Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2023 Tenable Network Security, Inc.FEDORA_2010-16826.NASL
HistoryOct 29, 2010 - 12:00 a.m.

Fedora 14 : kernel-2.6.35.6-48.fc14 (2010-16826)

2010-10-2900:00:00
This script is Copyright (C) 2010-2023 Tenable Network Security, Inc.
www.tenable.com
131

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

43.1%

JSON

Fix several important security issues.

Also fixes suspend on some systems with TPM chips, enables additional Ricoh SDHC adapters, and fixes a problem with the error message printed when an Intel IOMMU gets disabled.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2010-16826.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(50400);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/05/14");

  script_cve_id(
    "CVE-2010-2962",
    "CVE-2010-2963",
    "CVE-2010-3698",
    "CVE-2010-3904"
  );
  script_bugtraq_id(44067, 44219, 44242);
  script_xref(name:"FEDORA", value:"2010-16826");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/06/02");

  script_name(english:"Fedora 14 : kernel-2.6.35.6-48.fc14 (2010-16826)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"Fix several important security issues.

Also fixes suspend on some systems with TPM chips, enables additional
Ricoh SDHC adapters, and fixes a problem with the error message
printed when an Intel IOMMU gets disabled.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=637688");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=639879");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=642465");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=642896");
  # https://lists.fedoraproject.org/pipermail/package-announce/2010-October/049999.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1a6e8ed3");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Reliable Datagram Sockets (RDS) Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/10/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/29");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2010-2023 Tenable Network Security, Inc.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC14", reference:"kernel-2.6.35.6-48.fc14")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
VendorProductVersionCPE
fedoraprojectfedora14cpe:/o:fedoraproject:fedora:14
fedoraprojectfedorakernelp-cpe:/a:fedoraproject:fedora:kernel

Related

openvas 73
fedora 15
nessus 32
suse 5
prion 4
seebug 4
zdt 3
packetstorm 3
ubuntucve 4
cvelist 4
cve 4
redhat 4
centos 2
securityvulns 3
metasploit 2
nvd 4
altlinux 1
oraclelinux 10
cert 1
canvas 1
exploitpack 2
veracode 3
cisa_kev 1
attackerkb 1
exploitdb 3
thn 1
ubuntu 9
openvas
openvas
Fedora Update for kernel FEDORA-2010-16826
2010-12-02 00:00:00
Fedora Update for kernel FEDORA-2010-16826
2010-12-02 00:00:00
SuSE Update for kernel SUSE-SA:2010:053
2010-11-16 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: kernel-2.6.35.6-48.fc14
2010-10-28 06:10:03
[SECURITY] Fedora 14 Update: kernel-2.6.35.9-64.fc14
2010-12-05 00:42:46
[SECURITY] Fedora 14 Update: kernel-2.6.35.13-92.fc14
2011-06-11 04:22:38
nessus
nessus
openSUSE Security Update : kernel (openSUSE-SU-2010:0919-1)
2010-10-29 00:00:00
openSUSE Security Update : kernel (openSUSE-SU-2010:0902-1)
2014-06-13 00:00:00
SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 3433 / 3436 / 3445)
2011-01-21 00:00:00
suse
suse
local privilege escalation in kernel
2010-10-28 16:14:32
local privilege escalation in kernel
2010-11-11 15:47:32
local privilege escalation in kernel
2010-10-15 16:28:44
prion
prion
Memory corruption
2010-11-26 19:00:00
Design/Logic Flaw
2010-12-06 20:13:00
Design/Logic Flaw
2010-11-26 19:00:00
seebug
seebug
Linux RDS Protocol Local Privilege Escalation
2010-10-26 00:00:00
Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite Vulnerability
2010-10-29 00:00:00
Linux Kernel <= 2.6.36-rc8 - RDS Protocol Local Privilege Escalation
2014-07-01 00:00:00
zdt
zdt
Reliable Datagram Sockets (RDS) Privilege Escalation Exploit
2018-05-19 00:00:00
Linux 2.6.30 < 2.6.36-rc8 - Reliable Datagram Sockets (RDS) Privilege Escalation Exploit
2018-05-21 00:00:00
vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation Exploit
2019-12-24 00:00:00
packetstorm
packetstorm
vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
2019-12-23 00:00:00
Reliable Datagram Sockets (RDS) Privilege Escalation
2018-05-19 00:00:00
Linux Kernel VIDIOCSMICROCODE IOCTL Local Memory Overwrite
2010-10-29 00:00:00
ubuntucve
ubuntucve
CVE-2010-3904
2010-10-19 00:00:00
CVE-2010-2963
2010-10-19 00:00:00
CVE-2010-2962
2010-11-26 00:00:00
cvelist
cvelist
CVE-2010-3904
2010-12-06 20:00:00
CVE-2010-2963
2010-11-26 18:23:00
CVE-2010-2962
2010-11-26 18:23:00
cve
cve
CVE-2010-3904
2010-12-06 20:13:00
CVE-2010-2963
2010-11-26 19:00:06
CVE-2010-3698
2010-11-26 19:00:07
redhat
redhat
(RHSA-2010:0792) Important: kernel security update
2010-10-25 00:00:00
(RHSA-2010:0898) Moderate: kvm security update
2010-12-06 00:00:00
(RHSA-2010:0842) Important: kernel security and bug fix update
2010-11-10 00:00:00
centos
centos
kernel security update
2010-10-26 06:38:54
kmod, kvm security update
2010-12-14 01:21:04
securityvulns
securityvulns
Linux kernel RDS protocol privilege escalation
2010-10-24 00:00:00
VSR Advisories: Linux RDS Protocol Local Privilege Escalation
2010-10-24 00:00:00
NGS000267 Technical Advisory: Symantec Messaging Gateway SSH with backdoor user account plus privilege escalation to root due to very old Kernel
2012-12-02 00:00:00
metasploit
metasploit
Reliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
2019-12-18 20:05:19
Reliable Datagram Sockets (RDS) Privilege Escalation
2018-05-03 12:51:21
nvd
nvd
CVE-2010-2963
2010-11-26 19:00:06
CVE-2010-3904
2010-12-06 20:13:00
CVE-2010-3698
2010-11-26 19:00:07
altlinux
altlinux
Security fix for the ALT Linux 6 package kernel-image-hpc-skif version 2.6.32-alt24
2010-10-20 00:00:00
oraclelinux
oraclelinux
kernel security update
2010-10-22 00:00:00
kernel security update
2010-10-27 00:00:00
kvm security update
2010-12-06 00:00:00
cert
cert
Linux kernel RDS protocol vulnerability
2010-10-25 00:00:00
canvas
canvas
Immunity Canvas: LINUX_RDS
2010-12-06 20:13:00
exploitpack
exploitpack
Linux Kernel 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite
2010-10-28 00:00:00
Linux Kernel 2.6.36-rc8 - RDS Protocol Local Privilege Escalation
2010-10-19 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:50:15
Denial Of Service (DoS)
2020-04-10 00:50:13
Privilege Escalation
2020-04-10 00:50:01
cisa_kev
cisa_kev
Linux Kernel Improper Input Validation Vulnerability
2023-05-12 00:00:00
attackerkb
attackerkb
CVE-2010-3904
2010-12-06 00:00:00
exploitdb
exploitdb
Linux Kernel 2.6.36 - VIDIOCSMICROCODE IOCTL Local Memory Overwrite
2010-10-28 00:00:00
Linux Kernel 2.6.36-rc8 - &#039;RDS Protocol&#039; Local Privilege Escalation
2010-10-19 00:00:00
Linux 2.6.30 &lt; 2.6.36-rc8 - Reliable Datagram Sockets (RDS) Privilege Escalation (Metasploit)
2018-05-21 00:00:00
thn
thn
Warning: Samsung Devices Under Attack! New Security Flaw Exposed
2023-05-20 04:15:00
ubuntu
ubuntu
Linux kernel (OMAP4) vulnerabilities
2011-04-20 00:00:00
Linux kernel vulnerabilities
2011-01-10 00:00:00
Linux kernel vulnerabilities
2011-02-25 00:00:00

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

43.1%

JSON
Related for FEDORA_2010-16826.NASL
openvas73fedora15nessus32suse5prion4seebug4zdt3packetstorm3ubuntucve4cvelist4cve4redhat4centos2securityvulns3metasploit2nvd4altlinux1oraclelinux10cert1canvas1exploitpack2veracode3cisa_kev1attackerkb1exploitdb3thn1ubuntu9