Vulnerabilities > CVE-2014-6417 - Resource Management Errors vulnerability in Linux Kernel
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-027.NASL description Multiple vulnerabilities has been found and corrected in the Linux kernel : The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association last seen 2020-06-01 modified 2020-06-02 plugin id 80578 published 2015-01-19 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/80578 title Mandriva Linux Security Advisory : kernel (MDVSA-2015:027) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2015:027. # The text itself is copyright (C) Mandriva S.A. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(80578); script_version("1.7"); script_cvs_date("Date: 2019/08/02 13:32:56"); script_cve_id("CVE-2014-3688", "CVE-2014-6416", "CVE-2014-6417", "CVE-2014-6418", "CVE-2014-7841", "CVE-2014-7842", "CVE-2014-8133", "CVE-2014-8884", "CVE-2014-9090", "CVE-2014-9322", "CVE-2014-9419", "CVE-2014-9420", "CVE-2014-9529", "CVE-2014-9584", "CVE-2014-9585"); script_bugtraq_id(69805, 70393, 70395, 70768, 71078, 71081, 71097, 71250, 71684, 71685, 71717, 71794, 71880, 71883, 71990); script_xref(name:"MDVSA", value:"2015:027"); script_name(english:"Mandriva Linux Security Advisory : kernel (MDVSA-2015:027)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Multiple vulnerabilities has been found and corrected in the Linux kernel : The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (CVE-2014-3688=. Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket (CVE-2014-6416). net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket (CVE-2014-6417). net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph Monitor (CVE-2014-6418). The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (CVE-2014-7841). Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allows guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313 (CVE-2014-7842). arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value (CVE-2014-8133). Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call (CVE-2014-8884). The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite (CVE-2014-9090). arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space (CVE-2014-9322). The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address (CVE-2014-9419). The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image (CVE-2014-9420). Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key (CVE-2014-9529). The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image (CVE-2014-9584). The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD (CVE-2014-9585). The updated packages provides a solution for these security issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:cpupower"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-firmware"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-server-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-source"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cpupower-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64cpupower0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2015/01/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"cpupower-3.4.105-2.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"kernel-firmware-3.4.105-2.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-headers-3.4.105-2.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-server-3.4.105-2.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"kernel-server-devel-3.4.105-2.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"kernel-source-3.4.105-2.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64cpupower-devel-3.4.105-2.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"lib64cpupower0-3.4.105-2.1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", cpu:"x86_64", reference:"perf-3.4.105-2.1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2379-1.NASL description Steven Vittitoe reported multiple stack buffer overflows in Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 78259 published 2014-10-11 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78259 title Ubuntu 14.04 LTS : linux vulnerabilities (USN-2379-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2379-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(78259); script_version("1.11"); script_cvs_date("Date: 2019/09/19 12:54:30"); script_cve_id("CVE-2014-3181", "CVE-2014-3184", "CVE-2014-3185", "CVE-2014-3186", "CVE-2014-3631", "CVE-2014-6410", "CVE-2014-6416", "CVE-2014-6417", "CVE-2014-6418"); script_bugtraq_id(69763, 69768, 69779, 69781, 69799, 69805, 70095); script_xref(name:"USN", value:"2379-1"); script_name(english:"Ubuntu 14.04 LTS : linux vulnerabilities (USN-2379-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Steven Vittitoe reported multiple stack buffer overflows in Linux kernel's magicmouse HID driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via specially crafted devices. (CVE-2014-3181) Ben Hawkes reported some off by one errors for report descriptors in the Linux kernel's HID stack. A physically proximate attacker could exploit these flaws to cause a denial of service (out-of-bounds write) via a specially crafted device. (CVE-2014-3184) Several bounds check flaws allowing for buffer overflows were discovered in the Linux kernel's Whiteheat USB serial driver. A physically proximate attacker could exploit these flaws to cause a denial of service (system crash) via a specially crafted device. (CVE-2014-3185) Steven Vittitoe reported a buffer overflow in the Linux kernel's PicoLCD HID device driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via a specially craft device. (CVE-2014-3186) A flaw was discovered in the Linux kernel's associative-array garbage collection implementation. A local user could exploit this flaw to cause a denial of service (system crash) or possibly have other unspecified impact by using keyctl operations. (CVE-2014-3631) A flaw was discovered in the Linux kernel's UDF filesystem (used on some CD-ROMs and DVDs) when processing indirect ICBs. An attacker who can cause CD, DVD or image file with a specially crafted inode to be mounted can cause a denial of service (infinite loop or stack consumption). (CVE-2014-6410) James Eckersall discovered a buffer overflow in the Ceph filesystem in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (memory consumption and panic) or possibly have other unspecified impact via a long unencrypted auth ticket. (CVE-2014-6416) James Eckersall discovered a flaw in the handling of memory allocation failures in the Ceph filesystem. A remote attacker could exploit this flaw to cause a denial of service (system crash) or possibly have unspecified other impact. (CVE-2014-6417) James Eckersall discovered a flaw in how the Ceph filesystem validates auth replies. A remote attacker could exploit this flaw to cause a denial of service (system crash) or possibly have other unspecified impact. (CVE-2014-6418). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2379-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected linux-image-3.13-generic, linux-image-3.13-generic-lpae and / or linux-image-3.13-lowlatency packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/28"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2014-3181", "CVE-2014-3184", "CVE-2014-3185", "CVE-2014-3186", "CVE-2014-3631", "CVE-2014-6410", "CVE-2014-6416", "CVE-2014-6417", "CVE-2014-6418"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2379-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"linux-image-3.13.0-37-generic", pkgver:"3.13.0-37.64")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"linux-image-3.13.0-37-generic-lpae", pkgver:"3.13.0-37.64")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"linux-image-3.13.0-37-lowlatency", pkgver:"3.13.0-37.64")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2378-1.NASL description Steven Vittitoe reported multiple stack buffer overflows in Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 78258 published 2014-10-11 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78258 title Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2378-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2378-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(78258); script_version("1.11"); script_cvs_date("Date: 2019/09/19 12:54:30"); script_cve_id("CVE-2014-3181", "CVE-2014-3184", "CVE-2014-3185", "CVE-2014-3186", "CVE-2014-3631", "CVE-2014-6410", "CVE-2014-6416", "CVE-2014-6417", "CVE-2014-6418"); script_bugtraq_id(69763, 69768, 69779, 69781, 69799, 69805, 70095); script_xref(name:"USN", value:"2378-1"); script_name(english:"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2378-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Steven Vittitoe reported multiple stack buffer overflows in Linux kernel's magicmouse HID driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via specially crafted devices. (CVE-2014-3181) Ben Hawkes reported some off by one errors for report descriptors in the Linux kernel's HID stack. A physically proximate attacker could exploit these flaws to cause a denial of service (out-of-bounds write) via a specially crafted device. (CVE-2014-3184) Several bounds check flaws allowing for buffer overflows were discovered in the Linux kernel's Whiteheat USB serial driver. A physically proximate attacker could exploit these flaws to cause a denial of service (system crash) via a specially crafted device. (CVE-2014-3185) Steven Vittitoe reported a buffer overflow in the Linux kernel's PicoLCD HID device driver. A physically proximate attacker could exploit this flaw to cause a denial of service (system crash) or possibly execute arbitrary code via a specially craft device. (CVE-2014-3186) A flaw was discovered in the Linux kernel's associative-array garbage collection implementation. A local user could exploit this flaw to cause a denial of service (system crash) or possibly have other unspecified impact by using keyctl operations. (CVE-2014-3631) A flaw was discovered in the Linux kernel's UDF filesystem (used on some CD-ROMs and DVDs) when processing indirect ICBs. An attacker who can cause CD, DVD or image file with a specially crafted inode to be mounted can cause a denial of service (infinite loop or stack consumption). (CVE-2014-6410) James Eckersall discovered a buffer overflow in the Ceph filesystem in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (memory consumption and panic) or possibly have other unspecified impact via a long unencrypted auth ticket. (CVE-2014-6416) James Eckersall discovered a flaw in the handling of memory allocation failures in the Ceph filesystem. A remote attacker could exploit this flaw to cause a denial of service (system crash) or possibly have unspecified other impact. (CVE-2014-6417) James Eckersall discovered a flaw in how the Ceph filesystem validates auth replies. A remote attacker could exploit this flaw to cause a denial of service (system crash) or possibly have other unspecified impact. (CVE-2014-6418). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2378-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected linux-image-3.13-generic and / or linux-image-3.13-generic-lpae packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/09/28"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("ksplice.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); if (get_one_kb_item("Host/ksplice/kernel-cves")) { rm_kb_item(name:"Host/uptrack-uname-r"); cve_list = make_list("CVE-2014-3181", "CVE-2014-3184", "CVE-2014-3185", "CVE-2014-3186", "CVE-2014-3631", "CVE-2014-6410", "CVE-2014-6416", "CVE-2014-6417", "CVE-2014-6418"); if (ksplice_cves_check(cve_list)) { audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for USN-2378-1"); } else { _ubuntu_report = ksplice_reporting_text(); } } flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.13.0-37-generic", pkgver:"3.13.0-37.64~precise1")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"linux-image-3.13.0-37-generic-lpae", pkgver:"3.13.0-37.64~precise1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "linux-image-3.13-generic / linux-image-3.13-generic-lpae"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1481.NASL description According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A race condition flaw was found in the way the Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 124805 published 2019-05-13 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124805 title EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1481) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(124805); script_version("1.4"); script_cvs_date("Date: 2020/01/17"); script_cve_id( "CVE-2014-4171", "CVE-2014-4652", "CVE-2014-4653", "CVE-2014-4654", "CVE-2014-4655", "CVE-2014-4656", "CVE-2014-4667", "CVE-2014-4699", "CVE-2014-4943", "CVE-2014-5045", "CVE-2014-5077", "CVE-2014-5471", "CVE-2014-5472", "CVE-2014-6410", "CVE-2014-6416", "CVE-2014-6417", "CVE-2014-6418", "CVE-2014-7145", "CVE-2014-7283", "CVE-2014-7825", "CVE-2014-7826" ); script_bugtraq_id( 68157, 68162, 68163, 68164, 68170, 68224, 68411, 68683, 68768, 68862, 68881, 69396, 69428, 69799, 69805, 69867, 70261, 70393, 70395, 70971, 70972 ); script_name(english:"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1481)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS Virtualization host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A race condition flaw was found in the way the Linux kernel's mmap(2), madvise(2), and fallocate(2) system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service.(CVE-2014-4171) - An information leak flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled access of the user control's state. A local, privileged user could use this flaw to leak kernel memory to user space.(CVE-2014-4652) - A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system.(CVE-2014-4653) - A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system.(CVE-2014-4654) - A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system.(CVE-2014-4655) - An integer overflow flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system.(CVE-2014-4656) - An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation processed certain COOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP server socket to be made.(CVE-2014-4667) - 'It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. - Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.(CVE-2014-4699)' - A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system.(CVE-2014-4943) - A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation.(CVE-2014-5045) - A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system.(CVE-2014-5077) - It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system.(CVE-2014-5471) - It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system.(CVE-2014-5472) - A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's Universal Disk Format (UDF) file system implementation processed indirect Information Control Blocks (ICBs). An attacker with physical access to the system could use a specially crafted UDF image to crash the system.(CVE-2014-6410) - Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket.(CVE-2014-6416) - net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket.(CVE-2014-6417) - net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph Monitor.(CVE-2014-6418) - A NULL pointer dereference flaw was found in the way the Linux kernel's Common Internet File System (CIFS) implementation handled mounting of file system shares. A remote attacker could use this flaw to crash a client system that would mount a file system share from a malicious server.(CVE-2014-7145) - A denial of service flaw was found in the way the Linux kernel's XFS file system implementation ordered directory hashes under certain conditions. A local attacker could use this flaw to corrupt the file system by creating directories with colliding hash values, potentially resulting in a system crash.(CVE-2014-7283) - An out-of-bounds memory access flaw, CVE-2014-7825, was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system. Additionally, an out-of-bounds memory access flaw, CVE-2014-7826, was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges.(CVE-2014-7825) - An out-of-bounds memory access flaw, CVE-2014-7825, was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system. Additionally, an out-of-bounds memory access flaw, CVE-2014-7826, was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges.(CVE-2014-7826) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1481 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b8a0561b"); script_set_attribute(attribute:"solution", value: "Update the affected kernel packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4943"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0"); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["kernel-3.10.0-862.14.1.6_42", "kernel-devel-3.10.0-862.14.1.6_42", "kernel-headers-3.10.0-862.14.1.6_42", "kernel-tools-3.10.0-862.14.1.6_42", "kernel-tools-libs-3.10.0-862.14.1.6_42", "kernel-tools-libs-devel-3.10.0-862.14.1.6_42", "perf-3.10.0-862.14.1.6_42", "python-perf-3.10.0-862.14.1.6_42"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2376-1.NASL description Steven Vittitoe reported multiple stack buffer overflows in Linux kernel last seen 2020-06-01 modified 2020-06-02 plugin id 78257 published 2014-10-11 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78257 title Ubuntu 12.04 LTS : linux vulnerabilities (USN-2376-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1529.NASL description According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7268i1/4%0 - The move_pages system call in mm/migrate.c in the Linux kernel doesn last seen 2020-03-19 modified 2019-05-14 plugin id 124982 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/124982 title EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1529)
References
- http://www.openwall.com/lists/oss-security/2014/09/15/7
- https://github.com/torvalds/linux/commit/c27a3e4d667fdcad3db7b104f75659478e0c68d8
- https://bugzilla.redhat.com/show_bug.cgi?id=1142072
- http://tracker.ceph.com/issues/9560
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.3
- http://tracker.ceph.com/issues/8979
- http://www.ubuntu.com/usn/USN-2377-1
- http://www.ubuntu.com/usn/USN-2376-1
- http://www.ubuntu.com/usn/USN-2379-1
- http://www.ubuntu.com/usn/USN-2378-1
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c27a3e4d667fdcad3db7b104f75659478e0c68d8