 was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. (bsc#1137586) - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service (bnc#1138291). - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c (bnc#1138293). - CVE-2019-12456: An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c that allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a
    last seen2020-06-01
    modified2020-06-02
    plugin id126059
    published2019-06-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126059
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-1571) (SACK Panic) (SACK Slowness)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1480.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id125968
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125968
    titleRHEL 8 : kernel-rt (RHSA-2019:1480) (SACK Panic) (SACK Slowness)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1579.NASL
    descriptionThe openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. (bsc#1137586) - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service (bnc#1138291). - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c (bnc#1138293). - CVE-2019-12456: local users could cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a
    last seen2020-06-01
    modified2020-06-02
    plugin id126040
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126040
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-1579) (SACK Panic) (SACK Slowness)
  • NASL familyMisc.
    NASL idARISTA_EOS_SA0041.NASL
    descriptionThe version of Arista Networks EOS running on the remote device is affected by the following denial of service (DoS) vulnerabilities related to TCP networking in the Linux kernel, which can be exploited by a remote, unauthenticated attacker: - SACK Panic. The TCP_SKB_CB(skb)->tcp_gso_segs value is subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). (CVE-2019-11477) - SACK Slowness. The TCP retransmission queue implementation in tcp_fragment in the Linux kernel can be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. (CVE-2019-11478) - The Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. (CVE-2019-11479) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-03-17
    modified2020-03-06
    plugin id134303
    published2020-03-06
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134303
    titleArista Networks EOS Linux Kernel TCP Multiple DoS (SA0041)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1692-1.NASL
    descriptionThe SUSE Linux Enterprise 12 kernel version 3.12.61 was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may have been able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. (bnc#1131543) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a
    last seen2020-06-01
    modified2020-06-02
    plugin id126240
    published2019-06-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126240
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:1692-1) (SACK Panic) (SACK Slowness)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1692.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw was found in the way the Linux kernel
    last seen2020-05-06
    modified2019-07-02
    plugin id126433
    published2019-07-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126433
    titleEulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1692)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2019-0026.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Add CVE numbers for CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 (Chuck Anderson) [Orabug: 29890820] (CVE-2019-11477) (CVE-2019-11478) (CVE-2019-11479) (CVE-2019-11477) (CVE-2019-11478) (CVE-2019-11479) - tcp: fix fack_count accounting on tcp_shift_skb_data (Joao Martins) [Orabug: 29890820] - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing (Eric Dumazet) [Orabug: 29886598] - tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug: 29884306] - tcp: tcp_fragment should apply sane memory limits (Eric Dumazet) [Orabug: 29884306] - tcp: limit payload size of sacked skbs (Eric Dumazet) [Orabug: 29884306]
    last seen2020-06-01
    modified2020-06-02
    plugin id126020
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126020
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0026) (SACK Panic) (SACK Slowness)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1862.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-2101 Andrey Konovalov discovered that the USB Video Class driver (uvcvideo) did not consistently handle a type field in device descriptors, which could result in a heap buffer overflow. This could be used for denial of service or possibly for privilege escalation. CVE-2019-10639 Amit Klein and Benny Pinkas discovered that the generation of IP packet IDs used a weak hash function that incorporated a kernel virtual address. In Linux 3.16 this hash function is not used for IP IDs but is used for other purposes in the network stack. In custom kernel configurations that enable kASLR, this might weaken kASLR. CVE-2019-13272 Jann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges under certain scenarios. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id126964
    published2019-07-24
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126964
    titleDebian DLA-1862-1 : linux security update
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4484.NASL
    descriptionJann Horn discovered that the ptrace subsystem in the Linux kernel mishandles the management of the credentials of a process that wants to create a ptrace relationship, allowing a local user to obtain root privileges under certain scenarios.
    last seen2020-06-01
    modified2020-06-02
    plugin id126837
    published2019-07-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126837
    titleDebian DSA-4484-1 : linux - security update
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1488.NASL
    descriptionFrom Red Hat Security Advisory 2019:1488 : An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id126023
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126023
    titleOracle Linux 6 : kernel (ELSA-2019-1488) (SACK Panic) (SACK Slowness)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-1488.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id126007
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126007
    titleCentOS 6 : kernel (CESA-2019:1488) (SACK Panic) (SACK Slowness)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0240_LINUX.NASL
    descriptionAn update of the linux package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126176
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126176
    titlePhoton OS 1.0: Linux PHSA-2019-1.0-0240
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1792.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.Security Fix(es):An integer overflow flaw was found in the way the Linux kernel
    last seen2020-05-03
    modified2019-07-25
    plugin id127029
    published2019-07-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127029
    titleEulerOS 2.0 SP8 : kernel (EulerOS-SA-2019-1792)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1935-1.NASL
    descriptionThis update for the Linux Kernel 3.12.74-60_64_115 fixes one issue. The following security issue was fixed : This update contains a regression fix for CVE-2019-11478 (bsc#1140747). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126982
    published2019-07-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126982
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:1935-1) (SACK Slowness)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1485.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id125973
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125973
    titleRHEL 7 : kernel (RHSA-2019:1485) (SACK Panic) (SACK Slowness)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1570.NASL
    descriptionExample: The openSUSE Leap 42.3 kernel was updated to 4.4.180 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). - CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) - CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. (bsc#1137586) - CVE-2019-12819: The function __mdiobus_register() in drivers/net/phy/mdio_bus.c calls put_device(), which will trigger a fixed_mdio_bus_init use-after-free. This will cause a denial of service (bnc#1138291). - CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller did not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c (bnc#1138293). - CVE-2019-12456: An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c that allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a
    last seen2020-06-01
    modified2020-06-02
    plugin id126033
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126033
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2019-1570) (SACK Panic) (SACK Slowness)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190617_KERNEL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - An integer overflow flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2019-06-18
    plugin id125981
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125981
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20190617) (SACK Panic) (SACK Slowness)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1550-1.NASL
