Vulnerabilities > CVE-2015-8324 - Unspecified vulnerability in Linux Kernel

047910
CVSS 4.6 - MEDIUM
Attack vector
PHYSICAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
low complexity
linux
nessus

Summary

The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function.

Vulnerable Configurations

Part Description Count
OS
Linux
1191

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-360.NASL
    descriptionThis update fixes the CVEs described below. CVE-2013-7446 Dmitry Vyukov discovered that a particular sequence of valid operations on local (AF_UNIX) sockets can result in a use-after-free. This may be used to cause a denial of service (crash) or possibly for privilege escalation. CVE-2015-7799 郭永刚 discovered that a user granted access to /dev/ppp can cause a denial of service (crash) by passing invalid parameters to the PPPIOCSMAXCID ioctl. This also applies to ISDN PPP device nodes. CVE-2015-7833 Sergej Schumilo, Hendrik Schwartke and Ralf Spenneberg discovered a flaw in the processing of certain USB device descriptors in the usbvision driver. An attacker with physical access to the system can use this flaw to crash the system. CVE-2015-7990 It was discovered that the fix for CVE-2015-6937 was incomplete. A race condition when sending a message on unbound socket can still cause a NULL pointer dereference. A remote attacker might be able to cause a denial of service (crash) by sending a crafted packet. CVE-2015-8324
    last seen2020-03-17
    modified2015-12-09
    plugin id87265
    published2015-12-09
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87265
    titleDebian DLA-360-1 : linux-2.6 security update
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Debian Security Advisory DLA-360-1. The text
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(87265);
      script_version("2.10");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2013-7446", "CVE-2015-7799", "CVE-2015-7833", "CVE-2015-7990", "CVE-2015-8324");
    
      script_name(english:"Debian DLA-360-1 : linux-2.6 security update");
      script_summary(english:"Checks dpkg output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes the CVEs described below.
    
    CVE-2013-7446
    
    Dmitry Vyukov discovered that a particular sequence of valid
    operations on local (AF_UNIX) sockets can result in a use-after-free.
    This may be used to cause a denial of service (crash) or possibly for
    privilege escalation.
    
    CVE-2015-7799
    
    郭永刚 discovered that a user granted access to
    /dev/ppp can cause a denial of service (crash) by passing invalid
    parameters to the PPPIOCSMAXCID ioctl. This also applies to ISDN PPP
    device nodes.
    
    CVE-2015-7833
    
    Sergej Schumilo, Hendrik Schwartke and Ralf Spenneberg discovered a
    flaw in the processing of certain USB device descriptors in the
    usbvision driver. An attacker with physical access to the system can
    use this flaw to crash the system.
    
    CVE-2015-7990
    
    It was discovered that the fix for CVE-2015-6937 was incomplete. A
    race condition when sending a message on unbound socket can still
    cause a NULL pointer dereference. A remote attacker might be able to
    cause a denial of service (crash) by sending a crafted packet.
    
    CVE-2015-8324
    
    'Valintinr' reported that an attempt to mount a corrupted ext4
    filesystem may result in a kernel panic. A user permitted to mount
    filesystems could use this flaw to crash the system.
    
    For the oldoldstable distribution (squeeze), these problems have been
    fixed in version 2.6.32-48squeeze17. We recommend that you upgrade
    your linux-2.6 packages.
    
    For the oldstable (wheezy) and stable (jessie) distributions,
    CVE-2015-7833, CVE-2015-7990 and CVE-2015-8324 have been fixed and the
    other issues will be fixed soon.
    
