Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2023 Greenbone AGOPENVAS:1361412562311122014103
HistoryMar 08, 2023 - 12:00 a.m.

Debian: Security Advisory (DLA-103-1)

2023-03-0800:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
1
debian
security
advisory
linux-2.6
package
debian 6
cve
update
vendorfix

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

7.2 High

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.2%

JSON

The remote host is missing an update for the Debian

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.1.2.2014.103");
  script_cve_id("CVE-2012-6657", "CVE-2013-0228", "CVE-2013-7266", "CVE-2014-4157", "CVE-2014-4508", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-4943", "CVE-2014-5077", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-9090");
  script_tag(name:"creation_date", value:"2023-03-08 12:56:44 +0000 (Wed, 08 Mar 2023)");
  script_version("2024-02-02T05:06:10+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:10 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"7.1");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:N/A:C");

  script_name("Debian: Security Advisory (DLA-103-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Debian Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB6");

  script_xref(name:"Advisory-ID", value:"DLA-103-1");
  script_xref(name:"URL", value:"https://www.debian.org/lts/security/2014/DLA-103-1");
  script_xref(name:"URL", value:"https://lkml.org/lkml/2014/11/23/181");

  script_tag(name:"summary", value:"The remote host is missing an update for the Debian 'linux-2.6' package(s) announced via the DLA-103-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This security upload has been prepared in cooperation of the Debian Kernel, Security and LTS Teams and features the upstream stable release 2.6.32.64 (see [link moved to references] for more information for that). It fixes the CVEs described below. Note: if you are using the openvz flavors, please consider three things: a.) we haven't got any feedback on them (while we have for all other flavors) b.) so do your test before deploying them and c.) once you have done so, please give feedback to [email protected]. If you are not using openvz flavors, please still consider b+c :-) CVE-2012-6657 Fix the sock_setsockopt function to prevent local users from being able to cause a denial of service (system crash) attack. CVE-2013-0228 Fix a XEN priviledge escalation, which allowed guest OS users to gain guest OS priviledges. CVE-2013-7266 Fix the mISDN_sock_recvmsg function to prevent local users from obtaining sensitive information from kernel memory. CVE-2014-4157 MIPS platform: prevent local users from bypassing intended PR_SET_SECCOMP restrictions. CVE-2014-4508 Prevent local users from causing a denial of service (OOPS and system crash) when syscall auditing is enabled . CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 Fix the ALSA control implementation to prevent local users from causing a denial of service attack and from obtaining sensitive information from kernel memory. CVE-2014-4943 Fix PPPoL2TP feature to prevent local users to from gaining privileges. CVE-2014-5077 Prevent remote attackers from causing a denial of service attack involving SCTP. CVE-2014-5471 CVE-2014-5472 Fix the parse_rock_ridge_inode_internal function to prevent local users from causing a denial of service attack via a crafted iso9660 images. CVE-2014-9090 Fix the do_double_fault function to prevent local users from causing a denial of service (panic) attack. For Debian 6 Squeeze, these issues have been fixed in linux-2.6 version 2.6.32-48squeeze9");

  script_tag(name:"affected", value:"'linux-2.6' package(s) on Debian 6.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "DEB6") {

  if(!isnull(res = isdpkgvuln(pkg:"firmware-linux-free", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-base", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-doc-2.6.32", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-2.6.32-5-486", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-2.6.32-5-686", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-2.6.32-5-686-bigmem", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-2.6.32-5-all", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-2.6.32-5-all-amd64", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-2.6.32-5-all-i386", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-2.6.32-5-amd64", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-2.6.32-5-common", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-2.6.32-5-common-openvz", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-2.6.32-5-common-vserver", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-2.6.32-5-common-xen", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-2.6.32-5-openvz-686", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-2.6.32-5-openvz-amd64", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-2.6.32-5-vserver-686", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-2.6.32-5-vserver-686-bigmem", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-2.6.32-5-vserver-amd64", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-2.6.32-5-xen-686", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-headers-2.6.32-5-xen-amd64", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-2.6.32-5-486", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-2.6.32-5-686", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-2.6.32-5-686-bigmem", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-2.6.32-5-686-bigmem-dbg", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-2.6.32-5-amd64", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-2.6.32-5-amd64-dbg", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-2.6.32-5-openvz-686", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-2.6.32-5-openvz-686-dbg", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-2.6.32-5-openvz-amd64", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-2.6.32-5-openvz-amd64-dbg", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-2.6.32-5-vserver-686", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-2.6.32-5-vserver-686-bigmem", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-2.6.32-5-vserver-686-bigmem-dbg", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-2.6.32-5-vserver-amd64", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-2.6.32-5-vserver-amd64-dbg", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-2.6.32-5-xen-686", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-2.6.32-5-xen-686-dbg", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-2.6.32-5-xen-amd64", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-2.6.32-5-xen-amd64-dbg", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-libc-dev", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-manual-2.6.32", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-patch-debian-2.6.32", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-source-2.6.32", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-support-2.6.32-5", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-tools-2.6.32", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"xen-linux-system-2.6.32-5-xen-686", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"xen-linux-system-2.6.32-5-xen-amd64", ver:"2.6.32-48squeeze9", rls:"DEB6"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