    descriptionThe SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-12819: The function __mdiobus_register() called put_device(), which triggered a fixed_mdio_bus_init use-after-free. This would cause a denial of service. (bsc#1138291) CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This used to affect nfc_llcp_build_gb in net/nfc/llcp_core.c. (bsc#1138293) CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bsc#1136424) CVE-2019-10124: An issue was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel. When soft_offline_in_use_page() runs on a thp tail page after pmd is split, an attacker could cause a denial of service (bsc#1130699, CVE-2019-10124). CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bsc#1136586) CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It could occur with FUSE requests. (bbsc#1133190) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bsc#1120843) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bsc#1135281) CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here : https://www.intel.com/content/dam/www/public/us/en/documents/corporate -info rmation/SA00233-microcode-update-guidance_05132019. (bsc##1111331) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bsc#1135603) CVE-2018-12126 CVE-2018-12127 CVE-2018-12130: Microarchitectural Store Buffer Data Sampling (MSBDS): Stored buffers on some microprocessors utilizing speculative execution which may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here : https://www.intel.com/content/dam/www/public/us/en/documents/corporate -info rmation/SA00233-microcode-update-guidance_05132019. (bsc#1103186) CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bsc#1135278) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bsc#1135278) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a
    last seen2020-05-12
    modified2019-06-19
    plugin id126045
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126045
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1550-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1530-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a
    last seen2020-06-01
    modified2020-06-02
    plugin id125992
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125992
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1530-1) (SACK Panic) (SACK Slowness)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1483.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id125971
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125971
    titleRHEL 7 : kernel (RHSA-2019:1483) (SACK Panic) (SACK Slowness)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4684.NASL
    descriptionDescription of changes: [4.1.12-124.28.3.el7uek] - Add CVE numbers for CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 (Chuck Anderson) [Orabug: 29890820] {CVE-2019-11477} {CVE-2019-11478} {CVE-2019-11479} {CVE-2019-11477} {CVE-2019-11478} {CVE-2019-11479} - tcp: fix fack_count accounting on tcp_shift_skb_data() (Joao Martins) [Orabug: 29890820] - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Eric Dumazet) [Orabug: 29886598] [4.1.12-124.28.2.el7uek] - tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug: 29884306] - tcp: tcp_fragment() should apply sane memory limits (Eric Dumazet) [Orabug: 29884306] - tcp: limit payload size of sacked skbs (Eric Dumazet) [Orabug: 29884306]
    last seen2020-06-01
    modified2020-06-02
    plugin id125963
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125963
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4684) (SACK Panic) (SACK Slowness)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1482.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id125970
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125970
    titleRHEL 7 : kernel (RHSA-2019:1482) (SACK Panic) (SACK Slowness)
  • NASL familyMisc.
    NASL idRANCHEROS_1_5_3.NASL
    descriptionThe remote host is running a version of RancherOS prior to v1.5.3, hence is exposed to multiple vulnerabilities: - Linux Kernel is prone to a remote integer-overflow vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. (CVE-2019-11477) - RancherOS is vulnerable to a denial of service; by crafting a sequence of SACKs, an attacker can cause fragmentation of the TCP transmission queue, leading to higher resource use. (CVE-2019-11478) - Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. (CVE-2019-11479)
    last seen2020-06-01
    modified2020-06-02
    plugin id132257
    published2019-12-19
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132257
    titleSecurity Updates for RancherOS The TCP SACK panic
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1671-1.NASL
    descriptionThis update for the Linux Kernel 4.4.121-92_104 fixes several issues. The following security issues were fixed : CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126171
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126171
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:1671-1) (SACK Panic) (SACK Slowness)
  • NASL familyF5 Networks Local Security Checks
    NASL idF5_BIGIP_SOL26618426.NASL
    descriptionJonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e. (CVE-2019-11478) Impact BIG-IP The BIG-IP system has no exposure to this vulnerability within the Traffic Management Microkernel (TMM), including virtual servers and virtual IP addresses (also known as the data plane). However, the BIG-IP system is vulnerable via the self IP addresses and the management interface (also known as the control plane). A remote attacker can exploit this vulnerability to cause a denial of service (DoS) by sending a sequence of specially crafted TCP packets. Backend systems accessed via a FastL4 virtual server By its nature as a full-proxy, the BIG-IP system protects backend systems accessed through a standard virtual server, as any attacker
    last seen2020-06-01
    modified2020-06-02
    plugin id129310
    published2019-09-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129310
    titleF5 Networks BIG-IP : Linux SACK Slowness vulnerability (K26618426) (SACK Slowness)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4689.NASL
    descriptionDescription of changes: [2.6.39-400.312.2.el6uek] - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Eric Dumazet) [Orabug: 29886601] {CVE-2019-11477} - tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug: 29884308] {CVE-2019-11479} - tcp: tcp_fragment() should apply sane memory limits (Eric Dumazet) [Orabug: 29884308] {CVE-2019-11478} - tcp: fix fack_count accounting on tcp_shift_skb_data() (Joao Martins) [Orabug: 29890843] {CVE-2019-11477} - tcp: limit payload size of sacked skbs (Eric Dumazet) [Orabug: 29884308] {CVE-2019-11477}
    last seen2020-06-01
    modified2020-06-02
    plugin id125966
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125966
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4689) (SACK Panic) (SACK Slowness)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-914542E05C.NASL
    descriptionUpdate to v5.1.11 - Fixes CVE-2019-11477 - Fixes CVE-2019-11479 - Fixes CVE-2019-11478 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126017
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126017
    titleFedora 29 : kernel / kernel-headers (2019-914542e05c) (SACK Panic) (SACK Slowness)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1486.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id125974
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125974
    titleRHEL 7 : kernel-rt (RHSA-2019:1486) (SACK Panic) (SACK Slowness)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1672.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw was found in the way the Linux kernel
    last seen2020-05-06
    modified2019-06-27
    plugin id126299
    published2019-06-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126299
    titleEulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1672)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1488.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id125975
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125975
    titleRHEL 6 : kernel (RHSA-2019:1488) (SACK Panic) (SACK Slowness)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1702.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. Security Fix(es):An excessive resource consumption flaw was found in the way the Linux kernel
    last seen2020-04-16
    modified2019-07-09
    plugin id126544
    published2019-07-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126544
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1702)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1534-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 kernel version 4.4.121 was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: It was possible to send a crafted sequence of SACKs which would fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There is an unchecked kstrdup of fwstr, which may have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343. (bnc#1135603) CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check had a race condition when reading /proc/pid/stat. (bnc#1131543) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not have ended with a
    last seen2020-06-01
    modified2020-06-02
    plugin id125995
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125995
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:1534-1) (SACK Panic) (SACK Slowness)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1594.NASL
    descriptionAn update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this updated as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host
    last seen2020-06-01
    modified2020-06-02
    plugin id126301
    published2019-06-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126301
    titleRHEL 7 : Virtualization Manager (RHSA-2019:1594) (SACK Panic) (SACK Slowness)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4017-1.NASL
