Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2014:155 First vendor Publication 2014-08-07
Vendor Mandriva Last vendor Modification 2014-08-07
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities has been found and corrected in the Linux kernel:

Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions (CVE-2013-4514).

Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation (CVE-2014-0131).

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator (CVE-2014-4027).

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run (CVE-2014-4608).

Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allows local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access (CVE-2014-4652).

sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access (CVE-2014-4653).

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call (CVE-2014-4654).

The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls (CVE-2014-4655).

Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function (CVE-2014-4656).

The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet (CVE-2014-4667).

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls (CVE-2014-4699).

The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (CVE-2014-4943).

The updated packages provides a solution for these security issues.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2014:155

CWE : Common Weakness Enumeration

% Id Name
27 % CWE-416 Use After Free
27 % CWE-190 Integer Overflow or Wraparound (CWE/SANS Top 25)
18 % CWE-362 Race Condition
9 % CWE-269 Improper Privilege Management
9 % CWE-200 Information Exposure
9 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24485
 
Oval ID: oval:org.mitre.oval:def:24485
Title: RHSA-2014:0923: kernel security update (Important)
Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-4699, Important) Note: The CVE-2014-4699 issue only affected systems using an Intel CPU. * A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-4943, Important) Red Hat would like to thank Andy Lutomirski for reporting CVE-2014-4699, and Sasha Levin for reporting CVE-2014-4943. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0923-00
CESA-2014:0923
CVE-2014-4699
CVE-2014-4943
Version: 5
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24957
 
Oval ID: oval:org.mitre.oval:def:24957
Title: USN-2268-1 -- linux vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2268-1
CVE-2014-4699
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24968
 
Oval ID: oval:org.mitre.oval:def:24968
Title: USN-2286-1 -- linux-lts-raring vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2286-1
CVE-2014-4943
CVE-2014-0131
CVE-2014-1739
CVE-2014-3144
CVE-2014-3145
CVE-2014-3917
CVE-2014-4014
CVE-2014-4608
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-lts-raring
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25022
 
Oval ID: oval:org.mitre.oval:def:25022
Title: USN-2272-1 -- linux-lts-trusty vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2272-1
CVE-2014-4699
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-lts-trusty
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25029
 
Oval ID: oval:org.mitre.oval:def:25029
Title: USN-2267-1 -- linux-ec2 vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2267-1
CVE-2014-4699
Version: 3
Platform(s): Ubuntu 10.04
Product(s): linux-ec2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25055
 
Oval ID: oval:org.mitre.oval:def:25055
Title: USN-2284-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2284-1
CVE-2014-4943
CVE-2014-0131
CVE-2014-4608
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25087
 
Oval ID: oval:org.mitre.oval:def:25087
Title: DSA-2972-1 -- linux - security update
Description: Andy Lutomirski discovered that the ptrace syscall was not verifying the RIP register to be valid in the ptrace API on x86_64 processors. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.
Family: unix Class: patch
Reference(s): DSA-2972-1
CVE-2014-4699
Version: 5
Platform(s): Debian GNU/Linux 7
Debian GNU/kFreeBSD 7
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25111
 
Oval ID: oval:org.mitre.oval:def:25111
Title: USN-2282-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2282-1
CVE-2014-4943
CVE-2014-3917
CVE-2014-4608
Version: 3
Platform(s): Ubuntu 10.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25118
 
Oval ID: oval:org.mitre.oval:def:25118
Title: USN-2285-1 -- linux-lts-quantal vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2285-1
CVE-2014-4943
CVE-2014-0131
CVE-2014-1739
CVE-2014-3917
CVE-2014-4014
CVE-2014-4027
CVE-2014-4608
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-lts-quantal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25123
 
Oval ID: oval:org.mitre.oval:def:25123
Title: USN-2281-1 -- linux-ec2 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2281-1
CVE-2014-4943
CVE-2014-3917
CVE-2014-4608
Version: 3
Platform(s): Ubuntu 10.04
Product(s): linux-ec2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25135
 
Oval ID: oval:org.mitre.oval:def:25135
Title: USN-2271-1 -- linux-lts-saucy vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2271-1
CVE-2014-4699
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-lts-saucy
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25147
 
