http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=532c34b5fbf1687df63b3fcd5b2846312ac943c6

DSA-3616

20160630 [CVE-2016-6130] Double-Fetch Vulnerability in Linux-4.5/drivers/s390/char/sclp_ctl.c

91540

https://bugzilla.kernel.org/show_bug.cgi?id=116741

https://github.com/torvalds/linux/commit/532c34b5fbf1687df63b3fcd5b2846312ac943c6

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - In the ea_get function in fs/jfs/xattr.c in the Linux     kernel through 4.17.1, a memory corruption bug in JFS     can be triggered by calling setxattr twice with two     different extended attribute names on the same file.
    This vulnerability can be triggered by an unprivileged     user with the ability to create files and execute     programs. A kmalloc call is incorrect, leading to     slab-out-of-bounds in jfs_xattr.(CVE-2018-12233)

  - The spectre_v2_select_mitigation function in     arch/x86/kernel/cpu/bugs.c in the Linux kernel before     4.18.1 does not always fill RSB upon a context switch,     which makes it easier for attackers to conduct     userspace-userspace spectreRSB attacks.(CVE-2018-15572)

  - Race condition in the queue_delete function in     sound/core/seq/seq_queue.c in the Linux kernel before     4.4.1 allows local users to cause a denial of service     (use-after-free and system crash) by making an ioctl     call at a certain time.(CVE-2016-2544)

  - A flaw was found in the Linux kernel's implementation     of BPF in which systems can application can overflow a     32 bit refcount in both program and map refcount. This     refcount can wrap and end up a user after     free.(CVE-2016-4558)

  - Interpretation conflict in     drivers/md/dm-snap-persistent.c in the Linux kernel     through 3.11.6 allows remote authenticated users to     obtain sensitive information or modify data via a     crafted mapping to a snapshot block     device.(CVE-2013-4299)

  - The imon_probe function in drivers/media/rc/imon.c in     the Linux kernel through 4.13.11 allows local users to     cause a denial of service (NULL pointer dereference and     system crash) or possibly have unspecified other impact     via a crafted USB device.(CVE-2017-16537)

  - A vulnerability in the handling of Transactional Memory     on powerpc systems was found. An unprivileged local     user can crash the kernel by starting a transaction,     suspending it, and then calling any of the exec() class     system calls.(CVE-2016-5828)

  - A cross-boundary flaw was discovered in the Linux     kernel software raid driver. The driver accessed a     disabled bitmap where only the first byte of the buffer     was initialized to zero. This meant that the rest of     the request (up to 4095 bytes) was left and copied into     user space. An attacker could use this flaw to read     private information from user space that would not     otherwise have been accessible.(CVE-2015-5697)

  - The parse_hid_report_descriptor function in     drivers/input/tablet/gtco.c in the Linux kernel before     4.13.11 allows local users to cause a denial of service     (out-of-bounds read and system crash) or possibly have     unspecified other impact via a crafted USB     device.(CVE-2017-16643)

  - Race condition in the sclp_ctl_ioctl_sccb function in     drivers/s390/char/sclp_ctl.c in the Linux kernel before     4.6 allows local users to obtain sensitive information     from kernel memory by changing a certain length value,     aka a 'double fetch' vulnerability.(CVE-2016-6130)

  - drivers/net/usb/asix_devices.c in the Linux kernel     through 4.13.11 allows local users to cause a denial of     service (NULL pointer dereference and system crash) or     possibly have unspecified other impact via a crafted     USB device.(CVE-2017-16647)

  - A flaw was found in the Linux kernel which could cause     a kernel panic when restoring machine specific     registers on the PowerPC platform. Incorrect     transactional memory state registers could     inadvertently change the call path on return from     userspace and cause the kernel to enter an unknown     state and crash.(CVE-2015-8845)

  - fs/namespace.c in the Linux kernel through 3.16.1 does     not properly restrict clearing MNT_NODEV, MNT_NOSUID,     and MNT_NOEXEC and changing MNT_ATIME_MASK during a     remount of a bind mount, which allows local users to     gain privileges, interfere with backups and auditing on     systems that had atime enabled, or cause a denial of     service (excessive filesystem updating) on systems that     had atime disabled via a 'mount -o remount' command     within a user namespace.(CVE-2014-5207)