    descriptionJonathan Looney discovered that the TCP retransmission queue implementation in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (CVE-2019-11478) Jonathan Looney discovered that an integer overflow existed in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service (system crash). (CVE-2019-11477). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125998
    published2019-06-18
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125998
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-hwe, (USN-4017-1) (SACK Panic) (SACK Slowness)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2019-050.NASL
    descriptionAccording to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - An integer overflow was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id133456
    published2020-02-04
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133456
    titleVirtuozzo 7 : readykernel-patch (VZA-2019-050)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0168_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple vulnerabilities: - An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id127456
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127456
    titleNewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0168)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2019-169-01.NASL
    descriptionNew kernel packages are available for Slackware 14.2 and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126031
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126031
    titleSlackware 14.2 / current : kernel (SSA:2019-169-01) (SACK Panic) (SACK Slowness)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0204.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884) * hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write (CVE-2019-0155) * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * Kernel: page cache side channel attacks (CVE-2019-5489) * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net /wireless/marvell/mwifiex/ie.c (CVE-2019-10126) * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) : * Backport TCP follow-up for small buffers (BZ#1739184) * TCP performance regression after CVE-2019-11478 bug fix (BZ#1743170) * RHEL8.0 - bnx2x link down, caused by transmit timeouts during load test (Marvell/Cavium/QLogic) (L3:) (BZ#1743548) * block: blk-mq improvement (BZ#1780567) * RHEL8.0 - Regression to RHEL7.6 by changing force_latency found during RHEL8.0 validation for SAP HANA on POWER (BZ#1781111) * blk-mq: overwirte performance drops on real MQ device (BZ#1782183) * RHEL8: creating vport takes lot of memory i.e 2GB per vport which leads to drain out system memory quickly. (BZ#1782705)
    last seen2020-06-01
    modified2020-06-02
    plugin id133221
    published2020-01-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133221
    titleRHEL 8 : kernel (RHSA-2020:0204)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1823.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-3846, CVE-2019-10126 huangwen reported multiple buffer overflows in the Marvell wifi (mwifiex) driver, which a local user could use to cause denial of service or the execution of arbitrary code. CVE-2019-5489 Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari Trachtenberg, Jason Hennessey, Alex Ionescu, and Anders Fogh discovered that local users could use the mincore() system call to obtain sensitive information from other processes that access the same memory-mapped file. CVE-2019-11477 Jonathan Looney reported that a specially crafted sequence of TCP selective acknowledgements (SACKs) allows a remotely triggerable kernel panic. CVE-2019-11478 Jonathan Looney reported that a specially crafted sequence of TCP selective acknowledgements (SACKs) will fragment the TCP retransmission queue, allowing an attacker to cause excessive resource usage. CVE-2019-11479 Jonathan Looney reported that an attacker could force the Linux kernel to segment its responses into multiple TCP segments, each of which contains only 8 bytes of data, drastically increasing the bandwidth required to deliver the same amount of data. This update introduces a new sysctl value to control the minimal MSS (net.ipv4.tcp_min_snd_mss), which by default uses the formerly hard- coded value of 48. We recommend raising this to 512 unless you know that your network requires a lower value. (This value applies to Linux 3.16 only.) CVE-2019-11810 It was discovered that the megaraid_sas driver did not correctly handle a failed memory allocation during initialisation, which could lead to a double-free. This might have some security impact, but it cannot be triggered by an unprivileged user. CVE-2019-11833 It was discovered that the ext4 filesystem implementation writes uninitialised data from kernel memory to new extent blocks. A local user able to write to an ext4 filesystem and then read the filesystem image, for example using a removable drive, might be able to use this to obtain sensitive information. CVE-2019-11884 It was discovered that the Bluetooth HIDP implementation did not ensure that new connection names were null-terminated. A local user with CAP_NET_ADMIN capability might be able to use this to obtain sensitive information from the kernel stack. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id125958
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125958
    titleDebian DLA-1823-1 : linux security update (SACK Panic) (SACK Slowness)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1948-1.NASL
    descriptionThis update for the Linux Kernel 4.4.121-92_104 fixes several issues. The following security issues were fixed : CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. (bsc#1137586) CVE-2019-11478: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. (bsc#1137586) CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136424). This update contains a regression fix for CVE-2019-11477 and CVE-2019-11478 (bsc#1140747). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126983
    published2019-07-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126983
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:1948-1) (SACK Panic) (SACK Slowness)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1481.NASL
    descriptionFrom Red Hat Security Advisory 2019:1481 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id126022
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126022
    titleOracle Linux 7 : kernel (ELSA-2019-1481) (SACK Panic) (SACK Slowness)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1481.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id125969
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125969
    titleRHEL 7 : kernel (RHSA-2019:1481) (SACK Panic) (SACK Slowness)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2430-1.NASL
    descriptionThe SUSE Linux Enterprise 15 SP1 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-12126 CVE-2018-12127 CVE-2018-12130: Microarchitectural Store Buffer Data Sampling (MSBDS): Stored buffers on some microprocessors utilizing speculative execution which may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here : https://www.intel.com/content/dam/www/public/us/en/documents/corporate -info rmation/SA00233-microcode-update-guidance_05132019. (bsc#1103186)CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may have allowed an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here : https://www.intel.com/content/dam/www/public/us/en/documents/corporate -info rmation/SA00233-microcode-update-guidance_05132019. (bsc#1111331)CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel There was an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). (bsc#1136586) CVE-2019-10124: An issue was discovered in the hwpoison implementation in mm/memory-failure.c in the Linux kernel. When soft_offline_in_use_page() runs on a thp tail page after pmd is split, an attacker could cause a denial of service (bsc#1130699). CVE-2019-11486: The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel has multiple race conditions. (bsc#1133188) CVE-2019-11811: An issue was discovered in the Linux kernel There was a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module was removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (bsc#1134397) CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It could occur with FUSE requests. (bsc#1133190) CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This used to affect nfc_llcp_build_gb in net/nfc/llcp_core.c. (bsc#1138293) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bsc#1135281) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bsc#1120843) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bsc#1135603) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a
    last seen2020-05-12
    modified2019-09-24
    plugin id129284
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129284
    titleSUSE SLED15 / SLES15 Security Update : kernel-source-rt (SUSE-SU-2019:2430-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (SACK Panic) (SACK Slowness) (Spectre)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-1481.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id126006
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126006
    titleCentOS 7 : kernel (CESA-2019:1481) (SACK Panic) (SACK Slowness)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1699.NASL
    descriptionAn update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host
    last seen2020-06-01
    modified2020-06-02
    plugin id126559
    published2019-07-09
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126559