Oval ID: oval:org.mitre.oval:def:25147
Title: USN-2270-1 -- linux-lts-raring vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2270-1
CVE-2014-4699
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-lts-raring
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25221
 
Oval ID: oval:org.mitre.oval:def:25221
Title: USN-2274-1 -- linux vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2274-1
CVE-2014-4699
Version: 3
Platform(s): Ubuntu 14.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25225
 
Oval ID: oval:org.mitre.oval:def:25225
Title: USN-2269-1 -- linux-lts-quantal vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2269-1
CVE-2014-4699
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux-lts-quantal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25244
 
Oval ID: oval:org.mitre.oval:def:25244
Title: USN-2266-1 -- linux vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2266-1
CVE-2014-4699
Version: 3
Platform(s): Ubuntu 10.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25252
 
Oval ID: oval:org.mitre.oval:def:25252
Title: USN-2283-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2283-1
CVE-2014-4943
CVE-2014-0131
CVE-2014-4608
Version: 3
Platform(s): Ubuntu 12.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25325
 
Oval ID: oval:org.mitre.oval:def:25325
Title: SUSE-SU-2014:0912-1 -- Security update for Linux kernel
Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0912-1
CVE-2012-2372
CVE-2013-2929
CVE-2013-4299
CVE-2013-4579
CVE-2013-6382
CVE-2013-7339
CVE-2014-0055
CVE-2014-0077
CVE-2014-0101
CVE-2014-0131
CVE-2014-0155
CVE-2014-1444
CVE-2014-1445
CVE-2014-1446
CVE-2014-1874
CVE-2014-2309
CVE-2014-2523
CVE-2014-2678
CVE-2014-2851
CVE-2014-3122
CVE-2014-3144
CVE-2014-3145
CVE-2014-3917
CVE-2014-4508
CVE-2014-4652
CVE-2014-4653
CVE-2014-4654
CVE-2014-4655
CVE-2014-4656
CVE-2014-4699
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25359
 
Oval ID: oval:org.mitre.oval:def:25359
Title: RHSA-2014:0924: kernel security update (Important)
Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-4699, Important) Note: The CVE-2014-4699 issue only affected systems using an Intel CPU. * A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-4943, Important) Red Hat would like to thank Andy Lutomirski for reporting CVE-2014-4699, and Sasha Levin for reporting CVE-2014-4943. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0924-00
CESA-2014:0924
CVE-2014-4699
CVE-2014-4943
Version: 5
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25414
 
Oval ID: oval:org.mitre.oval:def:25414
Title: SUSE-SU-2014:0911-1 -- Security update for Linux kernel
Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues.elected taints for tracepoint modules.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0911-1
CVE-2012-2372
CVE-2013-2929
CVE-2013-4299
CVE-2013-4579
CVE-2013-6382
CVE-2013-7339
CVE-2014-0055
CVE-2014-0077
CVE-2014-0101
CVE-2014-0131
CVE-2014-0155
CVE-2014-1444
CVE-2014-1445
CVE-2014-1446
CVE-2014-1874
CVE-2014-2309
CVE-2014-2523
CVE-2014-2678
CVE-2014-2851
CVE-2014-3122
CVE-2014-3144
CVE-2014-3145
CVE-2014-3917
CVE-2014-4508
CVE-2014-4652
CVE-2014-4653
CVE-2014-4654
CVE-2014-4655
CVE-2014-4656
CVE-2014-4699
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26192
 
Oval ID: oval:org.mitre.oval:def:26192
Title: SUSE-SU-2014:0910-1 -- Security update for Linux kernel
Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0910-1
CVE-2012-2372
CVE-2013-2929
CVE-2013-4299
CVE-2013-4579
CVE-2013-6382
CVE-2013-7339
CVE-2014-0055
CVE-2014-0077
CVE-2014-0101
CVE-2014-0131
CVE-2014-0155
CVE-2014-1444
CVE-2014-1445
CVE-2014-1446
CVE-2014-1874
CVE-2014-2309
CVE-2014-2523
CVE-2014-2678
CVE-2014-2851
CVE-2014-3122
CVE-2014-3144
CVE-2014-3145
CVE-2014-3917
CVE-2014-4508
CVE-2014-4652
CVE-2014-4653
CVE-2014-4654
CVE-2014-4655
CVE-2014-4656
CVE-2014-4699
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26193
 
