9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.037 Low
EPSS
Percentile
91.8%
The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 2.6.32.36 and fixes various bugs and security issues.
The following security issues were fixed :
When parsing the FAC_NATIONAL_DIGIS facilities field, it was possible for a remote host to provide more digipeaters than expected, resulting in heap corruption.
(CVE-2011-1493)
(no CVEs assigned yet): In the rose networking stack, when parsing the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP facilities fields, a remote host could provide a length of less than 10, resulting in an underflow in a memcpy size, causing a kernel panic due to massive heap corruption. A length of greater than 20 results in a stack overflow of the callsign array
The code for evaluating OSF partitions (in fs/partitions/osf.c) contained a bug that leaks data from kernel heap memory to userspace for certain corrupted OSF partitions. (CVE-2011-1163)
A bug in the order of dccp_rcv_state_process() was fixed that still permitted reception even after closing the socket. A Reset after close thus causes a NULL pointer dereference by not preventing operations on an already torn-down socket. (CVE-2011-1093)
A signedness issue in drm_modeset_ctl() could be used by local attackers with access to the drm devices to potentially crash the kernel or escalate privileges.
(CVE-2011-1013)
The epoll subsystem in Linux did not prevent users from creating circular epoll file structures, potentially leading to a denial of service (kernel deadlock).
(CVE-2011-1082)
Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel might have allowed attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c. (CVE-2011-0712)
Local attackers could send signals to their programs that looked like coming from the kernel, potentially gaining privileges in the context of setuid programs.
(CVE-2011-1182)
An issue in the core GRO code where an skb belonging to an unknown VLAN is reused could result in a NULL pointer dereference. (CVE-2011-1478)
Specially crafted requests may be written to /dev/sequencer resulting in an underflow when calculating a size for a copy_from_user() operation in the driver for MIDI interfaces. On x86, this just returns an error, but it could have caused memory corruption on other architectures. Other malformed requests could have resulted in the use of uninitialized variables. (CVE-2011-1476)
Due to a failure to validate user-supplied indexes in the driver for Yamaha YM3812 and OPL-3 chips, a specially crafted ioctl request could have been sent to /dev/sequencer, resulting in reading and writing beyond the bounds of heap buffers, and potentially allowing privilege escalation. (CVE-2011-1477)
A information leak in the XFS geometry calls could be used by local attackers to gain access to kernel information. (CVE-2011-0191)
A page allocator issue in NFS v4 ACL handling that could lead to a denial of service (crash) was fixed.
(CVE-2011-1090)
net/ipv4/inet_diag.c in the Linux kernel did not properly audit INET_DIAG bytecode, which allowed local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message that contains multiple attribute elements, as demonstrated by INET_DIAG_BC_JMP instructions. (CVE-2010-3880)
Fixed a buffer size issue in ‘usb iowarrior’ module, where a malicious device could overflow a kernel buffer.
(CVE-2010-4656)
The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel did not check the sign of a certain integer field, which allowed local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value. (CVE-2011-0521)
In the IrDA module, length fields provided by a peer for names and attributes may be longer than the destination array sizes and were not checked, this allowed local attackers (close to the irda port) to potentially corrupt memory. (CVE-2011-1180)
A system out of memory condition (denial of service) could be triggered with a large socket backlog, exploitable by local users. This has been addressed by backlog limiting. (CVE-2010-4251)
The Radeon GPU drivers in the Linux kernel did not properly validate data related to the AA resolve registers, which allowed local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values. (CVE-2011-1016)
Boundschecking was missing in AARESOLVE_OFFSET, which allowed local attackers to overwrite kernel memory and so escalate privileges or crash the kernel.
(CVE-2011-1573)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#
if (NASL_LEVEL < 3000) exit(0);
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(53570);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2010-3880", "CVE-2010-4251", "CVE-2010-4656", "CVE-2011-0191", "CVE-2011-0521", "CVE-2011-0712", "CVE-2011-1013", "CVE-2011-1016", "CVE-2011-1082", "CVE-2011-1090", "CVE-2011-1093", "CVE-2011-1163", "CVE-2011-1180", "CVE-2011-1182", "CVE-2011-1476", "CVE-2011-1477", "CVE-2011-1478", "CVE-2011-1493", "CVE-2011-1573");
script_name(english:"SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 4384 / 4386)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote SuSE 11 host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to
2.6.32.36 and fixes various bugs and security issues.
The following security issues were fixed :
- When parsing the FAC_NATIONAL_DIGIS facilities field, it
was possible for a remote host to provide more
digipeaters than expected, resulting in heap corruption.
