Vulnerabilities > CVE-2013-2017 - Resource Management Errors vulnerability in Linux Kernel

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
linux
CWE-399
nessus
NVD
Published: 2013-05-03
Updated: 2023-02-13

Summary

The veth (aka virtual Ethernet) driver in the Linux kernel before 2.6.34 does not properly manage skbs during congestion, which allows remote attackers to cause a denial of service (system crash) by leveraging lack of skb consumption in conjunction with a double-free error.

Vulnerable Configurations

Part Description Count
OS
Linux
1191

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130610_KERNEL_ON_SL6_X.NASL
    descriptionThis update fixes the following security issues : - A flaw was found in the way KVM (Kernel-based Virtual Machine) initialized a guest
    last seen2020-03-18
    modified2013-06-13
    plugin id66884
    published2013-06-13
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66884
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20130610)
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include("compat.inc");

if (description)
{
  script_id(66884);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27");

  script_cve_id("CVE-2013-1935", "CVE-2013-1943", "CVE-2013-2017");

  script_name(english:"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20130610)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update fixes the following security issues :

  - A flaw was found in the way KVM (Kernel-based Virtual
    Machine) initialized a guest's registered pv_eoi
    (paravirtualized end-of-interrupt) indication flag when
    entering the guest. An unprivileged guest user could
    potentially use this flaw to crash the host.
    (CVE-2013-1935, Important)

  - A missing sanity check was found in the
    kvm_set_memory_region() function in KVM, allowing a
    user-space process to register memory regions pointing
    to the kernel address space. A local, unprivileged user
    could use this flaw to escalate their privileges.
    (CVE-2013-1943, Important)

  - A double free flaw was found in the Linux kernel's
    Virtual Ethernet Tunnel driver (veth). A remote attacker
    could possibly use this flaw to crash a target system.
    (CVE-2013-2017, Moderate)

The system must be rebooted for this update to take effect."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1306&L=scientific-linux-errata&T=0&P=821
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?4e7a02d3"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/05/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/06/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/13");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL6", reference:"kernel-2.6.32-358.11.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debug-2.6.32-358.11.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debug-debuginfo-2.6.32-358.11.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debug-devel-2.6.32-358.11.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debuginfo-2.6.32-358.11.1.el6")) flag++;
if (rpm_check(release:"SL6", cpu:"i386", reference:"kernel-debuginfo-common-i686-2.6.32-358.11.1.el6")) flag++;
if (rpm_check(release:"SL6", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-358.11.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-devel-2.6.32-358.11.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-doc-2.6.32-358.11.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-firmware-2.6.32-358.11.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-headers-2.6.32-358.11.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"perf-2.6.32-358.11.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"perf-debuginfo-2.6.32-358.11.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"python-perf-2.6.32-358.11.1.el6")) flag++;
if (rpm_check(release:"SL6", reference:"python-perf-debuginfo-2.6.32-358.11.1.el6")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc");
}
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-0911.NASL
    descriptionUpdated kernel packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way KVM (Kernel-based Virtual Machine) initialized a guest
    last seen2020-06-01
    modified2020-06-02
    plugin id66887
    published2013-06-14
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66887
    titleCentOS 6 : kernel (CESA-2013:0911)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0907.NASL
    descriptionAn updated rhev-hypervisor6 package that fixes two security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way KVM initialized a guest
    last seen2020-06-01
    modified2020-06-02
    plugin id78961
    published2014-11-08
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/78961
    titleRHEL 6 : rhev-hypervisor6 (RHSA-2013:0907)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-0911.NASL
    descriptionFrom Red Hat Security Advisory 2013:0911 : Updated kernel packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way KVM (Kernel-based Virtual Machine) initialized a guest
    last seen2020-06-01
    modified2020-06-02
    plugin id68834
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68834
    titleOracle Linux 6 : kernel (ELSA-2013-0911)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0911.NASL
    descriptionUpdated kernel packages that fix three security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way KVM (Kernel-based Virtual Machine) initialized a guest
    last seen2020-06-01
    modified2020-06-02
    plugin id66853
    published2013-06-11
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/66853
    titleRHEL 6 : kernel (RHSA-2013:0911)

Redhat

rpms
  • kernel-0:2.6.32-358.11.1.el6
  • kernel-bootwrapper-0:2.6.32-358.11.1.el6
  • kernel-debug-0:2.6.32-358.11.1.el6
  • kernel-debug-debuginfo-0:2.6.32-358.11.1.el6
  • kernel-debug-devel-0:2.6.32-358.11.1.el6
  • kernel-debuginfo-0:2.6.32-358.11.1.el6
  • kernel-debuginfo-common-i686-0:2.6.32-358.11.1.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-358.11.1.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-358.11.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-358.11.1.el6
  • kernel-devel-0:2.6.32-358.11.1.el6
  • kernel-doc-0:2.6.32-358.11.1.el6
  • kernel-firmware-0:2.6.32-358.11.1.el6
  • kernel-headers-0:2.6.32-358.11.1.el6
  • kernel-kdump-0:2.6.32-358.11.1.el6
  • kernel-kdump-debuginfo-0:2.6.32-358.11.1.el6
  • kernel-kdump-devel-0:2.6.32-358.11.1.el6
  • perf-0:2.6.32-358.11.1.el6
  • perf-debuginfo-0:2.6.32-358.11.1.el6
  • python-perf-0:2.6.32-358.11.1.el6
  • python-perf-debuginfo-0:2.6.32-358.11.1.el6

References