Oval ID: oval:org.mitre.oval:def:26193
Title: DSA-2992-1 -- linux - security update
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
Family: unix Class: patch
Reference(s): DSA-2992-1
CVE-2014-3534
CVE-2014-4667
CVE-2014-4943
Version: 5
Platform(s): Debian GNU/Linux 7
Debian GNU/kFreeBSD 7
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26215
 
Oval ID: oval:org.mitre.oval:def:26215
Title: RHSA-2014:1023: kernel security and bug fix update (Important)
Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that Linux kernel's ptrace subsystem did not properly sanitize the address-space-control bits when the program-status word (PSW) was being set. On IBM S/390 systems, a local, unprivileged user could use this flaw to set address-space-control bits to the kernel space, and thus gain read and write access to kernel memory. (CVE-2014-3534, Important) * It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process. (CVE-2014-0181, Moderate) * It was found that a remote attacker could use a race condition flaw in the ath_tx_aggr_sleep() function to crash the system by creating large network traffic on the system's Atheros 9k wireless network adapter. (CVE-2014-2672, Moderate) * A flaw was found in the way the Linux kernel performed forking inside of a transaction. A local, unprivileged user on a PowerPC system that supports transactional memory could use this flaw to crash the system. (CVE-2014-2673, Moderate) * A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths. A remote attacker could use this flaw to crash the system. (CVE-2014-2706, Moderate) * An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation processed certain COOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP server socket to be made. (CVE-2014-4667, Moderate) Red Hat would like to thank Martin Schwidefsky of IBM for reporting CVE-2014-3534, Andy Lutomirski for reporting CVE-2014-0181, and Gopal Reddy Kodudula of Nokia Siemens Networks for reporting CVE-2014-4667. This update also fixes the following bugs: * Due to a NULL pointer dereference bug in the IPIP and SIT tunneling code, a kernel panic could be triggered when using IPIP or SIT tunnels with IPsec. This update restructures the related code to avoid a NULL pointer dereference and the kernel no longer panics when using IPIP or SIT tunnels with IPsec. (BZ#1114957) * Previously, an IBM POWER8 system could terminate unexpectedly when the kernel received an IRQ while handling a transactional memory re-checkpoint critical section. This update ensures that IRQs are disabled in this situation and the problem no longer occurs. (BZ#1113150) * A missing read memory barrier, rmb(), in the bnx2x driver caused the kernel to crash under various circumstances. This problem has been fixed by adding an rmb() call to the relevant place in the bnx2x code. (BZ#1107721) * The hpwdt driver previously emitted a panic message that was misleading on certain HP systems. This update ensures that upon a kernel panic, hpwdt displays information valid on all HP systems. (BZ#1096961) * The qla2xxx driver has been upgraded to version 8.06.00.08.07.0-k3, which provides a number of bug fixes over the previous version in order to correct various timeout problems with the mailbox commands. (BZ#1112389) * The SCSI mid-layer could retry an I/O operation indefinitely if a storage array repeatedly returned a CHECK CONDITION status to that I/O operation but the sense data was invalid. This update fixes the problem by limiting a time for which is such an I/O operation retried. (BZ#1114468) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1023-00
CESA-2014:1023
CVE-2014-0181
CVE-2014-2672
CVE-2014-2673
CVE-2014-2706
CVE-2014-3534
CVE-2014-4667
Version: 3
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26250
 