    NOTE: Tenable Network Security has extracted the preceding description
    block directly from the DLA security advisory. Tenable has attempted
    to automatically clean and format it as much as possible without
    introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://lists.debian.org/debian-lts-announce/2015/12/msg00002.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://packages.debian.org/source/squeeze-lts/linux-2.6"
      );
      script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:firmware-linux-free");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-doc-2.6.32");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-486");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-686-bigmem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-all-i386");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-openvz");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-vserver");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-common-xen");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-openvz-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-686-bigmem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-vserver-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-2.6.32-5-xen-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-486");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-686-bigmem-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-amd64-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-686-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-openvz-amd64-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-686-bigmem-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-vserver-amd64-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-686-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-2.6.32-5-xen-amd64-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-libc-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-manual-2.6.32");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-patch-debian-2.6.32");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-source-2.6.32");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-support-2.6.32-5");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-tools-2.6.32");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:xen-linux-system-2.6.32-5-xen-amd64");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/12/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/12/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"6.0", prefix:"firmware-linux-free", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-base", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-doc-2.6.32", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-486", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-686", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-686-bigmem", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-amd64", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-all-i386", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-amd64", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-openvz", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-vserver", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-common-xen", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-openvz-686", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-openvz-amd64", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-686", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-686-bigmem", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-vserver-amd64", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-xen-686", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-headers-2.6.32-5-xen-amd64", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-486", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686-bigmem", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-686-bigmem-dbg", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-amd64", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-amd64-dbg", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-686", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-686-dbg", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-amd64", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-openvz-amd64-dbg", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686-bigmem", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-686-bigmem-dbg", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-amd64", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-vserver-amd64-dbg", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-686", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-686-dbg", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-amd64", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-image-2.6.32-5-xen-amd64-dbg", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-libc-dev", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-manual-2.6.32", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-patch-debian-2.6.32", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-source-2.6.32", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-support-2.6.32-5", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"linux-tools-2.6.32", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"xen-linux-system-2.6.32-5-xen-686", reference:"2.6.32-48squeeze17")) flag++;
    if (deb_check(release:"6.0", prefix:"xen-linux-system-2.6.32-5-xen-amd64", reference:"2.6.32-48squeeze17")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-3567.NASL
    descriptionDescription of changes: kernel-uek [2.6.32-400.37.17.el6uek] - net: add validation for the socket syscall protocol argument (Hannes Frederic Sowa) [Orabug: 23267965] {CVE-2015-8543} {CVE-2015-8543} - ext4: Fix null dereference in ext4_fill_super() (Ben Hutchings) [Orabug: 23263398] {CVE-2015-8324} {CVE-2015-8324} - ipv6: addrconf: validate new MTU before applying it (Marcelo Leitner) [Orabug: 23263242] {CVE-2015-8215} - ext4: avoid hang when mounting non-journal filesystems with orphan list (Theodore Ts
    last seen2020-06-01
    modified2020-06-02
    plugin id91293
    published2016-05-23
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91293
    titleOracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3567)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Oracle Linux Security Advisory ELSA-2016-3567.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91293);
      script_version("2.7");
      script_cvs_date("Date: 2019/09/27 13:00:37");
    
      script_cve_id("CVE-2013-4312", "CVE-2015-7509", "CVE-2015-8215", "CVE-2015-8324", "CVE-2015-8543");
    
      script_name(english:"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3567)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Description of changes:
    
