CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
93.7%
The SUSE Linux Enterprise 11 SP1 kernel was updated to 2.6.32.54, fixing lots of bugs and security issues.
The following security issues have been fixed :
A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. (CVE-2011-4127)
KEYS: Fix a NULL pointer deref in the user-defined key type, which allowed local attackers to Oops the kernel.
(CVE-2011-4110)
Avoid potential NULL pointer deref in ghash, which allowed local attackers to Oops the kernel.
(CVE-2011-4081)
Fixed a memory corruption possibility in xfs readlink, which could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2011-4077)
A overflow in the xfs acl handling was fixed that could be used by local attackers to crash the system or potentially execute code by mounting a prepared xfs filesystem image. (CVE-2012-0038)
A flaw in the ext3/ext4 filesystem allowed a local attacker to crash the kernel by getting a prepared ext3/ext4 filesystem mounted. (CVE-2011-4132)
Access to the taskstats /proc file was restricted to avoid local attackers gaining knowledge of IO of other users (and so effecting side-channel attacks for e.g.
guessing passwords by typing speed). (CVE-2011-2494)
When using X.25 communication a malicious sender could corrupt data structures, causing crashes or potential code execution. Please note that X.25 needs to be setup to make this effective, which these days is usually not the case. (CVE-2010-3873)
When using X.25 communication a malicious sender could make the machine leak memory, causing crashes. Please note that X.25 needs to be setup to make this effective, which these days is usually not the case.
(CVE-2010-4164)
A remote denial of service due to a NULL pointer dereference by using IPv6 fragments was fixed. The following non-security issues have been fixed:.
(CVE-2011-2699)
elousb: Fixed bug in USB core API usage, code cleanup.
(bnc#733863)
cifs: overhaul cifs_revalidate and rename to cifs_revalidate_dentry. (bnc#735453)
cifs: set server_eof in cifs_fattr_to_inode.
(bnc#735453)
xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink(). (bnc#726600)
block: add and use scsi_blk_cmd_ioctl. (bnc#738400 / CVE-2011-4127)
block: fail SCSI passthrough ioctls on partition devices. (bnc#738400 / CVE-2011-4127)
dm: do not forward ioctls from logical volumes to the underlying device. (bnc#738400 / CVE-2011-4127)
Silence some warnings about ioctls on partitions.
netxen: Remove all references to unified firmware file.
(bnc#708625)
bonding: send out gratuitous arps even with no address configured. (bnc#742270)
patches.fixes/ocfs2-serialize_unaligned_aio.patch:
ocfs2: serialize unaligned aio. (bnc#671479)
patches.fixes/bonding-check-if-clients-MAC-addr-has-chan ged.patch: Update references. (bnc#729854, bnc#731004)
xfs: Fix wait calculations on lock acquisition and use milliseconds instead of jiffies to print the wait time.
ipmi: reduce polling when interrupts are available.
(bnc#740867)
ipmi: reduce polling. (bnc#740867)
Linux 2.6.32.54.
export shrink_dcache_for_umount_subtree.
patches.suse/stack-unwind: Fix more 2.6.29 merge problems plus a glue code problem. (bnc#736018)
PM / Sleep: Fix race between CPU hotplug and freezer.
(bnc#740535)
jbd: Issue cache flush after checkpointing. (bnc#731770)
lpfc: make sure job exists when processing BSG.
(bnc#735635)
Linux 2.6.32.53.
blktap: fix locking (again). (bnc#724734)
xen: Update Xen patches to 2.6.32.52.
Linux 2.6.32.52.
Linux 2.6.32.51.
Linux 2.6.32.50.
reiserfs: Lock buffers unconditionally in reiserfs_write_full_page(). (bnc#716023)
writeback: Include all dirty inodes in background writeback. (bnc#716023)
reiserfs: Fix quota mount option parsing. (bnc#728626)
bonding: check if clients MAC addr has changed.
(bnc#729854)
rpc client can not deal with ENOSOCK, so translate it into ENOCONN. (bnc#733146)
st: modify tape driver to allow writing immediate filemarks. (bnc#688996)
xfs: fix for xfssyncd failure to wake. (bnc#722910)
ipmi: Fix deadlock in start_next_msg().
net: bind() fix error return on wrong address family.