Oval ID: oval:org.mitre.oval:def:26250
Title: SUSE-OU-2014:0907-1 -- Optional update for Linux kernel
Description: This SUSE Linux Enterprise 11 Service Pack 3 kernel update introduces the bigsmp kernel flavor which is optimized for very large systems.
Family: unix Class: patch
Reference(s): SUSE-OU-2014:0907-1
CVE-2012-2372
CVE-2013-2929
CVE-2013-4299
CVE-2013-4579
CVE-2013-6382
CVE-2013-7339
CVE-2014-0055
CVE-2014-0077
CVE-2014-0101
CVE-2014-0131
CVE-2014-0155
CVE-2014-1444
CVE-2014-1445
CVE-2014-1446
CVE-2014-1874
CVE-2014-2309
CVE-2014-2523
CVE-2014-2678
CVE-2014-2851
CVE-2014-3122
CVE-2014-3144
CVE-2014-3145
CVE-2014-3917
CVE-2014-4652
CVE-2014-4653
CVE-2014-4654
CVE-2014-4655
CVE-2014-4656
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26523
 
Oval ID: oval:org.mitre.oval:def:26523
Title: ELSA-2014-1167 -- kernel security and bug fix update (Important)
Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation. (CVE-2014-0205, Important) * A NULL pointer dereference flaw was found in the way the Linux kernel's networking implementation handled logging while processing certain invalid packets coming in via a VxLAN interface. A remote attacker could use this flaw to crash the system by sending a specially crafted packet to such an interface. (CVE-2014-3535, Important) * An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system. (CVE-2014-3917, Moderate) * An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation processed certain COOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP server socket to be made. (CVE-2014-4667, Moderate) Red Hat would like to thank Gopal Reddy Kodudula of Nokia Siemens Networks for reporting CVE-2014-4667. The security impact of the CVE-2014-0205 issue was discovered by Mateusz Guzik of Red Hat. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014-1167
CVE-2014-0205
CVE-2014-3535
CVE-2014-3917
CVE-2014-4943
CVE-2014-4699
CVE-2014-4667
Version: 3
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26617
 
Oval ID: oval:org.mitre.oval:def:26617
Title: ELSA-2014-3047 -- unbreakable enterprise kernel security update (important)
Description: [2.6.39-400.215.4] - l2tp: fix an unprivileged user to kernel privilege escalation (Sasha Levin) [Orabug: 19229505] {CVE-2014-4943} {CVE-2014-4943} - ptrace,x86: force IRET path after a ptrace_stop() (Tejun Heo) [Orabug: 19230690] {CVE-2014-4699}
Family: unix Class: patch
Reference(s): ELSA-2014-3047
CVE-2014-4943
CVE-2014-4699
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26778
 
Oval ID: oval:org.mitre.oval:def:26778
Title: RHSA-2014:1167: kernel security and bug fix update (Important)
Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation. (CVE-2014-0205, Important) * A NULL pointer dereference flaw was found in the way the Linux kernel's networking implementation handled logging while processing certain invalid packets coming in via a VxLAN interface. A remote attacker could use this flaw to crash the system by sending a specially crafted packet to such an interface. (CVE-2014-3535, Important) * An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system. (CVE-2014-3917, Moderate) * An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation processed certain COOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP server socket to be made. (CVE-2014-4667, Moderate) Red Hat would like to thank Gopal Reddy Kodudula of Nokia Siemens Networks for reporting CVE-2014-4667. The security impact of the CVE-2014-0205 issue was discovered by Mateusz Guzik of Red Hat. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1167-00
CESA-2014:1167
CVE-2014-0205
CVE-2014-3535
CVE-2014-3917
CVE-2014-4667
Version: 3
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26951
 
Oval ID: oval:org.mitre.oval:def:26951
Title: ELSA-2014-3067 -- unbreakable enterprise kernel security update (important)
Description: kernel-uek [3.8.13-35.3.5.el7uek] - net: Use netlink_ns_capable to verify the permisions of netlink messages (Eric W. Biederman) [Orabug: 19404231] {CVE-2014-0181} - net: Add variants of capable for use on netlink messages (Eric W. Biederman) [Orabug: 19404231] - net: Add variants of capable for use on on sockets (Eric W. Biederman) [Orabug: 19404231] - netlink: Rename netlink_capable netlink_allowed (Eric W. Biederman) [Orabug: 19404231] - sctp: Fix sk_ack_backlog wrap-around problem (Xufeng Zhang) [Orabug: 19404244] {CVE-2014-4667}
Family: unix Class: patch
Reference(s): ELSA-2014-3067
CVE-2014-0181
CVE-2014-4667
Version: 5
Platform(s): Oracle Linux 6
Product(s): dtrace-modules
kernel-uek
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26959
 