    kernel-uek
    [2.6.32-400.37.17.el6uek]
    - net: add validation for the socket syscall protocol argument (Hannes 
    Frederic Sowa)  [Orabug: 23267965]  {CVE-2015-8543} {CVE-2015-8543}
    - ext4: Fix null dereference in ext4_fill_super() (Ben Hutchings) 
    [Orabug: 23263398]  {CVE-2015-8324} {CVE-2015-8324}
    - ipv6: addrconf: validate new MTU before applying it (Marcelo Leitner) 
      [Orabug: 23263242]  {CVE-2015-8215}
    - ext4: avoid hang when mounting non-journal filesystems with orphan 
    list (Theodore Ts'o)  [Orabug: 23262201]  {CVE-2015-7509}
    - ext4: make orphan functions be no-op in no-journal mode (Anatol 
    Pomozov)  [Orabug: 23262201]  {CVE-2015-7509}
    - unix: properly account for FDs passed over unix sockets (willy 
    tarreau)  [Orabug: 23262258]  {CVE-2013-4312} {CVE-2013-4312}"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2016-May/006084.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2016-May/006085.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected unbreakable enterprise kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.17.el5uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.17.el5uekdebug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.17.el6uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.37.17.el6uekdebug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.17.el5uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.17.el5uekdebug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.17.el6uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ofa-2.6.32-400.37.17.el6uekdebug");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/11/16");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/05/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/23");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2013-4312", "CVE-2015-7509", "CVE-2015-8215", "CVE-2015-8324", "CVE-2015-8543");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2016-3567");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "2.6";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL5", rpm:"kernel-uek-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-2.6.32-400.37.17.el5uek")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-uek-debug-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-debug-2.6.32-400.37.17.el5uek")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-uek-debug-devel-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-debug-devel-2.6.32-400.37.17.el5uek")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-uek-devel-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-devel-2.6.32-400.37.17.el5uek")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-uek-doc-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-doc-2.6.32-400.37.17.el5uek")) flag++;
    if (rpm_exists(release:"EL5", rpm:"kernel-uek-firmware-2.6.32") && rpm_check(release:"EL5", reference:"kernel-uek-firmware-2.6.32-400.37.17.el5uek")) flag++;
    if (rpm_check(release:"EL5", reference:"mlnx_en-2.6.32-400.37.17.el5uek-1.5.7-2")) flag++;
    if (rpm_check(release:"EL5", reference:"mlnx_en-2.6.32-400.37.17.el5uekdebug-1.5.7-2")) flag++;
    if (rpm_check(release:"EL5", reference:"ofa-2.6.32-400.37.17.el5uek-1.5.1-4.0.58")) flag++;
    if (rpm_check(release:"EL5", reference:"ofa-2.6.32-400.37.17.el5uekdebug-1.5.1-4.0.58")) flag++;
    
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-2.6.32-400.37.17.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-debug-2.6.32-400.37.17.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-debug-devel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-debug-devel-2.6.32-400.37.17.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-devel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-devel-2.6.32-400.37.17.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-doc-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-doc-2.6.32-400.37.17.el6uek")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-uek-firmware-2.6.32") && rpm_check(release:"EL6", reference:"kernel-uek-firmware-2.6.32-400.37.17.el6uek")) flag++;
    if (rpm_check(release:"EL6", reference:"mlnx_en-2.6.32-400.37.17.el6uek-1.5.7-0.1")) flag++;
    if (rpm_check(release:"EL6", reference:"mlnx_en-2.6.32-400.37.17.el6uekdebug-1.5.7-0.1")) flag++;
    if (rpm_check(release:"EL6", reference:"ofa-2.6.32-400.37.17.el6uek-1.5.1-4.0.58")) flag++;
    if (rpm_check(release:"EL6", reference:"ofa-2.6.32-400.37.17.el6uekdebug-1.5.1-4.0.58")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20160510_KERNEL_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate) - It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate) - A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-03-18
    modified2016-06-17
    plugin id91643
    published2016-06-17
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91643
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20160510)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91643);
      script_version("2.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25");
    
      script_cve_id("CVE-2010-5313", "CVE-2013-4312", "CVE-2014-7842", "CVE-2014-8134", "CVE-2015-5156", "CVE-2015-7509", "CVE-2015-8215", "CVE-2015-8324", "CVE-2015-8543");
    
      script_name(english:"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20160510)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Security Fix(es) :
    
      - It was found that reporting emulation failures to user
        space could lead to either a local (CVE-2014-7842) or a
        L2->L1 (CVE-2010-5313) denial of service. In the case of
        a local denial of service, an attacker must have access
        to the MMIO area or be able to access an I/O port.
        Please note that on certain systems, HPET is mapped to
        userspace as part of vdso (vvar) and thus an
        unprivileged user may generate MMIO transactions (and
        enter the emulator) this way. (CVE-2010-5313,
        CVE-2014-7842, Moderate)
    