(bnc#735216)
net: ipv4: relax AF_INET check in bind(). (bnc#735216)
net/ipv6: check for mistakenly passed in non-AF_INET6 sockaddrs. (bnc#735216)
Bluetooth: Fixed Atheros AR3012 Maryann PID/VID supported. (bnc#732296)
percpu: fix chunk range calculation. (bnc#668872)
x86, UV: Fix kdump reboot. (bnc#735446)
dm: Use done_bytes for io_completion. (bnc#711378)
Bluetooth: Add Atheros AR3012 Maryann PID/VID supported.
(bnc#732296)
Bluetooth: Add Atheros AR3012 one PID/VID supported.
(bnc#732296)
fix missing hunk in oplock break patch. (bnc#706973)
patches.arch/s390-34-01-pfault-cpu-hotplug.patch:
Refresh. Surrounded s390x lowcore change with
GENKSYMS. (bnc#728339)
patches.xen/xen3-patch-2.6.30: Refresh.
sched, x86: Avoid unnecessary overflow in sched_clock.
(bnc#725709)
ACPI thermal: Do not invalidate thermal zone if critical trip point is bad.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#
if (NASL_LEVEL < 3000) exit(0);
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(57854);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2010-3873", "CVE-2010-4164", "CVE-2011-2494", "CVE-2011-2699", "CVE-2011-4077", "CVE-2011-4081", "CVE-2011-4110", "CVE-2011-4127", "CVE-2011-4132", "CVE-2012-0038");
script_name(english:"SuSE 11.1 Security Update : Linux kernel (SAT Patch Number 5732)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote SuSE 11 host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"The SUSE Linux Enterprise 11 SP1 kernel was updated to 2.6.32.54,
fixing lots of bugs and security issues.
The following security issues have been fixed :
- A potential hypervisor escape by issuing SG_IO commands
to partitiondevices was fixed by restricting access to
these commands. (CVE-2011-4127)
- KEYS: Fix a NULL pointer deref in the user-defined key
type, which allowed local attackers to Oops the kernel.
(CVE-2011-4110)
- Avoid potential NULL pointer deref in ghash, which
allowed local attackers to Oops the kernel.
(CVE-2011-4081)
- Fixed a memory corruption possibility in xfs readlink,
which could be used by local attackers to crash the
system or potentially execute code by mounting a
prepared xfs filesystem image. (CVE-2011-4077)
- A overflow in the xfs acl handling was fixed that could
be used by local attackers to crash the system or
potentially execute code by mounting a prepared xfs
filesystem image. (CVE-2012-0038)
- A flaw in the ext3/ext4 filesystem allowed a local
attacker to crash the kernel by getting a prepared
ext3/ext4 filesystem mounted. (CVE-2011-4132)
- Access to the taskstats /proc file was restricted to
avoid local attackers gaining knowledge of IO of other
users (and so effecting side-channel attacks for e.g.
guessing passwords by typing speed). (CVE-2011-2494)
- When using X.25 communication a malicious sender could
corrupt data structures, causing crashes or potential
code execution. Please note that X.25 needs to be setup
to make this effective, which these days is usually not
the case. (CVE-2010-3873)
- When using X.25 communication a malicious sender could
make the machine leak memory, causing crashes. Please
note that X.25 needs to be setup to make this effective,
which these days is usually not the case.
(CVE-2010-4164)
- A remote denial of service due to a NULL pointer
dereference by using IPv6 fragments was fixed. The
following non-security issues have been fixed:.
(CVE-2011-2699)
- elousb: Fixed bug in USB core API usage, code cleanup.
(bnc#733863)
- cifs: overhaul cifs_revalidate and rename to
cifs_revalidate_dentry. (bnc#735453)
- cifs: set server_eof in cifs_fattr_to_inode.
(bnc#735453)
- xfs: Fix missing xfs_iunlock() on error recovery path in
xfs_readlink(). (bnc#726600)
- block: add and use scsi_blk_cmd_ioctl. (bnc#738400 /
CVE-2011-4127)
- block: fail SCSI passthrough ioctls on partition
devices. (bnc#738400 / CVE-2011-4127)
- dm: do not forward ioctls from logical volumes to the
underlying device. (bnc#738400 / CVE-2011-4127)
- Silence some warnings about ioctls on partitions.
- netxen: Remove all references to unified firmware file.