  - The NFS2/3 RPC client could send long arguments to the     NFS server. These encoded arguments are stored in an     array of memory pages, and accessed using pointer     variables. Arbitrarily long arguments could make these     pointers point outside the array and cause an     out-of-bounds memory access. A remote user or program     could use this flaw to crash the kernel, resulting in     denial of service.(CVE-2017-7645)

  - The time subsystem in the Linux kernel, when     CONFIG_TIMER_STATS is enabled, allows local users to     discover real PID values (as distinguished from PID     values inside a PID namespace) by reading the     /proc/timer_list file, related to the print_timer     function in kernel/time/timer_list.c and the
    __timer_stats_timer_set_start_info function in     kernel/time/timer.c.(CVE-2017-5967)

  - A vulnerability was found in the Linux kernel where the     keyctl_set_reqkey_keyring() function leaks the thread     keyring. This allows an unprivileged local user to     exhaust kernel memory and thus cause a     DoS.(CVE-2017-7472)

  - A flaw was found that can be triggered in     keyring_search_iterator in keyring.c if type->match is     NULL. A local user could use this flaw to crash the     system or, potentially, escalate their     privileges.(CVE-2017-2647)

  - The make_response function in     drivers/block/xen-blkback/blkback.c in the Linux kernel     before 4.11.8 allows guest OS users to obtain sensitive     information from host OS (or other guest OS) kernel     memory by leveraging the copying of uninitialized     padding fields in Xen block-interface response     structures, aka XSA-216.(CVE-2017-10911)

  - Stack-based buffer overflow in the SET_WPS_IE IOCTL     implementation in wlan_hdd_hostapd.c in the WLAN (aka     Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used     in Qualcomm Innovation Center (QuIC) Android     contributions for MSM devices and other products,     allows attackers to gain privileges via a crafted     application that uses a long WPS IE     element.(CVE-2015-0570)

  - The net_ctl_permissions function in net/sysctl_net.c in     the Linux kernel before 3.11.5 does not properly     determine uid and gid values, which allows local users     to bypass intended /proc/sys/net restrictions via a     crafted application.(CVE-2013-4270)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to receive various security and bugfixes. The following feature was implemented :

  - The ext2 filesystem got reenabled and supported to allow     support for 'XIP' (Execute In Place) (FATE#320805). The     following security bugs were fixed :

  - CVE-2017-5551: The tmpfs filesystem implementation in     the Linux kernel preserved the setgid bit during a     setxattr call, which allowed local users to gain group     privileges by leveraging the existence of a setgid     program with restrictions on execute permissions     (bsc#1021258).

  - CVE-2016-7097: The filesystem implementation in the     Linux kernel preserved the setgid bit during a setxattr     call, which allowed local users to gain group privileges     by leveraging the existence of a setgid program with     restrictions on execute permissions (bnc#995968).

  - CVE-2017-2583: A Linux kernel built with the     Kernel-based Virtual Machine (CONFIG_KVM) support was     vulnerable to an incorrect segment selector(SS) value     error. A user/process inside guest could have used this     flaw to crash the guest resulting in DoS or potentially     escalate their privileges inside guest. (bsc#1020602).

  - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux     kernel allowed local users to obtain sensitive     information from kernel memory or cause a denial of     service (use-after-free) via a crafted application that     leverages instruction emulation for fxrstor, fxsave,     sgdt, and sidt (bnc#1019851).

  - CVE-2016-10088: The sg implementation in the Linux     kernel did not properly restrict write operations in     situations where the KERNEL_DS option is set, which     allowed local users to read or write to arbitrary kernel     memory locations or cause a denial of service     (use-after-free) by leveraging access to a /dev/sg     device, related to block/bsg.c and drivers/scsi/sg.c.
    NOTE: this vulnerability exists because of an incomplete     fix for CVE-2016-9576 (bnc#1017710).

  - CVE-2016-8645: The TCP stack in the Linux kernel     mishandled skb truncation, which allowed local users to     cause a denial of service (system crash) via a crafted     application that made sendto system calls, related to     net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c     (bnc#1009969).

  - CVE-2016-8399: An elevation of privilege vulnerability     in the kernel networking subsystem could enable a local     malicious application to execute arbitrary code within     the context of the kernel. This issue is rated as     Moderate because it first requires compromising a     privileged process and current compiler optimizations     restrict access to the vulnerable code. Product:
    Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:
    A-31349935 (bnc#1014746).