Oval ID: oval:org.mitre.oval:def:26959
Title: ELSA-2014-1023 -- kernel security and bug fix update (important)
Description: [3.10.0-123.6.3] - [net] l2tp_ppp: fail when socket option level is not SOL_PPPOL2TP (Petr Matousek) [1119465 1119466] {CVE-2014-4943}
Family: unix Class: patch
Reference(s): ELSA-2014-1023
CVE-2014-2672
CVE-2014-2706
CVE-2014-0181
CVE-2014-2673
CVE-2014-3534
CVE-2014-4667
Version: 3
Platform(s): Oracle Linux 7
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27072
 
Oval ID: oval:org.mitre.oval:def:27072
Title: USN-2273-1 -- Linux kernel vulnerability
Description: Andy Lutomirski discovered a flaw with the Linux kernel's ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges.
Family: unix Class: patch
Reference(s): USN-2273-1
CVE-2014-4699
Version: 3
Platform(s): Ubuntu 13.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27215
 
Oval ID: oval:org.mitre.oval:def:27215
Title: ELSA-2014-3069 -- unbreakable enterprise kernel security update (important)
Description: kernel-uek [2.6.32-400.36.7uek] - sctp: Fix sk_ack_backlog wrap-around problem (Xufeng Zhang) [Orabug: 19404246] {CVE-2014-4667}
Family: unix Class: patch
Reference(s): ELSA-2014-3069
CVE-2014-4667
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
mlnx_en
ofa
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
kernel-uek-headers
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27252
 
Oval ID: oval:org.mitre.oval:def:27252
Title: ELSA-2014-0924 -- kernel security update (important)
Description: [2.6.32-431.20.5] - [netdrv] pppol2tp: fail when socket option level is not SOL_PPPOL2TP [1119461 1119462] {CVE-2014-4943} [2.6.32-431.20.4] - [kernel] utrace: force IRET path after utrace_finish_vfork() (Oleg Nesterov) [1115932 1115933] {CVE-2014-4699}
Family: unix Class: patch
Reference(s): ELSA-2014-0924
CVE-2014-4943
CVE-2014-4699
Version: 3
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27297
 
Oval ID: oval:org.mitre.oval:def:27297
Title: ELSA-2014-0923 -- kernel security update (important)
Description: [3.10.0-123.4.4] - Oracle Linux certificates (Alexey Petrenko) [3.10.0-123.4.4] - [net] l2tp_ppp: fail when socket option level is not SOL_PPPOL2TP (Petr Matousek) [1119465 1119466] {CVE-2014-4943} [3.10.0-123.4.3] - [x86] ptrace: force IRET path after a ptrace_stop() (Oleg Nesterov) [1115934 1115935] {CVE-2014-4699}
Family: unix Class: patch
Reference(s): ELSA-2014-0923
CVE-2014-4943
CVE-2014-4699
Version: 3
Platform(s): Oracle Linux 7
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27298
 
Oval ID: oval:org.mitre.oval:def:27298
Title: ELSA-2014-3068 -- unbreakable enterprise kernel security update (important)
Description: [2.6.39-400.215.7] - sctp: Fix sk_ack_backlog wrap-around problem (Xufeng Zhang) [Orabug: 19404245] {CVE-2014-4667}
Family: unix Class: patch
Reference(s): ELSA-2014-3068
CVE-2014-4667
Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27341
 
Oval ID: oval:org.mitre.oval:def:27341
Title: ELSA-2014-3048 -- unbreakable enterprise kernel security update (important)
Description: kernel-uek [2.6.32-400.36.4uek] - l2tp: fix an unprivileged user to kernel privilege escalation (Sasha Levin) [Orabug: 19229529] {CVE-2014-4943} {CVE-2014-4943} - ptrace,x86: force IRET path after a ptrace_stop() (Tejun Heo) [Orabug: 19230692] {CVE-2014-4699}
Family: unix Class: patch
Reference(s): ELSA-2014-3048
CVE-2014-4943
CVE-2014-4699
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
mlnx_en
ofa
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
kernel-uek-headers
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 35
Application 26
Application 28
Application 26
Application 47
Application 1
Application 12
Application 41
Application 38
Application 42
Application 27
Application 19
Application 13
Application 24
Application 1
Application 6
Application 4
Application 6
Application 6
Hardware 7
Hardware 6
Hardware 3
Os 5
Os 1
Os 2137
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 1
Os 2
Os 1
Os 1
Os 1
Os 1
Os 1
Os 4

