Vulnerabilities > CVE-2014-7283 - Resource Management Errors vulnerability in multiple products

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a denial of service (filesystem corruption, and OOPS or panic) via operations on directories that have hash collisions, as demonstrated by rmdir operations.

Vulnerable Configurations

Part Description Count
OS
Linux
1975
Application
Redhat
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1476.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A use-after-free vulnerability was found in DCCP socket code affecting the Linux kernel since 2.6.16. This vulnerability could allow an attacker to their escalate privileges.(CVE-2017-8824i1/4%0 - The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.(CVE-2015-4004i1/4%0 - Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory corruption) via a crafted application that triggers an msm_isp_axi_create_stream call.(CVE-2016-2061i1/4%0 - A denial of service flaw was found in the way the Linux kernel
    last seen2020-03-19
    modified2019-05-13
    plugin id124800
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124800
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1476)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124800);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/19");
    
      script_cve_id(
        "CVE-2013-2895",
        "CVE-2013-4516",
        "CVE-2014-7283",
        "CVE-2015-2877",
        "CVE-2015-3636",
        "CVE-2015-4003",
        "CVE-2015-4004",
        "CVE-2015-8952",
        "CVE-2015-8964",
        "CVE-2016-2061",
        "CVE-2016-3137",
        "CVE-2017-17806",
        "CVE-2017-18193",
        "CVE-2017-18255",
        "CVE-2017-5550",
        "CVE-2017-8824",
        "CVE-2018-1092",
        "CVE-2018-12633",
        "CVE-2018-14609",
        "CVE-2018-8822"
      );
      script_bugtraq_id(
        62045,
        63519,
        70261,
        74450,
        74668
      );
    
      script_name(english:"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1476)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization for ARM 64 host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization for ARM 64 installation on the remote host is
    affected by the following vulnerabilities :
    
      - A use-after-free vulnerability was found in DCCP socket
        code affecting the Linux kernel since 2.6.16. This
        vulnerability could allow an attacker to their escalate
        privileges.(CVE-2017-8824i1/4%0
    
      - The OZWPAN driver in the Linux kernel through 4.0.5
        relies on an untrusted length field during packet
        parsing, which allows remote attackers to obtain
        sensitive information from kernel memory or cause a
        denial of service (out-of-bounds read and system crash)
        via a crafted packet.(CVE-2015-4004i1/4%0
    
      - Integer signedness error in the MSM V4L2 video driver
        for the Linux kernel 3.x, as used in Qualcomm
        Innovation Center (QuIC) Android contributions for MSM
        devices and other products, allows attackers to gain
        privileges or cause a denial of service (array overflow
        and memory corruption) via a crafted application that
        triggers an msm_isp_axi_create_stream
        call.(CVE-2016-2061i1/4%0
    
      - A denial of service flaw was found in the way the Linux
        kernel's XFS file system implementation ordered
        directory hashes under certain conditions. A local
        attacker could use this flaw to corrupt the file system
        by creating directories with colliding hash values,
        potentially resulting in a system
        crash.(CVE-2014-7283i1/4%0
    
      - It was found that the Linux kernel's ping socket
        implementation did not properly handle socket unhashing
        during spurious disconnects, which could lead to a
        use-after-free flaw. On x86-64 architecture systems, a
        local user able to create ping sockets could use this
        flaw to crash the system. On non-x86-64 architecture
        systems, a local user able to create ping sockets could
        use this flaw to escalate their privileges on the
        system.(CVE-2015-3636i1/4%0
    
      - Incorrect buffer length handling was found in the
        ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in
        the Linux kernel, which could be exploited by malicious
        NCPFS servers to crash the kernel or possibly execute
        an arbitrary code.(CVE-2018-8822i1/4%0
    
