Vulnerabilities > CVE-2015-0267 - Unspecified vulnerability in Redhat Kexec-Tools
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN redhat
nessus
Summary
The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Scientific Linux Local Security Checks NASL id SL_20150512_KEXEC_TOOLS_ON_SL7_X.NASL description It was found that the module-setup.sh script provided by kexec-tools created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files. (CVE-2015-0267) This update also fixes the following bug : - On Atomic Host systems, the kdump tool previously saved kernel crash dumps in the /sysroot/crash file instead of the /var/crash file. The parsing error that caused this problem has been fixed, and the kernel crash dumps are now correctly saved in /var/crash. In addition, this update adds the following enhancement : - The makedumpfile command now supports the new sadump format that can represent more than 16 TB of physical memory space. This allows users of makedumpfile to read dump files over 16 TB, generated by sadump on certain upcoming server models. last seen 2020-03-18 modified 2015-05-14 plugin id 83452 published 2015-05-14 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83452 title Scientific Linux Security Update : kexec-tools on SL7.x x86_64 (20150512) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(83452); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25"); script_cve_id("CVE-2015-0267"); script_name(english:"Scientific Linux Security Update : kexec-tools on SL7.x x86_64 (20150512)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "It was found that the module-setup.sh script provided by kexec-tools created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files. (CVE-2015-0267) This update also fixes the following bug : - On Atomic Host systems, the kdump tool previously saved kernel crash dumps in the /sysroot/crash file instead of the /var/crash file. The parsing error that caused this problem has been fixed, and the kernel crash dumps are now correctly saved in /var/crash. In addition, this update adds the following enhancement : - The makedumpfile command now supports the new sadump format that can represent more than 16 TB of physical memory space. This allows users of makedumpfile to read dump files over 16 TB, generated by sadump on certain upcoming server models." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1505&L=scientific-linux-errata&T=0&P=1122 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e4175a0f" ); script_set_attribute( attribute:"solution", value: "Update the affected kexec-tools, kexec-tools-debuginfo and / or kexec-tools-eppic packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kexec-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kexec-tools-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kexec-tools-eppic"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/05/19"); script_set_attribute(attribute:"patch_publication_date", value:"2015/05/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kexec-tools-2.0.7-19.el7_1.2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kexec-tools-debuginfo-2.0.7-19.el7_1.2")) flag++; if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kexec-tools-eppic-2.0.7-19.el7_1.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kexec-tools / kexec-tools-debuginfo / kexec-tools-eppic"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-0986.NASL description Updated kexec-tools packages that fix one security issue, one bug, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kexec-tools packages contain the /sbin/kexec binary and utilities that together form the user-space component of the kernel last seen 2020-06-01 modified 2020-06-02 plugin id 83377 published 2015-05-13 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83377 title CentOS 7 : kexec-tools (CESA-2015:0986) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-0986.NASL description From Red Hat Security Advisory 2015:0986 : Updated kexec-tools packages that fix one security issue, one bug, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kexec-tools packages contain the /sbin/kexec binary and utilities that together form the user-space component of the kernel last seen 2020-06-01 modified 2020-06-02 plugin id 83401 published 2015-05-13 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83401 title Oracle Linux 7 : kexec-tools (ELSA-2015-0986) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0986.NASL description Updated kexec-tools packages that fix one security issue, one bug, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The kexec-tools packages contain the /sbin/kexec binary and utilities that together form the user-space component of the kernel last seen 2020-06-01 modified 2020-06-02 plugin id 83407 published 2015-05-13 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83407 title RHEL 7 : kexec-tools (RHSA-2015:0986)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|