ExploitDB Exploits

id Description
2014-07-21 Linux Kernel ptrace/sysret - Local Privilege Escalation

Nessus® Vulnerability Scanner

Date Description
2017-04-03 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0057.nasl - Type : ACT_GATHER_INFO
2015-09-18 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15699.nasl - Type : ACT_GATHER_INFO
2015-08-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150722_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-07-30 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-1272.nasl - Type : ACT_GATHER_INFO
2015-07-28 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-1272.nasl - Type : ACT_GATHER_INFO
2015-07-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-1272.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0140-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0189-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1105-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1138-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0481-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2015-0812-1.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2015-0040.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-103.nasl - Type : ACT_GATHER_INFO
2015-03-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-150306.nasl - Type : ACT_GATHER_INFO
2015-03-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-3012.nasl - Type : ACT_GATHER_INFO
2015-03-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0290.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-0087.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0087.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20150127_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2015-01-28 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0087.nasl - Type : ACT_GATHER_INFO
2015-01-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-0062.nasl - Type : ACT_GATHER_INFO
2014-12-26 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-141202.nasl - Type : ACT_GATHER_INFO
2014-12-26 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-141217.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-791.nasl - Type : ACT_GATHER_INFO
2014-12-22 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-793.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1971.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3103.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3104.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3105.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141209_kernel_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2014-12-10 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1971.nasl - Type : ACT_GATHER_INFO
2014-12-10 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1971.nasl - Type : ACT_GATHER_INFO
2014-12-05 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3096.nasl - Type : ACT_GATHER_INFO
2014-11-25 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2416-1.nasl - Type : ACT_GATHER_INFO
2014-11-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2417-1.nasl - Type : ACT_GATHER_INFO
2014-11-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2419-1.nasl - Type : ACT_GATHER_INFO
2014-11-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2420-1.nasl - Type : ACT_GATHER_INFO
2014-11-25 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2421-1.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1392.nasl - Type : ACT_GATHER_INFO
2014-11-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0925.nasl - Type : ACT_GATHER_INFO
2014-11-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1025.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0949.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-0979.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-1168.nasl - Type : ACT_GATHER_INFO
2014-11-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141014_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-11-04 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20141028_kernel_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2014-10-29 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1724.nasl - Type : ACT_GATHER_INFO
2014-10-29 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1724.nasl - Type : ACT_GATHER_INFO
2014-10-29 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1724.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140924.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-bigsmp-201409-140924.nasl - Type : ACT_GATHER_INFO
2014-10-22 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1392.nasl - Type : ACT_GATHER_INFO
2014-10-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3081.nasl - Type : ACT_GATHER_INFO
2014-10-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3082.nasl - Type : ACT_GATHER_INFO
2014-10-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3083.nasl - Type : ACT_GATHER_INFO
2014-10-16 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15685.nasl - Type : ACT_GATHER_INFO
2014-10-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1392.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-368.nasl - Type : ACT_GATHER_INFO
2014-09-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1167.nasl - Type : ACT_GATHER_INFO
2014-09-10 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1167.nasl - Type : ACT_GATHER_INFO
2014-09-10 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1167.nasl - Type : ACT_GATHER_INFO
2014-09-10 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140909_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-09-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2332-1.nasl - Type : ACT_GATHER_INFO
2014-09-03 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2333-1.nasl - Type : ACT_GATHER_INFO
2014-09-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2334-1.nasl - Type : ACT_GATHER_INFO
2014-09-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2336-1.nasl - Type : ACT_GATHER_INFO