(bnc#708625)
- bonding: send out gratuitous arps even with no address
configured. (bnc#742270)
- patches.fixes/ocfs2-serialize_unaligned_aio.patch:
ocfs2: serialize unaligned aio. (bnc#671479)
-
patches.fixes/bonding-check-if-clients-MAC-addr-has-chan
ged.patch: Update references. (bnc#729854, bnc#731004)
- xfs: Fix wait calculations on lock acquisition and use
milliseconds instead of jiffies to print the wait time.
- ipmi: reduce polling when interrupts are available.
(bnc#740867)
- ipmi: reduce polling. (bnc#740867)
- Linux 2.6.32.54.
- export shrink_dcache_for_umount_subtree.
- patches.suse/stack-unwind: Fix more 2.6.29 merge
problems plus a glue code problem. (bnc#736018)
- PM / Sleep: Fix race between CPU hotplug and freezer.
(bnc#740535)
- jbd: Issue cache flush after checkpointing. (bnc#731770)
- lpfc: make sure job exists when processing BSG.
(bnc#735635)
- Linux 2.6.32.53.
- blktap: fix locking (again). (bnc#724734)
- xen: Update Xen patches to 2.6.32.52.
- Linux 2.6.32.52.
- Linux 2.6.32.51.
- Linux 2.6.32.50.
- reiserfs: Lock buffers unconditionally in
reiserfs_write_full_page(). (bnc#716023)
- writeback: Include all dirty inodes in background
writeback. (bnc#716023)
- reiserfs: Fix quota mount option parsing. (bnc#728626)
- bonding: check if clients MAC addr has changed.
(bnc#729854)
- rpc client can not deal with ENOSOCK, so translate it
into ENOCONN. (bnc#733146)
- st: modify tape driver to allow writing immediate
filemarks. (bnc#688996)
- xfs: fix for xfssyncd failure to wake. (bnc#722910)
- ipmi: Fix deadlock in start_next_msg().
- net: bind() fix error return on wrong address family.
(bnc#735216)
- net: ipv4: relax AF_INET check in bind(). (bnc#735216)
- net/ipv6: check for mistakenly passed in non-AF_INET6
sockaddrs. (bnc#735216)
- Bluetooth: Fixed Atheros AR3012 Maryann PID/VID
supported. (bnc#732296)
- percpu: fix chunk range calculation. (bnc#668872)
- x86, UV: Fix kdump reboot. (bnc#735446)
- dm: Use done_bytes for io_completion. (bnc#711378)
- Bluetooth: Add Atheros AR3012 Maryann PID/VID supported.
(bnc#732296)
- Bluetooth: Add Atheros AR3012 one PID/VID supported.
(bnc#732296)
- fix missing hunk in oplock break patch. (bnc#706973)
- patches.arch/s390-34-01-pfault-cpu-hotplug.patch:
Refresh. Surrounded s390x lowcore change with
__GENKSYMS__. (bnc#728339)
- patches.xen/xen3-patch-2.6.30: Refresh.
- sched, x86: Avoid unnecessary overflow in sched_clock.
(bnc#725709)
- ACPI thermal: Do not invalidate thermal zone if critical
trip point is bad."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=651219"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=653260"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=668872"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=671479"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=688996"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=694945"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=697920"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=703156"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=706973"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=707288"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=708625"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=711378"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=716023"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=722910"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=724734"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=725709"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=726600"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=726788"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=728339"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=728626"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=729854"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=730118"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=731004"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=731770"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=732296"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=732677"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=733146"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=733863"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=734056"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=735216"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=735446"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=735453"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=735635"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=736018"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=738400"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=740535"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=740703"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=740867"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=742270"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-3873.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-4164.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-2494.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-2699.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-4077.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-4081.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-4110.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-4127.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2011-4132.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2012-0038.html"
);
script_set_attribute(attribute:"solution", value:"Apply SAT patch number 5732.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:btrfs-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:btrfs-kmp-xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-trace");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-trace");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-default-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-desktop-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-ec2-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-syms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-trace-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:kernel-xen-extra");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"patch_publication_date", value:"2012/01/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/07");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