      - It was found that the Linux kernel did not properly
        account file descriptors passed over the unix socket
        against the process limit. A local user could use this
        flaw to exhaust all available memory on the system.
        (CVE-2013-4312, Moderate)
    
      - A buffer overflow flaw was found in the way the Linux
        kernel's virtio- net subsystem handled certain fraglists
        when the GRO (Generic Receive Offload) functionality was
        enabled in a bridged network configuration. An attacker
        on the local network could potentially use this flaw to
        crash the system, or, although unlikely, elevate their
        privileges on the system. (CVE-2015-5156, Moderate)
    
      - It was found that the Linux kernel's IPv6 network stack
        did not properly validate the value of the MTU variable
        when it was set. A remote attacker could potentially use
        this flaw to disrupt a target system's networking
        (packet loss) by setting an invalid MTU value, for
        example, via a NetworkManager daemon that is processing
        router advertisement packets running on the target
        system. (CVE-2015-8215, Moderate)
    
      - A NULL pointer dereference flaw was found in the way the
        Linux kernel's network subsystem handled socket creation
        with an invalid protocol identifier. A local user could
        use this flaw to crash the system. (CVE-2015-8543,
        Moderate)
    
      - It was found that the espfix functionality does not work
        for 32-bit KVM paravirtualized guests. A local,
        unprivileged guest user could potentially use this flaw
        to leak kernel stack addresses. (CVE-2014-8134, Low)
    
      - A flaw was found in the way the Linux kernel's ext4 file
        system driver handled non-journal file systems with an
        orphan list. An attacker with physical access to the
        system could use this flaw to crash the system or,
        although unlikely, escalate their privileges on the
        system. (CVE-2015-7509, Low)
    
      - A NULL pointer dereference flaw was found in the way the
        Linux kernel's ext4 file system driver handled certain
        corrupted file system images. An attacker with physical
        access to the system could use this flaw to crash the
        system. (CVE-2015-8324, Low)
    
    Notes :
    
      - Problems have been reported with this kernel and
        VirtualBox. More info is available in the notes for the
        VirtualBox ticket here: <a
        href='https://www.virtualbox.org/ticket/14866'
        target='_blank'>https://www.virtualbox.org/ticket/14866<
        /a>"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1606&L=scientific-linux-errata&F=&S=&P=3658
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?87948e6e"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/05/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL6", reference:"kernel-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-abi-whitelists-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debug-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debug-debuginfo-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debug-devel-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debuginfo-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-debuginfo-common-i686-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"SL6", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-devel-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-doc-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-firmware-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"kernel-headers-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perf-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"perf-debuginfo-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"python-perf-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"SL6", reference:"python-perf-debuginfo-2.6.32-642.el6")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2016-0855.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate) * It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate) * A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id91170
    published2016-05-17
    reporterThis script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91170
    titleCentOS 6 : kernel (CESA-2016:0855)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2016:0855 and 
    # CentOS Errata and Security Advisory 2016:0855 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91170);
      script_version("2.9");
      script_cvs_date("Date: 2020/01/02");
    
      script_cve_id("CVE-2010-5313", "CVE-2013-4312", "CVE-2014-7842", "CVE-2014-8134", "CVE-2015-5156", "CVE-2015-7509", "CVE-2015-8215", "CVE-2015-8324", "CVE-2015-8543", "CVE-2016-3841");
      script_xref(name:"RHSA", value:"2016:0855");
    
      script_name(english:"CentOS 6 : kernel (CESA-2016:0855)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kernel is now available for Red Hat Enterprise Linux 6.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es) :
    