    titleRHEL 7 : Virtualization Manager (RHSA-2019:1699) (SACK Panic) (SACK Slowness)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4685.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id125964
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125964
    titleOracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4685) (SACK Panic) (SACK Slowness)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1639.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw was found in the way the Linux kernel
    last seen2020-05-06
    modified2019-06-27
    plugin id126266
    published2019-06-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126266
    titleEulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1639)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-4686.NASL
    descriptionDescription of changes: kernel-uek [3.8.13-118.35.2.el7uek] - tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Eric Dumazet) [Orabug: 29886600] {CVE-2019-11477} - tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug: 29884307] {CVE-2019-11479} - tcp: tcp_fragment() should apply sane memory limits (Eric Dumazet) [Orabug: 29884307] {CVE-2019-11478} - tcp: fix fack_count accounting on tcp_shift_skb_data() (Joao Martins) [Orabug: 29890831] {CVE-2019-11477} - tcp: limit payload size of sacked skbs (Eric Dumazet) [Orabug: 29884307] {CVE-2019-11477}
    last seen2020-06-01
    modified2020-06-02
    plugin id125965
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125965
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4686) (SACK Panic) (SACK Slowness)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1824.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-3846, CVE-2019-10126 huangwen reported multiple buffer overflows in the Marvell wifi (mwifiex) driver, which a local user could use to cause denial of service or the execution of arbitrary code. CVE-2019-5489 Daniel Gruss, Erik Kraft, Trishita Tiwari, Michael Schwarz, Ari Trachtenberg, Jason Hennessey, Alex Ionescu, and Anders Fogh discovered that local users could use the mincore() system call to obtain sensitive information from other processes that access the same memory-mapped file. CVE-2019-9500, CVE-2019-9503 Hugues Anguelkov discovered a buffer overflow and missing access validation in the Broadcom FullMAC wifi driver (brcmfmac), which a attacker on the same wifi network could use to cause denial of service or the execution of arbitrary code. CVE-2019-11477 Jonathan Looney reported that a specially crafted sequence of TCP selective acknowledgements (SACKs) allows a remotely triggerable kernel panic. CVE-2019-11478 Jonathan Looney reported that a specially crafted sequence of TCP selective acknowledgements (SACKs) will fragment the TCP retransmission queue, allowing an attacker to cause excessive resource usage. CVE-2019-11479 Jonathan Looney reported that an attacker could force the Linux kernel to segment its responses into multiple TCP segments, each of which contains only 8 bytes of data, drastically increasing the bandwidth required to deliver the same amount of data. This update introduces a new sysctl value to control the minimal MSS (net.ipv4.tcp_min_snd_mss), which by default uses the formerly hard- coded value of 48. We recommend raising this to 536 unless you know that your network requires a lower value. CVE-2019-11486 Jann Horn of Google reported numerous race conditions in the Siemens R3964 line discipline. A local user could use these to cause unspecified security impact. This module has therefore been disabled. CVE-2019-11599 Jann Horn of Google reported a race condition in the core dump implementation which could lead to a use-after-free. A local user could use this to read sensitive information, to cause a denial of service (memory corruption), or for privilege escalation. CVE-2019-11815 It was discovered that a use-after-free in the Reliable Datagram Sockets protocol could result in denial of service and potentially privilege escalation. This protocol module (rds) is not auto- loaded on Debian systems, so this issue only affects systems where it is explicitly loaded. CVE-2019-11833 It was discovered that the ext4 filesystem implementation writes uninitialised data from kernel memory to new extent blocks. A local user able to write to an ext4 filesystem and then read the filesystem image, for example using a removable drive, might be able to use this to obtain sensitive information. CVE-2019-11884 It was discovered that the Bluetooth HIDP implementation did not ensure that new connection names were null-terminated. A local user with CAP_NET_ADMIN capability might be able to use this to obtain sensitive information from the kernel stack. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id126009
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126009
    titleDebian DLA-1824-1 : linux-4.9 security update (SACK Panic) (SACK Slowness)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190609_KERNEL_ON_SL6_X.NASL
    descriptionBased on the RPM metadata this appears to be a security kernel. The RPM changelog shows fixes related to Security Fix(es) : - An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id126763
    published2019-07-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126763
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (SACK Panic) (SACK Slowness)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1479.NASL
    descriptionFrom Red Hat Security Advisory 2019:1479 : An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id127590
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127590
    titleOracle Linux 8 : kernel (ELSA-2019-1479) (SACK Panic) (SACK Slowness)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1489.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id125976
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125976
    titleRHEL 6 : kernel (RHSA-2019:1489) (SACK Panic) (SACK Slowness)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1490.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id125977
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125977
    titleRHEL 6 : kernel (RHSA-2019:1490) (SACK Panic) (SACK Slowness)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1535-1.NASL
    descriptionThe SUSE Linux Enterprise 15 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted such that one can trigger an integer overflow, leading to a kernel panic. CVE-2019-11478: It was possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. An attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: An attacker could force the Linux kernel to segment its responses into multiple TCP segments. This would drastically increased the bandwidth required to deliver the same amount of data. Further, it would consume additional resources such as CPU and NIC processing power. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-12382: An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel, there was an unchecked kstrdup of fwstr, which might have allowed an attacker to cause a denial of service (NULL pointer dereference and system crash). (bnc#1136586) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may have been possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11487: The Linux kernel allowed page reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM existed. It could have occured with FUSE requests. (bnc#1133190) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might have allowed local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603) CVE-2019-11085: Insufficient input validation in Kernel Mode Driver in i915 Graphics for Linux may have allowed an authenticated user to potentially enable escalation of privilege via local access. (bnc#1135278) CVE-2019-11815: An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel There was a race condition leading to a use-after-free, related to net namespace cleanup. (bnc#1134537) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a hidPCONNADD command, because a name field may not end with a
    last seen2020-06-01
    modified2020-06-02
    plugin id125996
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125996
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1535-1) (SACK Panic) (SACK Slowness)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1855-1.NASL
    descriptionThe SUSE Linux Enterprise 15 kernel version 4.12.14 was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-10638: Attackers used to be able to track the Linux kernel by the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack could have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. [bnc#1140575] CVE-2019-10639: The Linux kernel used to allow Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols. When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key was extracted (via enumeration), the offset of the kernel image was exposed. This attack could be carried out remotely by the attacker forcing the target device to send UDP or ICMP traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker
    last seen2020-06-01
    modified2020-06-02
    plugin id126744
    published2019-07-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126744
    titleSUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:1855-1) (SACK Slowness)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1222.NASL
    descriptionCVE-2019-11477 , CVE-2019-11478 and CVE-2019-11479 describe vulnerabilities in the Linux kernel that can be remotely exploited using a specially crafted TCP connection, crashing the targeted system. The latest Amazon Linux AMIs as available in AWS EC2 already contain these kernels and are not vulnerable.