      - ** DISPUTED ** Kernel Samepage Merging (KSM) in the
        Linux kernel 2.6.32 through 4.x does not prevent use of
        a write-timing side channel, which allows guest OS
        users to defeat the ASLR protection mechanism on other
        guest OS instances via a Cross-VM ASL INtrospection
        (CAIN) attack. NOTE: the vendor states 'Basically if
        you care about this attack vector, disable
        deduplication.' Share-until-written approaches for
        memory conservation among mutually untrusting tenants
        are inherently detectable for information disclosure,
        and can be classified as potentially misunderstood
        behaviors rather than vulnerabilities.(CVE-2015-2877i1/4%0
    
      - The tty_set_termios_ldisc() function in
        'drivers/tty/tty_ldisc.c' in the Linux kernel before
        4.5 allows local users to obtain sensitive information
        from kernel memory by reading a tty data
        structure.(CVE-2015-8964i1/4%0
    
      - An issue was discovered in the Linux kernel through
        4.17.2. vbg_misc_device_ioctl() in
        drivers/virt/vboxguest/vboxguest_linux.c reads the same
        user data twice with copy_from_user. The header part of
        the user data is double-fetched, and a malicious user
        thread can tamper with the critical variables
        (hdr.size_in and hdr.size_out) in the header between
        the two fetches because of a race condition, leading to
        severe kernel errors, such as buffer over-accesses.
        This bug can cause a local denial of service and
        information leakage.(CVE-2018-12633i1/4%0
    
      - ** RESERVED ** This candidate has been reserved by an
        organization or individual that will use it when
        announcing a new security problem. When the candidate
        has been publicized, the details for this candidate
        will be provided.(CVE-2018-1092i1/4%0
    
      - fs/f2fs/extent_cache.c in the Linux kernel, before
        4.13, mishandles extent trees. This allows local users
        to cause a denial of service via an application with
        multiple threads.(CVE-2017-18193i1/4%0
    
      - A design flaw was found in the file extended attribute
        handling of the Linux kernel's handling of cached
        attributes. Too many entries in the cache cause a soft
        lockup while attempting to iterate the cache and access
        relevant locks.(CVE-2015-8952i1/4%0
    
      - Off-by-one error in the pipe_advance function in
        lib/iov_iter.c in the Linux kernel before 4.9.5 allows
        local users to obtain sensitive information from
        uninitialized heap-memory locations in opportunistic
        circumstances by reading from a pipe after an incorrect
        buffer-release decision.(CVE-2017-5550i1/4%0
    
      - The HMAC implementation (crypto/hmac.c) in the Linux
        kernel, before 4.14.8, does not validate that the
        underlying cryptographic hash algorithm is unkeyed.
        This allows a local attacker, able to use the
        AF_ALG-based hash interface
        (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash
        algorithm (CONFIG_CRYPTO_SHA3), to cause a kernel stack
        buffer overflow by executing a crafted sequence of
        system calls that encounter a missing SHA-3
        initialization.(CVE-2017-17806i1/4%0
    
      - The mp_get_count function in
        drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel
        before 3.12 does not initialize a certain data
        structure, which allows local users to obtain sensitive
        information from kernel stack memory via a TIOCGICOUNT
        ioctl call.(CVE-2013-4516i1/4%0
    
      - The perf_cpu_time_max_percent_handler function in
        kernel/events/core.c in the Linux kernel before 4.11
        allows local users to cause a denial of service
        (integer overflow) or possibly have unspecified other
        impact via a large value, as demonstrated by an
        incorrect sample-rate calculation.(CVE-2017-18255i1/4%0
    
      - An issue was discovered in the btrfs filesystem code in
        the Linux kernel. An invalid pointer dereference in
        __del_reloc_root() in fs/btrfs/relocation.c when
        mounting a crafted btrfs image could lead to a system
        crash and a denial of service.(CVE-2018-14609i1/4%0
    
      - The oz_usb_handle_ep_data function in
        drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver
        in the Linux kernel through 4.0.5 allows remote
        attackers to cause a denial of service (divide-by-zero
        error and system crash) via a crafted
        packet.(CVE-2015-4003i1/4%0
    