    * It was found that reporting emulation failures to user space could
    lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313)
    denial of service. In the case of a local denial of service, an
    attacker must have access to the MMIO area or be able to access an I/O
    port. Please note that on certain systems, HPET is mapped to userspace
    as part of vdso (vvar) and thus an unprivileged user may generate MMIO
    transactions (and enter the emulator) this way. (CVE-2010-5313,
    CVE-2014-7842, Moderate)
    
    * It was found that the Linux kernel did not properly account file
    descriptors passed over the unix socket against the process limit. A
    local user could use this flaw to exhaust all available memory on the
    system. (CVE-2013-4312, Moderate)
    
    * A buffer overflow flaw was found in the way the Linux kernel's
    virtio-net subsystem handled certain fraglists when the GRO (Generic
    Receive Offload) functionality was enabled in a bridged network
    configuration. An attacker on the local network could potentially use
    this flaw to crash the system, or, although unlikely, elevate their
    privileges on the system. (CVE-2015-5156, Moderate)
    
    * It was found that the Linux kernel's IPv6 network stack did not
    properly validate the value of the MTU variable when it was set. A
    remote attacker could potentially use this flaw to disrupt a target
    system's networking (packet loss) by setting an invalid MTU value, for
    example, via a NetworkManager daemon that is processing router
    advertisement packets running on the target system. (CVE-2015-8215,
    Moderate)
    
    * A NULL pointer dereference flaw was found in the way the Linux
    kernel's network subsystem handled socket creation with an invalid
    protocol identifier. A local user could use this flaw to crash the
    system. (CVE-2015-8543, Moderate)
    
    * It was found that the espfix functionality does not work for 32-bit
    KVM paravirtualized guests. A local, unprivileged guest user could
    potentially use this flaw to leak kernel stack addresses.
    (CVE-2014-8134, Low)
    
    * A flaw was found in the way the Linux kernel's ext4 file system
    driver handled non-journal file systems with an orphan list. An
    attacker with physical access to the system could use this flaw to
    crash the system or, although unlikely, escalate their privileges on
    the system. (CVE-2015-7509, Low)
    
    * A NULL pointer dereference flaw was found in the way the Linux
    kernel's ext4 file system driver handled certain corrupted file system
    images. An attacker with physical access to the system could use this
    flaw to crash the system. (CVE-2015-8324, Low)
    
    Red Hat would like to thank Nadav Amit for reporting CVE-2010-5313 and
    CVE-2014-7842, Andy Lutomirski for reporting CVE-2014-8134, and
    Dmitriy Monakhov (OpenVZ) for reporting CVE-2015-8324. The
    CVE-2015-5156 issue was discovered by Jason Wang (Red Hat).
    
    Additional Changes :
    
    * Refer to Red Hat Enterprise Linux 6.8 Release Notes for information
    on new kernel features and known issues, and Red Hat Enterprise Linux
    Technical Notes for information on device driver updates, important
    changes to external kernel parameters, notable bug fixes, and
    technology previews. Both of these documents are linked to in the
    References section."
      );
      # https://lists.centos.org/pipermail/centos-cr-announce/2016-May/002855.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ae358ae1"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-3841");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/30");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/05/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-6", reference:"kernel-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-abi-whitelists-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-debug-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-debug-devel-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-devel-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-doc-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-firmware-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"kernel-headers-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"perf-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"CentOS-6", reference:"python-perf-2.6.32-642.el6")) flag++;
    
    
    if (flag)
    {
      cr_plugin_caveat = '\n' +
        'NOTE: The security advisory associated with this vulnerability has a\n' +
        'fixed package version that may only be available in the continuous\n' +
        'release (CR) repository for CentOS, until it is present in the next\n' +
        'point release of CentOS.\n\n' +
    