    last seen2020-06-01
    modified2020-06-02
    plugin id125955
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125955
    titleAmazon Linux AMI : kernel (ALAS-2019-1222) (SACK Panic) (SACK Slowness)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1484.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id125972
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125972
    titleRHEL 7 : kernel (RHSA-2019:1484) (SACK Panic) (SACK Slowness)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0162_KERNEL-RT.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities: - An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id127444
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127444
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0162)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0165_LINUX.NASL
    descriptionAn update of the linux package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126106
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126106
    titlePhoton OS 2.0: Linux PHSA-2019-2.0-0165
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2019-052.NASL
    descriptionAccording to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A double-free can happen in idr_remove_all() in lib/idr.c in the Linux kernel. An unprivileged local attacker can use this flaw for a privilege escalation or for a system crash and a denial of service (DoS). - An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id126175
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126175
    titleVirtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2019-052)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0165_KERNEL-RT.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel-rt packages installed that are affected by multiple vulnerabilities: - Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091) - An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id127450
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127450
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0165)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1602.NASL
    descriptionAn update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es) : * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id126250
    published2019-06-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126250
    titleRHEL 7 : kernel-alt (RHSA-2019:1602) (SACK Panic) (SACK Slowness)
  • NASL familyPalo Alto Local Security Checks
    NASL idPALO_ALTO_PAN-SA-2019-0013.NASL
    descriptionThe version of Palo Alto Networks PAN-OS running on the remote host is 7.1.x prior to 7.1.24 or 8.0.x prior to 8.0.19 or 8.1.x prior to 8.1.8-h5 or 9.0.x prior to 9.0.2-h4. It is, therefore, affected by multiple vulnerabilities. - An integer overflow condition exists in Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id129302
    published2019-09-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129302
    titlePalo Alto Networks PAN-OS 7.1.x < 7.1.24 / 8.0.x < 8.0.19 / 8.1.x < 8.1.8-h5 / 9.0.x < 9.0.2-h4 Multiple Vulnerabilities
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0162_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id127445
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127445
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0162)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-6C3D89B3D0.NASL
    descriptionUpdate to v5.1.11 - Fixes CVE-2019-11477 - Fixes CVE-2019-11479 - Fixes CVE-2019-11478 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126016
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126016
    titleFedora 30 : kernel / kernel-headers (2019-6c3d89b3d0) (SACK Panic) (SACK Slowness)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1668-1.NASL
    descriptionThis update for the Linux Kernel 3.12.74-60_64_107 fixes several issues. The following security issues were fixed : CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network (bsc#1136446). CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). CVE-2019-11478: It was possible to send a crafted sequence of SACKs which would fragment the TCP retransmission queue. A remote attacker may have been able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. (bsc#1137586) CVE-2019-11487: The Linux kernel allowed page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126170
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126170
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:1668-1) (SACK Panic) (SACK Slowness)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1533-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 kernel version 3.12.74 was updated to to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-11477: A sequence of SACKs may have been crafted by a remote attacker such that one can trigger an integer overflow, leading to a kernel panic. (bsc#1137586). CVE-2019-11478: It is possible to send a crafted sequence of SACKs which will fragment the TCP retransmission queue. A remote attacker may be able to further exploit the fragmented queue to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. CVE-2019-11479: It was possible to send a crafted sequence of SACKs which will fragment the RACK send map. A remote attacker may be able to further exploit the fragmented send map to cause an expensive linked-list walk for subsequent SACKs received for that same TCP connection. This would have resulted in excess resource consumption due to low mss values. CVE-2019-3846: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (bnc#1136424) CVE-2019-5489: The mincore() implementation in mm/mincore.c in the Linux kernel allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (bnc#1120843) CVE-2019-11833: fs/ext4/extents.c in the Linux kernel did not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (bnc#1135281) CVE-2019-11190: The Linux kernel allowed local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat. (bnc#1131543) CVE-2019-11884: The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel allowed a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a
    last seen2020-06-01
    modified2020-06-02
    plugin id125994
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125994
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2019:1533-1) (SACK Panic) (SACK Slowness)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1487.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * An integer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id126057
    published2019-06-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126057
    titleRHEL 6 : MRG (RHSA-2019:1487) (SACK Panic) (SACK Slowness)
  • NASL familyFirewalls
    NASL idCHECK_POINT_GAIA_SK156192.NASL
    descriptionThe remote host is running a version of the Gaia Operating System which is affected by multiple vulnerabilities involving the Linux Kernel
    last seen2020-03-27
    modified2020-03-25
    plugin id134891
    published2020-03-25
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134891
    titleCheck Point Gaia Operating System Administrator password truncation (sk156192)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1851-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-10638: A device could have been tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may have been conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (bnc#1140575) CVE-2019-10639: Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it was possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic was sent to multiple destination IP addresses, it was possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image was exposed. This attack could have been carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic was trivial if the server answered ICMP Echo requests (ping). For client targets, if the target visited the attacker
    last seen2020-06-01
    modified2020-06-02
    plugin id126741
    published2019-07-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126741
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:1851-1) (SACK Slowness)

Redhat

advisories
  • rhsa
    idRHSA-2019:1594
  • rhsa
    idRHSA-2019:1602
  • rhsa
    idRHSA-2019:1699
rpms
  • bpftool-0:4.18.0-80.4.2.el8_0
  • bpftool-debuginfo-0:4.18.0-80.4.2.el8_0
  • kernel-0:4.18.0-80.4.2.el8_0
  • kernel-abi-whitelists-0:4.18.0-80.4.2.el8_0
  • kernel-core-0:4.18.0-80.4.2.el8_0
  • kernel-cross-headers-0:4.18.0-80.4.2.el8_0
  • kernel-debug-0:4.18.0-80.4.2.el8_0
  • kernel-debug-core-0:4.18.0-80.4.2.el8_0
  • kernel-debug-debuginfo-0:4.18.0-80.4.2.el8_0
  • kernel-debug-devel-0:4.18.0-80.4.2.el8_0
  • kernel-debug-modules-0:4.18.0-80.4.2.el8_0
  • kernel-debug-modules-extra-0:4.18.0-80.4.2.el8_0
  • kernel-debuginfo-0:4.18.0-80.4.2.el8_0
  • kernel-debuginfo-common-aarch64-0:4.18.0-80.4.2.el8_0
  • kernel-debuginfo-common-ppc64le-0:4.18.0-80.4.2.el8_0
  • kernel-debuginfo-common-s390x-0:4.18.0-80.4.2.el8_0
  • kernel-debuginfo-common-x86_64-0:4.18.0-80.4.2.el8_0
  • kernel-devel-0:4.18.0-80.4.2.el8_0
  • kernel-doc-0:4.18.0-80.4.2.el8_0
  • kernel-headers-0:4.18.0-80.4.2.el8_0
  • kernel-modules-0:4.18.0-80.4.2.el8_0
  • kernel-modules-extra-0:4.18.0-80.4.2.el8_0
  • kernel-tools-0:4.18.0-80.4.2.el8_0
  • kernel-tools-debuginfo-0:4.18.0-80.4.2.el8_0
  • kernel-tools-libs-0:4.18.0-80.4.2.el8_0
  • kernel-tools-libs-devel-0:4.18.0-80.4.2.el8_0
  • kernel-zfcpdump-0:4.18.0-80.4.2.el8_0
  • kernel-zfcpdump-core-0:4.18.0-80.4.2.el8_0
  • kernel-zfcpdump-debuginfo-0:4.18.0-80.4.2.el8_0
  • kernel-zfcpdump-devel-0:4.18.0-80.4.2.el8_0
  • kernel-zfcpdump-modules-0:4.18.0-80.4.2.el8_0
  • kernel-zfcpdump-modules-extra-0:4.18.0-80.4.2.el8_0
  • perf-0:4.18.0-80.4.2.el8_0
  • perf-debuginfo-0:4.18.0-80.4.2.el8_0
  • python3-perf-0:4.18.0-80.4.2.el8_0
  • python3-perf-debuginfo-0:4.18.0-80.4.2.el8_0
  • kernel-rt-0:4.18.0-80.4.2.rt9.152.el8_0
  • kernel-rt-core-0:4.18.0-80.4.2.rt9.152.el8_0
  • kernel-rt-debug-0:4.18.0-80.4.2.rt9.152.el8_0
  • kernel-rt-debug-core-0:4.18.0-80.4.2.rt9.152.el8_0
  • kernel-rt-debug-debuginfo-0:4.18.0-80.4.2.rt9.152.el8_0
  • kernel-rt-debug-devel-0:4.18.0-80.4.2.rt9.152.el8_0
  • kernel-rt-debug-kvm-0:4.18.0-80.4.2.rt9.152.el8_0
  • kernel-rt-debug-kvm-debuginfo-0:4.18.0-80.4.2.rt9.152.el8_0
  • kernel-rt-debug-modules-0:4.18.0-80.4.2.rt9.152.el8_0
  • kernel-rt-debug-modules-extra-0:4.18.0-80.4.2.rt9.152.el8_0
  • kernel-rt-debuginfo-0:4.18.0-80.4.2.rt9.152.el8_0
  • kernel-rt-debuginfo-common-x86_64-0:4.18.0-80.4.2.rt9.152.el8_0
  • kernel-rt-devel-0:4.18.0-80.4.2.rt9.152.el8_0
  • kernel-rt-kvm-0:4.18.0-80.4.2.rt9.152.el8_0
  • kernel-rt-kvm-debuginfo-0:4.18.0-80.4.2.rt9.152.el8_0
  • kernel-rt-modules-0:4.18.0-80.4.2.rt9.152.el8_0
  • kernel-rt-modules-extra-0:4.18.0-80.4.2.rt9.152.el8_0
  • bpftool-0:3.10.0-957.21.3.el7