  - CVE-2016-9806: Race condition in the netlink_dump     function in net/netlink/af_netlink.c in the Linux kernel     allowed local users to cause a denial of service (double     free) or possibly have unspecified other impact via a     crafted application that made sendmsg system calls,     leading to a free operation associated with a new dump     that started earlier than anticipated (bnc#1013540).

  - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux     kernel did not properly initialize Code Segment (CS) in     certain error cases, which allowed local users to obtain     sensitive information from kernel stack memory via a     crafted application (bnc#1013038).

  - CVE-2016-9793: The sock_setsockopt function in     net/core/sock.c in the Linux kernel mishandled negative     values of sk_sndbuf and sk_rcvbuf, which allowed local     users to cause a denial of service (memory corruption     and system crash) or possibly have unspecified other     impact by leveraging the CAP_NET_ADMIN capability for a     crafted setsockopt system call with the (1)     SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option     (bnc#1013531).

  - CVE-2016-7910: Use-after-free vulnerability in the     disk_seqf_stop function in block/genhd.c in the Linux     kernel allowed local users to gain privileges by     leveraging the execution of a certain stop operation     even if the corresponding start operation had failed     (bnc#1010716).

  - CVE-2015-8962: Double free vulnerability in the     sg_common_write function in drivers/scsi/sg.c in the     Linux kernel allowed local users to gain privileges or     cause a denial of service (memory corruption and system     crash) by detaching a device during an SG_IO ioctl call     (bnc#1010501).

  - CVE-2016-7913: The xc2028_set_config function in     drivers/media/tuners/tuner-xc2028.c in the Linux kernel     allowed local users to gain privileges or cause a denial     of service (use-after-free) via vectors involving     omission of the firmware name from a certain data     structure (bnc#1010478).

  - CVE-2016-7911: Race condition in the get_task_ioprio     function in block/ioprio.c in the Linux kernel allowed     local users to gain privileges or cause a denial of     service (use-after-free) via a crafted ioprio_get system     call (bnc#1010711).

  - CVE-2015-8964: The tty_set_termios_ldisc function in     drivers/tty/tty_ldisc.c in the Linux kernel allowed     local users to obtain sensitive information from kernel     memory by reading a tty data structure (bnc#1010507).

  - CVE-2015-8963: Race condition in kernel/events/core.c in     the Linux kernel allowed local users to gain privileges     or cause a denial of service (use-after-free) by     leveraging incorrect handling of an swevent data     structure during a CPU unplug operation (bnc#1010502).

  - CVE-2016-7914: The assoc_array_insert_into_terminal_node     function in lib/assoc_array.c in the Linux kernel did     not check whether a slot is a leaf, which allowed local     users to obtain sensitive information from kernel memory     or cause a denial of service (invalid pointer     dereference and out-of-bounds read) via an application     that uses associative-array data structures, as     demonstrated by the keyutils test suite (bnc#1010475).

  - CVE-2016-8633: drivers/firewire/net.c in the Linux     kernel allowed remote attackers to execute arbitrary     code via crafted fragmented packets (bnc#1008833).

  - CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux     kernel allowed local users to bypass integer overflow     checks, and cause a denial of service (memory     corruption) or have unspecified other impact, by     leveraging access to a vfio PCI device file for a     VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine     confusion bug (bnc#1007197).

  - CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the     Linux kernel misused the kzalloc function, which allowed     local users to cause a denial of service (integer     overflow) or have unspecified other impact by leveraging     access to a vfio PCI device file (bnc#1007197).

  - CVE-2016-7042: The proc_keys_show function in     security/keys/proc.c in the Linux kernel uses an     incorrect buffer size for certain timeout data, which     allowed local users to cause a denial of service (stack     memory corruption and panic) by reading the /proc/keys     file (bnc#1004517).

  - CVE-2015-8956: The rfcomm_sock_bind function in     net/bluetooth/rfcomm/sock.c in the Linux kernel allowed     local users to obtain sensitive information or cause a     denial of service (NULL pointer dereference) via vectors     involving a bind system call on a Bluetooth RFCOMM     socket (bnc#1003925).

  - CVE-2016-8658: Stack-based buffer overflow in the     brcmf_cfg80211_start_ap function in     drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021     1.c in the Linux kernel allowed local users to cause a     denial of service (system crash) or possibly have     unspecified other impact via a long SSID Information     Element in a command to a Netlink socket (bnc#1004462).