      - drivers/hid/hid-logitech-dj.c in the Human Interface
        Device (HID) subsystem in the Linux kernel through
        3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows
        physically proximate attackers to cause a denial of
        service (NULL pointer dereference and OOPS) or obtain
        sensitive information from kernel memory via a crafted
        device.(CVE-2013-2895i1/4%0
    
      - drivers/usb/serial/cypress_m8.c in the Linux kernel
        before 4.5.1 allows physically proximate attackers to
        cause a denial of service (NULL pointer dereference and
        system crash) via a USB device without both an
        interrupt-in and an interrupt-out endpoint descriptor,
        related to the cypress_generic_port_probe and
        cypress_open functions.(CVE-2016-3137i1/4%0
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1476
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0934af5b");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/13");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-4.19.28-1.2.117",
            "kernel-devel-4.19.28-1.2.117",
            "kernel-headers-4.19.28-1.2.117",
            "kernel-tools-4.19.28-1.2.117",
            "kernel-tools-libs-4.19.28-1.2.117",
            "kernel-tools-libs-devel-4.19.28-1.2.117",
            "perf-4.19.28-1.2.117",
            "python-perf-4.19.28-1.2.117"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1481.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A race condition flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id124805
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124805
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1481)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(124805);
      script_version("1.4");
      script_cvs_date("Date: 2020/01/17");
    
      script_cve_id(
        "CVE-2014-4171",
        "CVE-2014-4652",
        "CVE-2014-4653",
        "CVE-2014-4654",
        "CVE-2014-4655",
        "CVE-2014-4656",
        "CVE-2014-4667",
        "CVE-2014-4699",
        "CVE-2014-4943",
        "CVE-2014-5045",
        "CVE-2014-5077",
        "CVE-2014-5471",
        "CVE-2014-5472",
        "CVE-2014-6410",
        "CVE-2014-6416",
        "CVE-2014-6417",
        "CVE-2014-6418",
        "CVE-2014-7145",
        "CVE-2014-7283",
        "CVE-2014-7825",
        "CVE-2014-7826"
      );
      script_bugtraq_id(
        68157,
        68162,
        68163,
        68164,
        68170,
        68224,
        68411,
        68683,
        68768,
        68862,
        68881,
        69396,
        69428,
        69799,
        69805,
        69867,
        70261,
        70393,
        70395,
        70971,
        70972
      );
    
      script_name(english:"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1481)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the kernel packages installed, the
    EulerOS Virtualization installation on the remote host is affected by
    the following vulnerabilities :
    
      - A race condition flaw was found in the way the Linux
        kernel's mmap(2), madvise(2), and fallocate(2) system
        calls interacted with each other while operating on
        virtual memory file system files. A local user could
        use this flaw to cause a denial of
        service.(CVE-2014-4171)
    
      - An information leak flaw was found in the way the Linux
        kernel's Advanced Linux Sound Architecture (ALSA)
        implementation handled access of the user control's
        state. A local, privileged user could use this flaw to
        leak kernel memory to user space.(CVE-2014-4652)
    
      - A use-after-free flaw was found in the way the Linux
        kernel's Advanced Linux Sound Architecture (ALSA)
        implementation handled user controls. A local,
        privileged user could use this flaw to crash the
        system.(CVE-2014-4653)
    
      - A use-after-free flaw was found in the way the Linux
        kernel's Advanced Linux Sound Architecture (ALSA)
        implementation handled user controls. A local,
        privileged user could use this flaw to crash the
        system.(CVE-2014-4654)
    
      - A use-after-free flaw was found in the way the Linux
        kernel's Advanced Linux Sound Architecture (ALSA)
        implementation handled user controls. A local,
        privileged user could use this flaw to crash the
        system.(CVE-2014-4655)
    
      - An integer overflow flaw was found in the way the Linux
        kernel's Advanced Linux Sound Architecture (ALSA)
        implementation handled user controls. A local,
        privileged user could use this flaw to crash the
        system.(CVE-2014-4656)
    
      - An integer underflow flaw was found in the way the
        Linux kernel's Stream Control Transmission Protocol
        (SCTP) implementation processed certain COOKIE_ECHO
        packets. By sending a specially crafted SCTP packet, a
        remote attacker could use this flaw to prevent
        legitimate connections to a particular SCTP server
        socket to be made.(CVE-2014-4667)
    
      - 'It was found that the Linux kernel's ptrace subsystem
        allowed a traced process' instruction pointer to be set
        to a non-canonical memory address without forcing the
        non-sysret code path when returning to user space. A
        local, unprivileged user could use this flaw to crash
        the system or, potentially, escalate their privileges
        on the system.
    
      - Note: The CVE-2014-4699 issue only affected systems
        using an Intel CPU.(CVE-2014-4699)'
    
      - A flaw was found in the way the pppol2tp_setsockopt()
        and pppol2tp_getsockopt() functions in the Linux
        kernel's PPP over L2TP implementation handled requests
        with a non-SOL_PPPOL2TP socket option level. A local,
        unprivileged user could use this flaw to escalate their
        privileges on the system.(CVE-2014-4943)
    
      - A flaw was found in the way the Linux kernel's VFS
        subsystem handled reference counting when performing
        unmount operations on symbolic links. A local,
        unprivileged user could use this flaw to exhaust all
        available memory on the system or, potentially, trigger
        a use-after-free error, resulting in a system crash or
        privilege escalation.(CVE-2014-5045)
    
      - A NULL pointer dereference flaw was found in the way
        the Linux kernel's Stream Control Transmission Protocol
        (SCTP) implementation handled simultaneous connections
        between the same hosts. A remote attacker could use
        this flaw to crash the system.(CVE-2014-5077)
    
      - It was found that the parse_rock_ridge_inode_internal()
        function of the Linux kernel's ISOFS implementation did
        not correctly check relocated directories when
        processing Rock Ridge child link (CL) tags. An attacker
        with physical access to the system could use a
        specially crafted ISO image to crash the system or,
        potentially, escalate their privileges on the
        system.(CVE-2014-5471)
    
      - It was found that the parse_rock_ridge_inode_internal()
        function of the Linux kernel's ISOFS implementation did
        not correctly check relocated directories when
        processing Rock Ridge child link (CL) tags. An attacker
        with physical access to the system could use a
        specially crafted ISO image to crash the system or,
        potentially, escalate their privileges on the
        system.(CVE-2014-5472)
    
      - A stack overflow flaw caused by infinite recursion was
        found in the way the Linux kernel's Universal Disk
        Format (UDF) file system implementation processed
        indirect Information Control Blocks (ICBs). An attacker
        with physical access to the system could use a
        specially crafted UDF image to crash the
        system.(CVE-2014-6410)
    
      - Buffer overflow in net/ceph/auth_x.c in Ceph, as used
        in the Linux kernel before 3.16.3, allows remote
        attackers to cause a denial of service (memory
        corruption and panic) or possibly have unspecified
        other impact via a long unencrypted auth
        ticket.(CVE-2014-6416)
    
      - net/ceph/auth_x.c in Ceph, as used in the Linux kernel
        before 3.16.3, does not properly consider the
        possibility of kmalloc failure, which allows remote
        attackers to cause a denial of service (system crash)
        or possibly have unspecified other impact via a long
        unencrypted auth ticket.(CVE-2014-6417)
    
      - net/ceph/auth_x.c in Ceph, as used in the Linux kernel
        before 3.16.3, does not properly validate auth replies,
        which allows remote attackers to cause a denial of
        service (system crash) or possibly have unspecified
        other impact via crafted data from the IP address of a
        Ceph Monitor.(CVE-2014-6418)
    
      - A NULL pointer dereference flaw was found in the way
        the Linux kernel's Common Internet File System (CIFS)
        implementation handled mounting of file system shares.
        A remote attacker could use this flaw to crash a client
        system that would mount a file system share from a
        malicious server.(CVE-2014-7145)
    
      - A denial of service flaw was found in the way the Linux
        kernel's XFS file system implementation ordered
        directory hashes under certain conditions. A local
        attacker could use this flaw to corrupt the file system
        by creating directories with colliding hash values,
        potentially resulting in a system crash.(CVE-2014-7283)
    
      - An out-of-bounds memory access flaw, CVE-2014-7825, was
        found in the syscall tracing functionality of the Linux
        kernel's perf subsystem. A local, unprivileged user
        could use this flaw to crash the system. Additionally,
        an out-of-bounds memory access flaw, CVE-2014-7826, was
        found in the syscall tracing functionality of the Linux
        kernel's ftrace subsystem. On a system with ftrace
        syscall tracing enabled, a local, unprivileged user
        could use this flaw to crash the system, or escalate
        their privileges.(CVE-2014-7825)
    
      - An out-of-bounds memory access flaw, CVE-2014-7825, was
        found in the syscall tracing functionality of the Linux
        kernel's perf subsystem. A local, unprivileged user
        could use this flaw to crash the system. Additionally,
        an out-of-bounds memory access flaw, CVE-2014-7826, was
        found in the syscall tracing functionality of the Linux
        kernel's ftrace subsystem. On a system with ftrace
        syscall tracing enabled, a local, unprivileged user
        could use this flaw to crash the system, or escalate
        their privileges.(CVE-2014-7826)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1481
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b8a0561b");
      script_set_attribute(attribute:"solution", value:
    "Update the affected kernel packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4943");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/13");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["kernel-3.10.0-862.14.1.6_42",
            "kernel-devel-3.10.0-862.14.1.6_42",
            "kernel-headers-3.10.0-862.14.1.6_42",
            "kernel-tools-3.10.0-862.14.1.6_42",
            "kernel-tools-libs-3.10.0-862.14.1.6_42",
            "kernel-tools-libs-devel-3.10.0-862.14.1.6_42",
            "perf-3.10.0-862.14.1.6_42",
            "python-perf-3.10.0-862.14.1.6_42"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1943.NASL
    descriptionUpdated kernel-rt packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * A denial of service flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id79684
    published2014-12-03
    reporterThis script is Copyright (C) 2014-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79684
    titleRHEL 6 : kernel-rt (RHSA-2014:1943)

Redhat

advisories
rhsa
idRHSA-2014:1943
rpms
  • kernel-rt-0:3.10.58-rt62.58.el6rt
  • kernel-rt-debug-0:3.10.58-rt62.58.el6rt
  • kernel-rt-debug-debuginfo-0:3.10.58-rt62.58.el6rt
  • kernel-rt-debug-devel-0:3.10.58-rt62.58.el6rt
  • kernel-rt-debuginfo-0:3.10.58-rt62.58.el6rt
  • kernel-rt-debuginfo-common-x86_64-0:3.10.58-rt62.58.el6rt
  • kernel-rt-devel-0:3.10.58-rt62.58.el6rt
  • kernel-rt-doc-0:3.10.58-rt62.58.el6rt
  • kernel-rt-firmware-0:3.10.58-rt62.58.el6rt
  • kernel-rt-trace-0:3.10.58-rt62.58.el6rt
  • kernel-rt-trace-debuginfo-0:3.10.58-rt62.58.el6rt
  • kernel-rt-trace-devel-0:3.10.58-rt62.58.el6rt
  • kernel-rt-vanilla-0:3.10.58-rt62.58.el6rt
  • kernel-rt-vanilla-debuginfo-0:3.10.58-rt62.58.el6rt
  • kernel-rt-vanilla-devel-0:3.10.58-rt62.58.el6rt