  • kernel-0:3.10.0-957.21.3.el7
  • kernel-abi-whitelists-0:3.10.0-957.21.3.el7
  • kernel-bootwrapper-0:3.10.0-957.21.3.el7
  • kernel-debug-0:3.10.0-957.21.3.el7
  • kernel-debug-debuginfo-0:3.10.0-957.21.3.el7
  • kernel-debug-devel-0:3.10.0-957.21.3.el7
  • kernel-debuginfo-0:3.10.0-957.21.3.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-957.21.3.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-957.21.3.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-957.21.3.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-957.21.3.el7
  • kernel-devel-0:3.10.0-957.21.3.el7
  • kernel-doc-0:3.10.0-957.21.3.el7
  • kernel-headers-0:3.10.0-957.21.3.el7
  • kernel-kdump-0:3.10.0-957.21.3.el7
  • kernel-kdump-debuginfo-0:3.10.0-957.21.3.el7
  • kernel-kdump-devel-0:3.10.0-957.21.3.el7
  • kernel-tools-0:3.10.0-957.21.3.el7
  • kernel-tools-debuginfo-0:3.10.0-957.21.3.el7
  • kernel-tools-libs-0:3.10.0-957.21.3.el7
  • kernel-tools-libs-devel-0:3.10.0-957.21.3.el7
  • perf-0:3.10.0-957.21.3.el7
  • perf-debuginfo-0:3.10.0-957.21.3.el7
  • python-perf-0:3.10.0-957.21.3.el7
  • python-perf-debuginfo-0:3.10.0-957.21.3.el7
  • kernel-0:3.10.0-862.34.2.el7
  • kernel-abi-whitelists-0:3.10.0-862.34.2.el7
  • kernel-bootwrapper-0:3.10.0-862.34.2.el7
  • kernel-debug-0:3.10.0-862.34.2.el7
  • kernel-debug-debuginfo-0:3.10.0-862.34.2.el7
  • kernel-debug-devel-0:3.10.0-862.34.2.el7
  • kernel-debuginfo-0:3.10.0-862.34.2.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-862.34.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-862.34.2.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-862.34.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-862.34.2.el7
  • kernel-devel-0:3.10.0-862.34.2.el7
  • kernel-doc-0:3.10.0-862.34.2.el7
  • kernel-headers-0:3.10.0-862.34.2.el7
  • kernel-kdump-0:3.10.0-862.34.2.el7
  • kernel-kdump-debuginfo-0:3.10.0-862.34.2.el7
  • kernel-kdump-devel-0:3.10.0-862.34.2.el7
  • kernel-tools-0:3.10.0-862.34.2.el7
  • kernel-tools-debuginfo-0:3.10.0-862.34.2.el7
  • kernel-tools-libs-0:3.10.0-862.34.2.el7
  • kernel-tools-libs-devel-0:3.10.0-862.34.2.el7
  • perf-0:3.10.0-862.34.2.el7
  • perf-debuginfo-0:3.10.0-862.34.2.el7
  • python-perf-0:3.10.0-862.34.2.el7
  • python-perf-debuginfo-0:3.10.0-862.34.2.el7
  • kernel-0:3.10.0-693.50.3.el7
  • kernel-abi-whitelists-0:3.10.0-693.50.3.el7
  • kernel-bootwrapper-0:3.10.0-693.50.3.el7
  • kernel-debug-0:3.10.0-693.50.3.el7
  • kernel-debug-debuginfo-0:3.10.0-693.50.3.el7
  • kernel-debug-devel-0:3.10.0-693.50.3.el7
  • kernel-debuginfo-0:3.10.0-693.50.3.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-693.50.3.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-693.50.3.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-693.50.3.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-693.50.3.el7
  • kernel-devel-0:3.10.0-693.50.3.el7
  • kernel-doc-0:3.10.0-693.50.3.el7
  • kernel-headers-0:3.10.0-693.50.3.el7
  • kernel-kdump-0:3.10.0-693.50.3.el7
  • kernel-kdump-debuginfo-0:3.10.0-693.50.3.el7
  • kernel-kdump-devel-0:3.10.0-693.50.3.el7
  • kernel-tools-0:3.10.0-693.50.3.el7
  • kernel-tools-debuginfo-0:3.10.0-693.50.3.el7
  • kernel-tools-libs-0:3.10.0-693.50.3.el7
  • kernel-tools-libs-devel-0:3.10.0-693.50.3.el7
  • perf-0:3.10.0-693.50.3.el7
  • perf-debuginfo-0:3.10.0-693.50.3.el7
  • python-perf-0:3.10.0-693.50.3.el7
  • python-perf-debuginfo-0:3.10.0-693.50.3.el7
  • kernel-0:3.10.0-514.66.2.el7
  • kernel-abi-whitelists-0:3.10.0-514.66.2.el7
  • kernel-bootwrapper-0:3.10.0-514.66.2.el7
  • kernel-debug-0:3.10.0-514.66.2.el7
  • kernel-debug-debuginfo-0:3.10.0-514.66.2.el7
  • kernel-debug-devel-0:3.10.0-514.66.2.el7
  • kernel-debuginfo-0:3.10.0-514.66.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-514.66.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-514.66.2.el7
  • kernel-devel-0:3.10.0-514.66.2.el7
  • kernel-doc-0:3.10.0-514.66.2.el7
  • kernel-headers-0:3.10.0-514.66.2.el7
  • kernel-tools-0:3.10.0-514.66.2.el7
  • kernel-tools-debuginfo-0:3.10.0-514.66.2.el7
  • kernel-tools-libs-0:3.10.0-514.66.2.el7
  • kernel-tools-libs-devel-0:3.10.0-514.66.2.el7
  • perf-0:3.10.0-514.66.2.el7
  • perf-debuginfo-0:3.10.0-514.66.2.el7
  • python-perf-0:3.10.0-514.66.2.el7
  • python-perf-debuginfo-0:3.10.0-514.66.2.el7
  • kernel-0:3.10.0-327.79.2.el7
  • kernel-abi-whitelists-0:3.10.0-327.79.2.el7
  • kernel-debug-0:3.10.0-327.79.2.el7
  • kernel-debug-debuginfo-0:3.10.0-327.79.2.el7
  • kernel-debug-devel-0:3.10.0-327.79.2.el7
  • kernel-debuginfo-0:3.10.0-327.79.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-327.79.2.el7
  • kernel-devel-0:3.10.0-327.79.2.el7
  • kernel-doc-0:3.10.0-327.79.2.el7
  • kernel-headers-0:3.10.0-327.79.2.el7
  • kernel-tools-0:3.10.0-327.79.2.el7
  • kernel-tools-debuginfo-0:3.10.0-327.79.2.el7
  • kernel-tools-libs-0:3.10.0-327.79.2.el7
  • kernel-tools-libs-devel-0:3.10.0-327.79.2.el7
  • perf-0:3.10.0-327.79.2.el7
  • perf-debuginfo-0:3.10.0-327.79.2.el7
  • python-perf-0:3.10.0-327.79.2.el7
  • python-perf-debuginfo-0:3.10.0-327.79.2.el7
  • kernel-rt-0:3.10.0-957.21.3.rt56.935.el7
  • kernel-rt-debug-0:3.10.0-957.21.3.rt56.935.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-957.21.3.rt56.935.el7
  • kernel-rt-debug-devel-0:3.10.0-957.21.3.rt56.935.el7
  • kernel-rt-debug-kvm-0:3.10.0-957.21.3.rt56.935.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-957.21.3.rt56.935.el7