        'If an equal or higher package level does not exist in the baseline\n' +
        'repository for your major version of CentOS, then updates from the CR\n' +
        'repository will need to be applied in order to address the\n' +
        'vulnerability.\n';
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get() + cr_plugin_caveat
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2016-0855.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate) * It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate) * A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id91077
    published2016-05-12
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91077
    titleRHEL 6 : kernel (RHSA-2016:0855)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2016:0855. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91077);
      script_version("2.13");
      script_cvs_date("Date: 2019/10/24 15:35:41");
    
      script_cve_id("CVE-2010-5313", "CVE-2013-4312", "CVE-2014-7842", "CVE-2014-8134", "CVE-2015-5156", "CVE-2015-7509", "CVE-2015-8215", "CVE-2015-8324", "CVE-2015-8543", "CVE-2016-3841");
      script_xref(name:"RHSA", value:"2016:0855");
    
      script_name(english:"RHEL 6 : kernel (RHSA-2016:0855)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kernel is now available for Red Hat Enterprise Linux 6.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es) :
    
    * It was found that reporting emulation failures to user space could
    lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313)
    denial of service. In the case of a local denial of service, an
    attacker must have access to the MMIO area or be able to access an I/O
    port. Please note that on certain systems, HPET is mapped to userspace
    as part of vdso (vvar) and thus an unprivileged user may generate MMIO
    transactions (and enter the emulator) this way. (CVE-2010-5313,
    CVE-2014-7842, Moderate)
    
    * It was found that the Linux kernel did not properly account file
    descriptors passed over the unix socket against the process limit. A
    local user could use this flaw to exhaust all available memory on the
    system. (CVE-2013-4312, Moderate)
    
    * A buffer overflow flaw was found in the way the Linux kernel's
    virtio-net subsystem handled certain fraglists when the GRO (Generic
    Receive Offload) functionality was enabled in a bridged network
    configuration. An attacker on the local network could potentially use
    this flaw to crash the system, or, although unlikely, elevate their
    privileges on the system. (CVE-2015-5156, Moderate)
    
    * It was found that the Linux kernel's IPv6 network stack did not
    properly validate the value of the MTU variable when it was set. A
    remote attacker could potentially use this flaw to disrupt a target
    system's networking (packet loss) by setting an invalid MTU value, for
    example, via a NetworkManager daemon that is processing router
    advertisement packets running on the target system. (CVE-2015-8215,
    Moderate)
    
    * A NULL pointer dereference flaw was found in the way the Linux
    kernel's network subsystem handled socket creation with an invalid
    protocol identifier. A local user could use this flaw to crash the
    system. (CVE-2015-8543, Moderate)
    
    * It was found that the espfix functionality does not work for 32-bit
    KVM paravirtualized guests. A local, unprivileged guest user could
    potentially use this flaw to leak kernel stack addresses.
    (CVE-2014-8134, Low)
    
    * A flaw was found in the way the Linux kernel's ext4 file system
    driver handled non-journal file systems with an orphan list. An
    attacker with physical access to the system could use this flaw to
    crash the system or, although unlikely, escalate their privileges on
    the system. (CVE-2015-7509, Low)
    
    * A NULL pointer dereference flaw was found in the way the Linux
    kernel's ext4 file system driver handled certain corrupted file system
    images. An attacker with physical access to the system could use this
    flaw to crash the system. (CVE-2015-8324, Low)
    
    Red Hat would like to thank Nadav Amit for reporting CVE-2010-5313 and
    CVE-2014-7842, Andy Lutomirski for reporting CVE-2014-8134, and
    Dmitriy Monakhov (OpenVZ) for reporting CVE-2015-8324. The
    CVE-2015-5156 issue was discovered by Jason Wang (Red Hat).
    