2014-09-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2337-1.nasl - Type : ACT_GATHER_INFO
2014-08-23 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3070.nasl - Type : ACT_GATHER_INFO
2014-08-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1083.nasl - Type : ACT_GATHER_INFO
2014-08-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-493.nasl - Type : ACT_GATHER_INFO
2014-08-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3067.nasl - Type : ACT_GATHER_INFO
2014-08-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3068.nasl - Type : ACT_GATHER_INFO
2014-08-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3069.nasl - Type : ACT_GATHER_INFO
2014-08-08 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-155.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1023.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1023.nasl - Type : ACT_GATHER_INFO
2014-08-07 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1023.nasl - Type : ACT_GATHER_INFO
2014-08-04 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-478.nasl - Type : ACT_GATHER_INFO
2014-07-30 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2992.nasl - Type : ACT_GATHER_INFO
2014-07-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0923.nasl - Type : ACT_GATHER_INFO
2014-07-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0923.nasl - Type : ACT_GATHER_INFO
2014-07-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0924.nasl - Type : ACT_GATHER_INFO
2014-07-26 Name : The remote Fedora host is missing a security update.
File : fedora_2014-8487.nasl - Type : ACT_GATHER_INFO
2014-07-25 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3049.nasl - Type : ACT_GATHER_INFO
2014-07-25 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140723_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0923.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0924.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0924.nasl - Type : ACT_GATHER_INFO
2014-07-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0913.nasl - Type : ACT_GATHER_INFO
2014-07-21 Name : The remote Fedora host is missing a security update.
File : fedora_2014-8519.nasl - Type : ACT_GATHER_INFO
2014-07-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3046.nasl - Type : ACT_GATHER_INFO
2014-07-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3047.nasl - Type : ACT_GATHER_INFO
2014-07-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3048.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140709.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2281-1.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2282-1.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2283-1.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2285-1.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2286-1.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2287-1.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2288-1.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2289-1.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2290-1.nasl - Type : ACT_GATHER_INFO
2014-07-11 Name : The remote Fedora host is missing a security update.
File : fedora_2014-8171.nasl - Type : ACT_GATHER_INFO
2014-07-07 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2972.nasl - Type : ACT_GATHER_INFO
2014-07-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2266-1.nasl - Type : ACT_GATHER_INFO
2014-07-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2267-1.nasl - Type : ACT_GATHER_INFO
2014-07-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2268-1.nasl - Type : ACT_GATHER_INFO
2014-07-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2269-1.nasl - Type : ACT_GATHER_INFO
2014-07-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2270-1.nasl - Type : ACT_GATHER_INFO
2014-07-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2271-1.nasl - Type : ACT_GATHER_INFO
2014-07-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2272-1.nasl - Type : ACT_GATHER_INFO
2014-07-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2273-1.nasl - Type : ACT_GATHER_INFO
2014-07-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2274-1.nasl - Type : ACT_GATHER_INFO
2014-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2014-7863.nasl - Type : ACT_GATHER_INFO
2014-06-27 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_d1f5e12afd5a11e3a108080027ef73ec.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-113.nasl - Type : ACT_GATHER_INFO
2014-03-28 Name : The remote Fedora host is missing a security update.
File : fedora_2014-4317.nasl - Type : ACT_GATHER_INFO
2014-03-28 Name : The remote Fedora host is missing a security update.
File : fedora_2014-4360.nasl - Type : ACT_GATHER_INFO
2014-02-05 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140124.nasl - Type : ACT_GATHER_INFO
2014-02-05 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140125.nasl - Type : ACT_GATHER_INFO
2014-01-28 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140116.nasl - Type : ACT_GATHER_INFO
2014-01-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2066-1.nasl - Type : ACT_GATHER_INFO
2014-01-05 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2068-1.nasl - Type : ACT_GATHER_INFO
2014-01-05 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2069-1.nasl - Type : ACT_GATHER_INFO
2014-01-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2070-1.nasl - Type : ACT_GATHER_INFO
2014-01-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2071-1.nasl - Type : ACT_GATHER_INFO
2014-01-05 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2073-1.nasl - Type : ACT_GATHER_INFO
2014-01-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2075-1.nasl - Type : ACT_GATHER_INFO
2013-12-18 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-291.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-08-09 13:25:16
  • Multiple Updates
2014-08-07 13:23:02
  • First insertion