  • kernel-rt-debuginfo-0:3.10.0-957.21.3.rt56.935.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-957.21.3.rt56.935.el7
  • kernel-rt-devel-0:3.10.0-957.21.3.rt56.935.el7
  • kernel-rt-doc-0:3.10.0-957.21.3.rt56.935.el7
  • kernel-rt-kvm-0:3.10.0-957.21.3.rt56.935.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-957.21.3.rt56.935.el7
  • kernel-rt-trace-0:3.10.0-957.21.3.rt56.935.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-957.21.3.rt56.935.el7
  • kernel-rt-trace-devel-0:3.10.0-957.21.3.rt56.935.el7
  • kernel-rt-trace-kvm-0:3.10.0-957.21.3.rt56.935.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-957.21.3.rt56.935.el7
  • kernel-rt-1:3.10.0-693.50.3.rt56.644.el6rt
  • kernel-rt-debug-1:3.10.0-693.50.3.rt56.644.el6rt
  • kernel-rt-debug-debuginfo-1:3.10.0-693.50.3.rt56.644.el6rt
  • kernel-rt-debug-devel-1:3.10.0-693.50.3.rt56.644.el6rt
  • kernel-rt-debuginfo-1:3.10.0-693.50.3.rt56.644.el6rt
  • kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.50.3.rt56.644.el6rt
  • kernel-rt-devel-1:3.10.0-693.50.3.rt56.644.el6rt
  • kernel-rt-doc-1:3.10.0-693.50.3.rt56.644.el6rt
  • kernel-rt-firmware-1:3.10.0-693.50.3.rt56.644.el6rt
  • kernel-rt-trace-1:3.10.0-693.50.3.rt56.644.el6rt
  • kernel-rt-trace-debuginfo-1:3.10.0-693.50.3.rt56.644.el6rt
  • kernel-rt-trace-devel-1:3.10.0-693.50.3.rt56.644.el6rt
  • kernel-rt-vanilla-1:3.10.0-693.50.3.rt56.644.el6rt
  • kernel-rt-vanilla-debuginfo-1:3.10.0-693.50.3.rt56.644.el6rt
  • kernel-rt-vanilla-devel-1:3.10.0-693.50.3.rt56.644.el6rt
  • kernel-0:2.6.32-754.15.3.el6
  • kernel-abi-whitelists-0:2.6.32-754.15.3.el6
  • kernel-bootwrapper-0:2.6.32-754.15.3.el6
  • kernel-debug-0:2.6.32-754.15.3.el6
  • kernel-debug-debuginfo-0:2.6.32-754.15.3.el6
  • kernel-debug-devel-0:2.6.32-754.15.3.el6
  • kernel-debuginfo-0:2.6.32-754.15.3.el6
  • kernel-debuginfo-common-i686-0:2.6.32-754.15.3.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-754.15.3.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-754.15.3.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-754.15.3.el6
  • kernel-devel-0:2.6.32-754.15.3.el6
  • kernel-doc-0:2.6.32-754.15.3.el6
  • kernel-firmware-0:2.6.32-754.15.3.el6
  • kernel-headers-0:2.6.32-754.15.3.el6
  • kernel-kdump-0:2.6.32-754.15.3.el6
  • kernel-kdump-debuginfo-0:2.6.32-754.15.3.el6
  • kernel-kdump-devel-0:2.6.32-754.15.3.el6
  • perf-0:2.6.32-754.15.3.el6
  • perf-debuginfo-0:2.6.32-754.15.3.el6
  • python-perf-0:2.6.32-754.15.3.el6
  • python-perf-debuginfo-0:2.6.32-754.15.3.el6
  • kernel-0:2.6.32-504.79.3.el6
  • kernel-abi-whitelists-0:2.6.32-504.79.3.el6
  • kernel-debug-0:2.6.32-504.79.3.el6
  • kernel-debug-debuginfo-0:2.6.32-504.79.3.el6
  • kernel-debug-devel-0:2.6.32-504.79.3.el6
  • kernel-debuginfo-0:2.6.32-504.79.3.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-504.79.3.el6
  • kernel-devel-0:2.6.32-504.79.3.el6
  • kernel-doc-0:2.6.32-504.79.3.el6
  • kernel-firmware-0:2.6.32-504.79.3.el6
  • kernel-headers-0:2.6.32-504.79.3.el6
  • perf-0:2.6.32-504.79.3.el6
  • perf-debuginfo-0:2.6.32-504.79.3.el6
  • python-perf-0:2.6.32-504.79.3.el6
  • python-perf-debuginfo-0:2.6.32-504.79.3.el6
  • kernel-0:2.6.32-431.95.3.el6
  • kernel-abi-whitelists-0:2.6.32-431.95.3.el6
  • kernel-debug-0:2.6.32-431.95.3.el6
  • kernel-debug-debuginfo-0:2.6.32-431.95.3.el6
  • kernel-debug-devel-0:2.6.32-431.95.3.el6
  • kernel-debuginfo-0:2.6.32-431.95.3.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-431.95.3.el6
  • kernel-devel-0:2.6.32-431.95.3.el6
  • kernel-doc-0:2.6.32-431.95.3.el6
  • kernel-firmware-0:2.6.32-431.95.3.el6
  • kernel-headers-0:2.6.32-431.95.3.el6
  • perf-0:2.6.32-431.95.3.el6
  • perf-debuginfo-0:2.6.32-431.95.3.el6
  • python-perf-0:2.6.32-431.95.3.el6
  • python-perf-debuginfo-0:2.6.32-431.95.3.el6
  • redhat-release-virtualization-host-0:4.2-11.1.el7
  • redhat-release-virtualization-host-content-0:4.2-11.1.el7
  • redhat-virtualization-host-image-update-0:4.2-20190618.0.el7_6
  • redhat-virtualization-host-image-update-placeholder-0:4.2-11.1.el7
  • kernel-0:4.14.0-115.8.2.el7a
  • kernel-abi-whitelists-0:4.14.0-115.8.2.el7a
  • kernel-bootwrapper-0:4.14.0-115.8.2.el7a
  • kernel-debug-0:4.14.0-115.8.2.el7a
  • kernel-debug-debuginfo-0:4.14.0-115.8.2.el7a
  • kernel-debug-devel-0:4.14.0-115.8.2.el7a
  • kernel-debuginfo-0:4.14.0-115.8.2.el7a
  • kernel-debuginfo-common-aarch64-0:4.14.0-115.8.2.el7a
  • kernel-debuginfo-common-ppc64le-0:4.14.0-115.8.2.el7a
  • kernel-debuginfo-common-s390x-0:4.14.0-115.8.2.el7a
  • kernel-devel-0:4.14.0-115.8.2.el7a
  • kernel-doc-0:4.14.0-115.8.2.el7a
  • kernel-headers-0:4.14.0-115.8.2.el7a
  • kernel-kdump-0:4.14.0-115.8.2.el7a
  • kernel-kdump-debuginfo-0:4.14.0-115.8.2.el7a
  • kernel-kdump-devel-0:4.14.0-115.8.2.el7a
  • kernel-tools-0:4.14.0-115.8.2.el7a
  • kernel-tools-debuginfo-0:4.14.0-115.8.2.el7a
  • kernel-tools-libs-0:4.14.0-115.8.2.el7a
  • kernel-tools-libs-devel-0:4.14.0-115.8.2.el7a
  • perf-0:4.14.0-115.8.2.el7a
  • perf-debuginfo-0:4.14.0-115.8.2.el7a
  • python-perf-0:4.14.0-115.8.2.el7a
  • python-perf-debuginfo-0:4.14.0-115.8.2.el7a
  • redhat-release-virtualization-host-0:4.3.4-1.el7ev
  • redhat-virtualization-host-image-update-0:4.3.4-20190620.3.el7_6
  • redhat-virtualization-host-image-update-placeholder-0:4.3.4-1.el7ev

References