pl = get_kb_item("Host/SuSE/patchlevel");
if (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, "SuSE 11.1");
flag = 0;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"btrfs-kmp-default-0_2.6.32.54_0.3-0.3.73")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"btrfs-kmp-xen-0_2.6.32.54_0.3-0.3.73")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"hyper-v-kmp-default-0_2.6.32.54_0.3-0.18.3")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"kernel-default-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"kernel-default-base-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"kernel-default-devel-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"kernel-default-extra-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"kernel-desktop-devel-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"kernel-source-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"kernel-syms-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"kernel-trace-devel-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"kernel-xen-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"kernel-xen-base-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"kernel-xen-devel-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:1, cpu:"x86_64", reference:"kernel-xen-extra-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"btrfs-kmp-default-0_2.6.32.54_0.3-0.3.73")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"btrfs-kmp-xen-0_2.6.32.54_0.3-0.3.73")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"ext4dev-kmp-default-0_2.6.32.54_0.3-7.9.40")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"ext4dev-kmp-trace-0_2.6.32.54_0.3-7.9.40")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"ext4dev-kmp-xen-0_2.6.32.54_0.3-7.9.40")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"hyper-v-kmp-default-0_2.6.32.54_0.3-0.18.3")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"hyper-v-kmp-trace-0_2.6.32.54_0.3-0.18.3")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"kernel-default-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"kernel-default-base-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"kernel-default-devel-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"kernel-ec2-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"kernel-ec2-base-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"kernel-source-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"kernel-syms-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"kernel-trace-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"kernel-trace-base-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"kernel-trace-devel-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"kernel-xen-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"kernel-xen-base-2.6.32.54-0.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:1, cpu:"x86_64", reference:"kernel-xen-devel-2.6.32.54-0.3.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3873
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4164
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2494
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2699
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4077
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4081
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4110
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4127
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4132
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0038
support.novell.com/security/cve/CVE-2010-3873.html
support.novell.com/security/cve/CVE-2010-4164.html
support.novell.com/security/cve/CVE-2011-2494.html
support.novell.com/security/cve/CVE-2011-2699.html
support.novell.com/security/cve/CVE-2011-4077.html
support.novell.com/security/cve/CVE-2011-4081.html
support.novell.com/security/cve/CVE-2011-4110.html
support.novell.com/security/cve/CVE-2011-4127.html
support.novell.com/security/cve/CVE-2011-4132.html
support.novell.com/security/cve/CVE-2012-0038.html
bugzilla.novell.com/show_bug.cgi?id=651219
bugzilla.novell.com/show_bug.cgi?id=653260
bugzilla.novell.com/show_bug.cgi?id=668872
bugzilla.novell.com/show_bug.cgi?id=671479
bugzilla.novell.com/show_bug.cgi?id=688996
bugzilla.novell.com/show_bug.cgi?id=694945
bugzilla.novell.com/show_bug.cgi?id=697920
bugzilla.novell.com/show_bug.cgi?id=703156
bugzilla.novell.com/show_bug.cgi?id=706973
bugzilla.novell.com/show_bug.cgi?id=707288
bugzilla.novell.com/show_bug.cgi?id=708625
bugzilla.novell.com/show_bug.cgi?id=711378
bugzilla.novell.com/show_bug.cgi?id=716023
bugzilla.novell.com/show_bug.cgi?id=722910
bugzilla.novell.com/show_bug.cgi?id=724734
bugzilla.novell.com/show_bug.cgi?id=725709
bugzilla.novell.com/show_bug.cgi?id=726600
bugzilla.novell.com/show_bug.cgi?id=726788
bugzilla.novell.com/show_bug.cgi?id=728339
bugzilla.novell.com/show_bug.cgi?id=728626
bugzilla.novell.com/show_bug.cgi?id=729854
bugzilla.novell.com/show_bug.cgi?id=730118
bugzilla.novell.com/show_bug.cgi?id=731004
bugzilla.novell.com/show_bug.cgi?id=731770
bugzilla.novell.com/show_bug.cgi?id=732296
bugzilla.novell.com/show_bug.cgi?id=732677
bugzilla.novell.com/show_bug.cgi?id=733146
bugzilla.novell.com/show_bug.cgi?id=733863
bugzilla.novell.com/show_bug.cgi?id=734056
bugzilla.novell.com/show_bug.cgi?id=735216
bugzilla.novell.com/show_bug.cgi?id=735446
bugzilla.novell.com/show_bug.cgi?id=735453
bugzilla.novell.com/show_bug.cgi?id=735635
bugzilla.novell.com/show_bug.cgi?id=736018
bugzilla.novell.com/show_bug.cgi?id=738400
bugzilla.novell.com/show_bug.cgi?id=740535
bugzilla.novell.com/show_bug.cgi?id=740703
bugzilla.novell.com/show_bug.cgi?id=740867
bugzilla.novell.com/show_bug.cgi?id=742270
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
93.7%