    Additional Changes :
    
    * Refer to Red Hat Enterprise Linux 6.8 Release Notes for information
    on new kernel features and known issues, and Red Hat Enterprise Linux
    Technical Notes for information on device driver updates, important
    changes to external kernel parameters, notable bug fixes, and
    technology previews. Both of these documents are linked to in the
    References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2016:0855"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-5313"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2013-4312"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-7842"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-8134"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-5156"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-7509"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-8215"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-8324"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-8543"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-3841"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/05/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2010-5313", "CVE-2013-4312", "CVE-2014-7842", "CVE-2014-8134", "CVE-2015-5156", "CVE-2015-7509", "CVE-2015-8215", "CVE-2015-8324", "CVE-2015-8543", "CVE-2016-3841");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2016:0855");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2016:0855";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"kernel-abi-whitelists-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-debug-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-debug-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debug-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-debug-debuginfo-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-debug-debuginfo-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debug-debuginfo-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-debug-devel-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-debug-devel-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debug-devel-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-debuginfo-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-debuginfo-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debuginfo-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-debuginfo-common-i686-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-debuginfo-common-s390x-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-devel-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-devel-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-devel-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"kernel-doc-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"kernel-firmware-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"kernel-headers-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-headers-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-headers-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-kdump-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-kdump-debuginfo-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"kernel-kdump-devel-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perf-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perf-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perf-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"perf-debuginfo-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"perf-debuginfo-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"perf-debuginfo-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"python-perf-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"python-perf-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-perf-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"i686", reference:"python-perf-debuginfo-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"python-perf-debuginfo-2.6.32-642.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"python-perf-debuginfo-2.6.32-642.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
      }
    }
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2016-0855.NASL
    descriptionFrom Red Hat Security Advisory 2016:0855 : An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate) * It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate) * A buffer overflow flaw was found in the way the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id91210
    published2016-05-18
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/91210
    titleOracle Linux 6 : kernel (ELSA-2016-0855)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2016:0855 and 
    # Oracle Linux Security Advisory ELSA-2016-0855 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91210);
      script_version("2.10");
      script_cvs_date("Date: 2019/09/27 13:00:37");
    
      script_cve_id("CVE-2010-5313", "CVE-2013-4312", "CVE-2014-7842", "CVE-2014-8134", "CVE-2015-5156", "CVE-2015-7509", "CVE-2015-8215", "CVE-2015-8324", "CVE-2015-8543", "CVE-2016-3841");
      script_xref(name:"RHSA", value:"2016:0855");
    
      script_name(english:"Oracle Linux 6 : kernel (ELSA-2016-0855)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2016:0855 :
    
    An update for kernel is now available for Red Hat Enterprise Linux 6.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es) :
    
    * It was found that reporting emulation failures to user space could
    lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313)
    denial of service. In the case of a local denial of service, an
    attacker must have access to the MMIO area or be able to access an I/O
    port. Please note that on certain systems, HPET is mapped to userspace
    as part of vdso (vvar) and thus an unprivileged user may generate MMIO
    transactions (and enter the emulator) this way. (CVE-2010-5313,
    CVE-2014-7842, Moderate)
    
    * It was found that the Linux kernel did not properly account file
    descriptors passed over the unix socket against the process limit. A
    local user could use this flaw to exhaust all available memory on the
    system. (CVE-2013-4312, Moderate)
    
    * A buffer overflow flaw was found in the way the Linux kernel's
    virtio-net subsystem handled certain fraglists when the GRO (Generic
    Receive Offload) functionality was enabled in a bridged network
    configuration. An attacker on the local network could potentially use
    this flaw to crash the system, or, although unlikely, elevate their
    privileges on the system. (CVE-2015-5156, Moderate)
    
    * It was found that the Linux kernel's IPv6 network stack did not
    properly validate the value of the MTU variable when it was set. A
    remote attacker could potentially use this flaw to disrupt a target
    system's networking (packet loss) by setting an invalid MTU value, for
    example, via a NetworkManager daemon that is processing router
    advertisement packets running on the target system. (CVE-2015-8215,
    Moderate)
    
    * A NULL pointer dereference flaw was found in the way the Linux
    kernel's network subsystem handled socket creation with an invalid
    protocol identifier. A local user could use this flaw to crash the
    system. (CVE-2015-8543, Moderate)
    
    * It was found that the espfix functionality does not work for 32-bit
    KVM paravirtualized guests. A local, unprivileged guest user could
    potentially use this flaw to leak kernel stack addresses.
    (CVE-2014-8134, Low)
    