osv 1
nessus 43
debian 1
openvas 32
oraclelinux 8
securityvulns 4
redhat 7
ubuntu 11
fedora 2
suse 3
veracode 7
centos 3
f5 4
ubuntucve 12
prion 11
cve 11
cvelist 11
nvd 10
debiancve 10
mageia 1
canvas 1
exploitdb 1
redhatcve 1
exploitpack 1
zdt 1
xen 1
seebug 1
osv
osv
linux-2.6 - security update
2014-12-09 00:00:00
nessus
nessus
Debian DLA-103-1 : linux-2.6 security update
2015-03-26 00:00:00
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3108)
2014-12-22 00:00:00
RHEL 6 : MRG (RHSA-2014:1083)
2014-08-21 00:00:00
debian
debian
[SECURITY] [DLA 103-1] linux-2.6 security update
2014-12-09 01:05:55
openvas
openvas
Oracle: Security Advisory (ELSA-2014-3108)
2015-10-06 00:00:00
Oracle: Security Advisory (ELSA-2014-3083)
2015-10-06 00:00:00
Oracle: Security Advisory (ELSA-2014-3107)
2015-10-06 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2014-12-19 00:00:00
Unbreakable Enterprise kernel security update
2014-10-17 00:00:00
Unbreakable Enterprise kernel Security update
2014-10-17 00:00:00
securityvulns
securityvulns
Linux kernel multiple security vulnerabilities
2014-09-29 00:00:00
[USN-2359-1] Linux kernel vulnerabilities
2014-09-29 00:00:00
[USN-2332-1] Linux kernel vulnerabilities
2014-09-03 00:00:00
redhat
redhat
(RHSA-2014:1083) Important: kernel-rt security and bug fix update
2014-08-20 00:00:00
(RHSA-2014:1997) Important: kernel security and bug fix update
2014-12-16 00:00:00
(RHSA-2015:0803) Important: kernel security and bug fix update
2015-04-14 00:00:00
ubuntu
ubuntu
Linux kernel (Trusty HWE) vulnerabilities
2014-09-23 00:00:00
Linux kernel vulnerabilities
2014-09-23 00:00:00
Linux kernel vulnerabilities
2014-09-02 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: kernel-3.16.2-300.fc21
2014-09-23 04:59:50
[SECURITY] Fedora 21 Update: kernel-3.17.4-302.fc21
2014-12-12 04:06:43
suse
suse
Security update for Linux kernel (important)
2014-10-23 01:08:35
Security update for Linux kernel (important)
2014-10-22 21:04:47
Security update for the Linux Kernel (important)
2014-09-16 19:04:20
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:12:40
Denial Of Service (DoS)
2019-05-02 05:12:40
Denial Of Service (DoS)
2019-05-02 05:12:39
centos
centos
kernel, perf, python security update
2014-12-17 12:13:22
kernel, perf, python security update
2014-10-20 18:09:23
kernel, perf, python security update
2014-10-29 02:12:28
f5
f5
SOL16011 - Linux kernel vulnerability CVE-2012-6657
2015-01-21 00:00:00
K16011 : Linux kernel vulnerability CVE-2012-6657
2015-01-22 00:00:00
SOL15482 - Linux kernel vulnerability CVE-2014-4943
2014-08-05 00:00:00
ubuntucve
ubuntucve
CVE-2012-6657
2014-09-28 00:00:00
CVE-2013-7266
2014-01-06 00:00:00
CVE-2014-4654
2014-07-03 00:00:00
prion
prion
Code injection
2014-09-28 10:55:00
Information disclosure
2014-01-06 16:55:00
Default credentials
2014-11-30 01:59:00
cve
cve
CVE-2012-6657
2014-09-28 10:55:10
CVE-2013-7266
2014-01-06 16:55:09
CVE-2014-4653
2014-07-03 04:22:15
cvelist
cvelist
CVE-2012-6657
2014-09-28 10:00:00
CVE-2013-7266
2014-01-06 11:00:00
CVE-2014-4654
2014-07-03 01:00:00
nvd
nvd
CVE-2012-6657
2014-09-28 10:55:10
CVE-2013-7266
2014-01-06 16:55:09
CVE-2014-9090
2014-11-30 01:59:08
debiancve
debiancve
CVE-2012-6657
2014-09-28 10:55:10
CVE-2013-7266
2014-01-06 16:55:09
CVE-2014-4653
2014-07-03 04:22:15
mageia
mageia
Updated kernel packages fix security vulnerabilities
2014-08-06 01:36:30
canvas
canvas
Immunity Canvas: LINUX_PPPOL2TP
2014-07-19 19:55:00
exploitdb
exploitdb
Linux x86 - Socket Re-use Shellcode 50 bytes
2014-07-14 00:00:00
redhatcve
redhatcve
CVE-2014-4157
2015-10-30 09:36:00
exploitpack
exploitpack
Linux Kernel 3.15.6 - PPP-over-L2TP Socket Level Handling Crash (PoC)
2015-03-04 00:00:00
zdt
zdt
Linux Kernel PPP-over-L2TP Socket Level Handling - Crash PoC
2015-03-05 00:00:00
xen
xen
Linux kernel hits general protection if %ds is corrupt for 32-bit PVOPS.
2013-02-12 12:00:00
seebug
seebug
Linux Kernel 本地权限提升漏洞(CVE-2013-0228)
2013-03-10 00:00:00

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

7.2 High

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.2%

JSON
Related for OPENVAS:1361412562311122014103
osv1nessus43debian1openvas32oraclelinux8securityvulns4redhat7ubuntu11fedora2suse3veracode7centos3f54ubuntucve12prion11cve11cvelist11nvd10debiancve10mageia1canvas1exploitdb1redhatcve1exploitpack1zdt1xen1seebug1