  - CVE-2016-7425: The arcmsr_iop_message_xfer function in     drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did     not restrict a certain length field, which allowed local     users to gain privileges or cause a denial of service     (heap-based buffer overflow) via an     ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).

  - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in     the Linux kernel allowed local users to cause a denial     of service (NULL pointer dereference and system crash)     by using an ABORT_TASK command to abort a device write     operation (bnc#994748).

  - CVE-2016-6828: The tcp_check_send_head function in     include/net/tcp.h in the Linux kernel did not properly     maintain certain SACK state after a failed data copy,     which allowed local users to cause a denial of service     (tcp_xmit_retransmit_queue use-after-free and system     crash) via a crafted SACK option (bnc#994296).

  - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel     did not properly determine the rate of challenge ACK     segments, which made it easier for remote attackers to     hijack TCP sessions via a blind in-window attack     (bnc#989152).

  - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb     function in drivers/s390/char/sclp_ctl.c in the Linux     kernel allowed local users to obtain sensitive     information from kernel memory by changing a certain     length value, aka a 'double fetch' vulnerability     (bnc#987542).

  - CVE-2016-6480: Race condition in the ioctl_send_fib     function in drivers/scsi/aacraid/commctrl.c in the Linux     kernel allowed local users to cause a denial of service     (out-of-bounds access or system crash) by changing a     certain size value, aka a 'double fetch' vulnerability     (bnc#991608).

  - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt     implementation in the netfilter subsystem in the Linux     kernel allowed local users to cause a denial of service     (out-of-bounds read) or possibly obtain sensitive     information from kernel heap memory by leveraging     in-container root access to provide a crafted offset     value that leads to crossing a ruleset blob boundary     (bnc#986362 bnc#986365).

  - CVE-2016-5828: The start_thread function in     arch/powerpc/kernel/process.c in the Linux kernel on     powerpc platforms mishandled transactional state, which     allowed local users to cause a denial of service     (invalid process state or TM Bad Thing exception, and     system crash) or possibly have unspecified other impact     by starting and suspending a transaction before an exec     system call (bnc#986569).

  - CVE-2014-9904: The snd_compress_check_input function in     sound/core/compress_offload.c in the ALSA subsystem in     the Linux kernel did not properly check for an integer     overflow, which allowed local users to cause a denial of     service (insufficient memory allocation) or possibly     have unspecified other impact via a crafted     SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).

  - CVE-2016-5829: Multiple heap-based buffer overflows in     the hiddev_ioctl_usage function in     drivers/hid/usbhid/hiddev.c in the Linux kernel allow     local users to cause a denial of service or possibly     have unspecified other impact via a crafted (1)     HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call     (bnc#986572).

  - CVE-2016-4470: The key_reject_and_link function in     security/keys/key.c in the Linux kernel did not ensure     that a certain data structure is initialized, which     allowed local users to cause a denial of service (system     crash) via vectors involving a crafted keyctl request2     command (bnc#984755).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 12 kernel was updated to 3.12.67 to receive various security and bugfixes. The following security bugs were fixed :

  - CVE-2016-7042: The proc_keys_show function in     security/keys/proc.c in the Linux kernel used an     incorrect buffer size for certain timeout data, which     allowed local users to cause a denial of service (stack     memory corruption and panic) by reading the /proc/keys     file (bsc#1004517).

  - CVE-2016-7097: The filesystem implementation in the     Linux kernel preserved the setgid bit during a setxattr     call, which allowed local users to gain group privileges     by leveraging the existence of a setgid program with     restrictions on execute permissions (bsc#995968).

  - CVE-2015-8956: The rfcomm_sock_bind function in     net/bluetooth/rfcomm/sock.c in the Linux kernel allowed     local users to obtain sensitive information or cause a     denial of service (NULL pointer dereference) via vectors     involving a bind system call on a Bluetooth RFCOMM     socket (bnc#1003925).

  - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel     did not properly determine the rate of challenge ACK     segments, which made it easier for man-in-the-middle     attackers to hijack TCP sessions via a blind in-window     attack (bnc#989152).

  - CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb     function in drivers/s390/char/sclp_ctl.c in the Linux     kernel allowed local users to obtain sensitive     information from kernel memory by changing a certain     length value, aka a 'double fetch' vulnerability     (bnc#987542).

  - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in     the Linux kernel allowed local users to cause a denial     of service (NULL pointer dereference and system crash)     by using an ABORT_TASK command to abort a device write     operation (bnc#994748).