    * A flaw was found in the way the Linux kernel's ext4 file system
    driver handled non-journal file systems with an orphan list. An
    attacker with physical access to the system could use this flaw to
    crash the system or, although unlikely, escalate their privileges on
    the system. (CVE-2015-7509, Low)
    
    * A NULL pointer dereference flaw was found in the way the Linux
    kernel's ext4 file system driver handled certain corrupted file system
    images. An attacker with physical access to the system could use this
    flaw to crash the system. (CVE-2015-8324, Low)
    
    Red Hat would like to thank Nadav Amit for reporting CVE-2010-5313 and
    CVE-2014-7842, Andy Lutomirski for reporting CVE-2014-8134, and
    Dmitriy Monakhov (OpenVZ) for reporting CVE-2015-8324. The
    CVE-2015-5156 issue was discovered by Jason Wang (Red Hat).
    
    Additional Changes :
    
    * Refer to Red Hat Enterprise Linux 6.8 Release Notes for information
    on new kernel features and known issues, and Red Hat Enterprise Linux
    Technical Notes for information on device driver updates, important
    changes to external kernel parameters, notable bug fixes, and
    technology previews. Both of these documents are linked to in the
    References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2016-May/006061.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/05/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2010-5313", "CVE-2013-4312", "CVE-2014-7842", "CVE-2014-8134", "CVE-2015-5156", "CVE-2015-7509", "CVE-2015-8215", "CVE-2015-8324", "CVE-2015-8543", "CVE-2016-3841");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2016-0855");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "2.6";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL6", rpm:"kernel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-2.6.32-642.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-abi-whitelists-2.6.32") && rpm_check(release:"EL6", reference:"kernel-abi-whitelists-2.6.32-642.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-debug-2.6.32") && rpm_check(release:"EL6", reference:"kernel-debug-2.6.32-642.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-debug-devel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-debug-devel-2.6.32-642.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-devel-2.6.32") && rpm_check(release:"EL6", reference:"kernel-devel-2.6.32-642.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-doc-2.6.32") && rpm_check(release:"EL6", reference:"kernel-doc-2.6.32-642.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-firmware-2.6.32") && rpm_check(release:"EL6", reference:"kernel-firmware-2.6.32-642.el6")) flag++;
    if (rpm_exists(release:"EL6", rpm:"kernel-headers-2.6.32") && rpm_check(release:"EL6", reference:"kernel-headers-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"perf-2.6.32-642.el6")) flag++;
    if (rpm_check(release:"EL6", reference:"python-perf-2.6.32-642.el6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    

Redhat

advisories
rhsa
idRHSA-2016:0855
rpms
  • kernel-0:2.6.32-642.el6
  • kernel-abi-whitelists-0:2.6.32-642.el6
  • kernel-bootwrapper-0:2.6.32-642.el6
  • kernel-debug-0:2.6.32-642.el6
  • kernel-debug-debuginfo-0:2.6.32-642.el6
  • kernel-debug-devel-0:2.6.32-642.el6
  • kernel-debuginfo-0:2.6.32-642.el6
  • kernel-debuginfo-common-i686-0:2.6.32-642.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-642.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-642.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-642.el6
  • kernel-devel-0:2.6.32-642.el6
  • kernel-doc-0:2.6.32-642.el6
  • kernel-firmware-0:2.6.32-642.el6
  • kernel-headers-0:2.6.32-642.el6
  • kernel-kdump-0:2.6.32-642.el6
  • kernel-kdump-debuginfo-0:2.6.32-642.el6
  • kernel-kdump-devel-0:2.6.32-642.el6
  • perf-0:2.6.32-642.el6
  • perf-debuginfo-0:2.6.32-642.el6
  • python-perf-0:2.6.32-642.el6
  • python-perf-debuginfo-0:2.6.32-642.el6