(CVE-2011-1493)
- (no CVEs assigned yet): In the rose networking stack,
when parsing the FAC_CCITT_DEST_NSAP and
FAC_CCITT_SRC_NSAP facilities fields, a remote host
could provide a length of less than 10, resulting in an
underflow in a memcpy size, causing a kernel panic due
to massive heap corruption. A length of greater than 20
results in a stack overflow of the callsign array
- The code for evaluating OSF partitions (in
fs/partitions/osf.c) contained a bug that leaks data
from kernel heap memory to userspace for certain
corrupted OSF partitions. (CVE-2011-1163)
- A bug in the order of dccp_rcv_state_process() was fixed
that still permitted reception even after closing the
socket. A Reset after close thus causes a NULL pointer
dereference by not preventing operations on an already
torn-down socket. (CVE-2011-1093)
- A signedness issue in drm_modeset_ctl() could be used by
local attackers with access to the drm devices to
potentially crash the kernel or escalate privileges.
(CVE-2011-1013)
- The epoll subsystem in Linux did not prevent users from
creating circular epoll file structures, potentially
leading to a denial of service (kernel deadlock).
(CVE-2011-1082)
- Multiple buffer overflows in the caiaq Native
Instruments USB audio functionality in the Linux kernel
might have allowed attackers to cause a denial of
service or possibly have unspecified other impact via a
long USB device name, related to (1) the
snd_usb_caiaq_audio_init function in
sound/usb/caiaq/audio.c and (2) the
snd_usb_caiaq_midi_init function in
sound/usb/caiaq/midi.c. (CVE-2011-0712)
- Local attackers could send signals to their programs
that looked like coming from the kernel, potentially
gaining privileges in the context of setuid programs.
(CVE-2011-1182)
- An issue in the core GRO code where an skb belonging to
an unknown VLAN is reused could result in a NULL pointer
dereference. (CVE-2011-1478)
- Specially crafted requests may be written to
/dev/sequencer resulting in an underflow when
calculating a size for a copy_from_user() operation in
the driver for MIDI interfaces. On x86, this just
returns an error, but it could have caused memory
corruption on other architectures. Other malformed
requests could have resulted in the use of uninitialized
variables. (CVE-2011-1476)
- Due to a failure to validate user-supplied indexes in
the driver for Yamaha YM3812 and OPL-3 chips, a
specially crafted ioctl request could have been sent to
/dev/sequencer, resulting in reading and writing beyond
the bounds of heap buffers, and potentially allowing
privilege escalation. (CVE-2011-1477)
- A information leak in the XFS geometry calls could be
used by local attackers to gain access to kernel
information. (CVE-2011-0191)
- A page allocator issue in NFS v4 ACL handling that could
lead to a denial of service (crash) was fixed.
(CVE-2011-1090)
- net/ipv4/inet_diag.c in the Linux kernel did not
properly audit INET_DIAG bytecode, which allowed local
users to cause a denial of service (kernel infinite
loop) via crafted INET_DIAG_REQ_BYTECODE instructions in
a netlink message that contains multiple attribute
elements, as demonstrated by INET_DIAG_BC_JMP
instructions. (CVE-2010-3880)
- Fixed a buffer size issue in 'usb iowarrior' module,
where a malicious device could overflow a kernel buffer.
(CVE-2010-4656)
- The dvb_ca_ioctl function in
drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel
did not check the sign of a certain integer field, which
allowed local users to cause a denial of service (memory
corruption) or possibly have unspecified other impact
via a negative value. (CVE-2011-0521)
- In the IrDA module, length fields provided by a peer for
names and attributes may be longer than the destination
array sizes and were not checked, this allowed local
attackers (close to the irda port) to potentially
corrupt memory. (CVE-2011-1180)
- A system out of memory condition (denial of service)
could be triggered with a large socket backlog,
exploitable by local users. This has been addressed by
backlog limiting. (CVE-2010-4251)
- The Radeon GPU drivers in the Linux kernel did not
properly validate data related to the AA resolve
registers, which allowed local users to write to
arbitrary memory locations associated with (1) Video RAM
(aka VRAM) or (2) the Graphics Translation Table (GTT)
via crafted values. (CVE-2011-1016)
- Boundschecking was missing in AARESOLVE_OFFSET, which
allowed local attackers to overwrite kernel memory and
so escalate privileges or crash the kernel.
(CVE-2011-1573)"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=558740"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=566768"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=620929"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=622597"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=622868"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=629170"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=632317"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=637377"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=643266"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=644630"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=649473"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=650545"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=651599"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=654169"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=655973"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=656219"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=656587"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=658413"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=660507"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=663313"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=663513"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=666836"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=666842"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=667766"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=668101"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=668895"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=668896"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=668898"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=669058"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=669571"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=669889"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=670154"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=670615"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=670979"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=671296"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=671943"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=672453"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=672499"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=672505"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=673516"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=673934"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=674549"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=674691"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=674693"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=675115"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=675963"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=676202"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=676419"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=677286"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=677391"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=677398"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=677563"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=677676"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=677783"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=678466"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=679545"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=679588"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=679812"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=680845"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=681175"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=681497"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=681826"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=68199"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=682333"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=682940"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=682941"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=682965"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=683569"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=684085"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=684248"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=686813"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3880.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-4251.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-4656.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-0191.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-0521.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-0712.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-1013.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-1016.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-1082.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-1090.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-1093.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-1163.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-1180.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-1182.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-1476.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-1477.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-1478.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-1493.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-1573.html"
);
script_set_attribute(
attribute:"solution",
value:"Apply SAT patch number 4384 / 4386 as appropriate."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:btrfs-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:btrfs-kmp-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:btrfs-kmp-xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-man");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-desktop-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-pae-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"patch_publication_date", value:"2011/04/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/04/28");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1");
flag = 0;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"btrfs-kmp-default-0_2.6.32.36_0.5-0.3.40")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"btrfs-kmp-pae-0_2.6.32.36_0.5-0.3.40")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"btrfs-kmp-xen-0_2.6.32.36_0.5-0.3.40")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"hyper-v-kmp-default-0_2.6.32.36_0.5-0.14.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"hyper-v-kmp-pae-0_2.6.32.36_0.5-0.14.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"kernel-default-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"kernel-default-base-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"kernel-default-devel-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"kernel-default-extra-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"kernel-desktop-devel-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"kernel-pae-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"kernel-pae-base-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"kernel-pae-devel-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"kernel-pae-extra-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"kernel-source-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"kernel-syms-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"kernel-xen-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"kernel-xen-base-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"kernel-xen-devel-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"i586", reference:"kernel-xen-extra-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"btrfs-kmp-default-0_2.6.32.36_0.5-0.3.40")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"btrfs-kmp-pae-0_2.6.32.36_0.5-0.3.40")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"btrfs-kmp-xen-0_2.6.32.36_0.5-0.3.40")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"ext4dev-kmp-default-0_2.6.32.36_0.5-7.9.8")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"ext4dev-kmp-pae-0_2.6.32.36_0.5-7.9.8")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"ext4dev-kmp-xen-0_2.6.32.36_0.5-7.9.8")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"hyper-v-kmp-default-0_2.6.32.36_0.5-0.14.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"hyper-v-kmp-pae-0_2.6.32.36_0.5-0.14.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"kernel-default-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"kernel-default-base-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"kernel-default-devel-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"kernel-ec2-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"kernel-ec2-base-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"kernel-pae-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"kernel-pae-base-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"kernel-pae-devel-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"kernel-source-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"kernel-syms-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"kernel-trace-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"kernel-trace-base-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"kernel-trace-devel-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"kernel-xen-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"kernel-xen-base-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"i586", reference:"kernel-xen-devel-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"btrfs-kmp-default-0_2.6.32.36_0.5-0.3.40")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"ext4dev-kmp-default-0_2.6.32.36_0.5-7.9.8")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"kernel-default-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"kernel-default-base-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"kernel-default-devel-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"kernel-default-man-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"kernel-source-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"kernel-syms-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"kernel-trace-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"kernel-trace-base-2.6.32.36-0.5.2")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"s390x", reference:"kernel-trace-devel-2.6.32.36-0.5.2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:btrfs-kmp-default |
novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:btrfs-kmp-pae |
novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:btrfs-kmp-xen |
novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default |
novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae |
novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen |
novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-default |
novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-pae |
novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:kernel-default |
novell | suse_linux | 11 | p-cpe:/a:novell:suse_linux:11:kernel-default-base |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3880
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4251
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4656
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0191
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0521
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0712
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1013
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1016
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1082
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1090
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1163
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1180
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1182
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1476
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1477
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1478
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1493
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1573
support.novell.com/security/cve/CVE-2010-3880.html
support.novell.com/security/cve/CVE-2010-4251.html
support.novell.com/security/cve/CVE-2010-4656.html
support.novell.com/security/cve/CVE-2011-0191.html
support.novell.com/security/cve/CVE-2011-0521.html
support.novell.com/security/cve/CVE-2011-0712.html
support.novell.com/security/cve/CVE-2011-1013.html
support.novell.com/security/cve/CVE-2011-1016.html
support.novell.com/security/cve/CVE-2011-1082.html
support.novell.com/security/cve/CVE-2011-1090.html
support.novell.com/security/cve/CVE-2011-1093.html
support.novell.com/security/cve/CVE-2011-1163.html
support.novell.com/security/cve/CVE-2011-1180.html
support.novell.com/security/cve/CVE-2011-1182.html
support.novell.com/security/cve/CVE-2011-1476.html
support.novell.com/security/cve/CVE-2011-1477.html
support.novell.com/security/cve/CVE-2011-1478.html
support.novell.com/security/cve/CVE-2011-1493.html
support.novell.com/security/cve/CVE-2011-1573.html
bugzilla.novell.com/show_bug.cgi?id=558740
bugzilla.novell.com/show_bug.cgi?id=566768
bugzilla.novell.com/show_bug.cgi?id=620929
bugzilla.novell.com/show_bug.cgi?id=622597
bugzilla.novell.com/show_bug.cgi?id=622868
bugzilla.novell.com/show_bug.cgi?id=629170
bugzilla.novell.com/show_bug.cgi?id=632317
bugzilla.novell.com/show_bug.cgi?id=637377
bugzilla.novell.com/show_bug.cgi?id=643266
bugzilla.novell.com/show_bug.cgi?id=644630
bugzilla.novell.com/show_bug.cgi?id=649473
bugzilla.novell.com/show_bug.cgi?id=650545
bugzilla.novell.com/show_bug.cgi?id=651599
bugzilla.novell.com/show_bug.cgi?id=654169
bugzilla.novell.com/show_bug.cgi?id=655973
bugzilla.novell.com/show_bug.cgi?id=656219
bugzilla.novell.com/show_bug.cgi?id=656587
bugzilla.novell.com/show_bug.cgi?id=658413
bugzilla.novell.com/show_bug.cgi?id=660507
bugzilla.novell.com/show_bug.cgi?id=663313
bugzilla.novell.com/show_bug.cgi?id=663513
bugzilla.novell.com/show_bug.cgi?id=666836
bugzilla.novell.com/show_bug.cgi?id=666842
bugzilla.novell.com/show_bug.cgi?id=667766
bugzilla.novell.com/show_bug.cgi?id=668101
bugzilla.novell.com/show_bug.cgi?id=668895
bugzilla.novell.com/show_bug.cgi?id=668896
bugzilla.novell.com/show_bug.cgi?id=668898
bugzilla.novell.com/show_bug.cgi?id=669058
bugzilla.novell.com/show_bug.cgi?id=669571
bugzilla.novell.com/show_bug.cgi?id=669889
bugzilla.novell.com/show_bug.cgi?id=670154
bugzilla.novell.com/show_bug.cgi?id=670615
bugzilla.novell.com/show_bug.cgi?id=670979
bugzilla.novell.com/show_bug.cgi?id=671296
bugzilla.novell.com/show_bug.cgi?id=671943
bugzilla.novell.com/show_bug.cgi?id=672453
bugzilla.novell.com/show_bug.cgi?id=672499
bugzilla.novell.com/show_bug.cgi?id=672505
bugzilla.novell.com/show_bug.cgi?id=673516
bugzilla.novell.com/show_bug.cgi?id=673934
bugzilla.novell.com/show_bug.cgi?id=674549
bugzilla.novell.com/show_bug.cgi?id=674691
bugzilla.novell.com/show_bug.cgi?id=674693
bugzilla.novell.com/show_bug.cgi?id=675115
bugzilla.novell.com/show_bug.cgi?id=675963
bugzilla.novell.com/show_bug.cgi?id=676202
bugzilla.novell.com/show_bug.cgi?id=676419
bugzilla.novell.com/show_bug.cgi?id=677286
bugzilla.novell.com/show_bug.cgi?id=677391
bugzilla.novell.com/show_bug.cgi?id=677398
bugzilla.novell.com/show_bug.cgi?id=677563
bugzilla.novell.com/show_bug.cgi?id=677676
bugzilla.novell.com/show_bug.cgi?id=677783
bugzilla.novell.com/show_bug.cgi?id=678466
bugzilla.novell.com/show_bug.cgi?id=679545
bugzilla.novell.com/show_bug.cgi?id=679588
bugzilla.novell.com/show_bug.cgi?id=679812
bugzilla.novell.com/show_bug.cgi?id=680845
bugzilla.novell.com/show_bug.cgi?id=681175
bugzilla.novell.com/show_bug.cgi?id=681497
bugzilla.novell.com/show_bug.cgi?id=681826
bugzilla.novell.com/show_bug.cgi?id=68199
bugzilla.novell.com/show_bug.cgi?id=682333
bugzilla.novell.com/show_bug.cgi?id=682940
bugzilla.novell.com/show_bug.cgi?id=682941
bugzilla.novell.com/show_bug.cgi?id=682965
bugzilla.novell.com/show_bug.cgi?id=683569
bugzilla.novell.com/show_bug.cgi?id=684085
bugzilla.novell.com/show_bug.cgi?id=684248
bugzilla.novell.com/show_bug.cgi?id=686813
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.037 Low
EPSS
Percentile
91.8%