  - CVE-2016-6480: Race condition in the ioctl_send_fib     function in drivers/scsi/aacraid/commctrl.c in the Linux     kernel allowed local users to cause a denial of service     (out-of-bounds access or system crash) by changing a     certain size value, aka a 'double fetch' vulnerability     (bnc#991608).

  - CVE-2016-6828: The tcp_check_send_head function in     include/net/tcp.h in the Linux kernel did not properly     maintain certain SACK state after a failed data copy,     which allowed local users to cause a denial of service     (tcp_xmit_retransmit_queue use-after-free and system     crash) via a crafted SACK option (bnc#994296).

  - CVE-2016-7425: The arcmsr_iop_message_xfer function in     drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did     not restrict a certain length field, which allowed local     users to gain privileges or cause a denial of service     (heap-based buffer overflow) via an     ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).

  - CVE-2016-8658: Stack-based buffer overflow in the     brcmf_cfg80211_start_ap function in     drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021     1.c in the Linux kernel allowed local users to cause a     denial of service (system crash) or possibly have     unspecified other impact via a long SSID Information     Element in a command to a Netlink socket (bnc#1004462).

  - CVE-2016-8666: The IP stack in the Linux kernel allowed     remote attackers to cause a denial of service (stack     consumption and panic) or possibly have unspecified     other impact by triggering use of the GRO path for     packets with tunnel stacking, as demonstrated by     interleaved IPv4 headers and GRE headers, a related     issue to CVE-2016-7039 (bsc#1001486).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Vladimir Benes discovered an unbounded recursion in the VLAN and TEB Generic Receive Offload (GRO) processing implementations in the Linux kernel, A remote attacker could use this to cause a stack corruption, leading to a denial of service (system crash). (CVE-2016-7039)

Marco Grassi discovered a use-after-free condition could occur in the TCP retransmit queue handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-6828)

Pengfei Wang discovered a race condition in the s390 SCLP console driver for the Linux kernel when handling ioctl()s. A local attacker could use this to obtain sensitive information from kernel memory.
(CVE-2016-6130)

Pengfei Wang discovered a race condition in the Adaptec AAC RAID controller driver in the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system crash).
(CVE-2016-6480).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Update to latest upstream stable release, Linux v4.6.4

For those with Skylake CPUs, please note that there may be instability with a recent microcode update. Read https://www.happyassassin.net/2016/07/07/psa-failure-to-boot-after-ker nel-update-on-skylake-systems/ and look for a system firmware update before installing the kernel.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

  - CVE-2014-9904     It was discovered that the snd_compress_check_input     function used in the ALSA subsystem does not properly     check for an integer overflow, allowing a local user to     cause a denial of service.

  - CVE-2016-5728     Pengfei Wang discovered a race condition in the MIC VOP     driver that could allow a local user to obtain sensitive     information from kernel memory or cause a denial of     service.

  - CVE-2016-5828     Cyril Bur and Michael Ellerman discovered a flaw in the     handling of Transactional Memory on powerpc systems     allowing a local user to cause a denial of service     (kernel crash) or possibly have unspecified other     impact, by starting a transaction, suspending it, and     then calling any of the exec() class system calls.

  - CVE-2016-5829     A heap-based buffer overflow vulnerability was found in     the hiddev driver, allowing a local user to cause a     denial of service or, potentially escalate their     privileges.

  - CVE-2016-6130     Pengfei Wang discovered a flaw in the S/390 character     device drivers potentially leading to information leak     with /dev/sclp.

Additionally this update fixes a regression in the ebtables facility (#828914) that was introduced in DSA-3607-1.

ID	Name	Product	Family	Severity
124802	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1478)	Nessus	Huawei Local Security Checks	high
97205	SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0471-1)	Nessus	SuSE Local Security Checks	high
95592	openSUSE Security Update : the Linux Kernel (openSUSE-2016-1410)	Nessus	SuSE Local Security Checks	high
95368	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:2912-1)	Nessus	SuSE Local Security Checks	high
93956	Ubuntu 16.04 LTS : linux vulnerabilities (USN-3099-1)	Nessus	Ubuntu Local Security Checks	high
92444	Fedora 23 : kernel (2016-784d5526d8)	Nessus	Fedora Local Security Checks	medium
91927	Debian DSA-3616-1 : linux - security update	Nessus	Debian Local Security Checks	high

CVE-2016-6130

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins