Vulnerabilities > CVE-2017-1000251 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 8.0 - HIGH
Attack vector
ADJACENT_NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
low complexity
linux
debian
nvidia
redhat
CWE-787
nessus
exploit available

Summary

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

Vulnerable Configurations

Part Description Count
OS
Linux
1420
OS
Debian
2
OS
Redhat
28
Application
Nvidia
4

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionLinux Kernel <= 4.13.1 - BlueTooth Buffer Overflow (PoC). CVE-2017-1000251. Dos exploit for Linux platform
fileexploits/linux/dos/42762.txt
idEDB-ID:42762
last seen2017-09-21
modified2017-09-21
platformlinux
port
published2017-09-21
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/42762/
titleLinux Kernel <= 4.13.1 - BlueTooth Buffer Overflow (PoC)
typedos

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1062.NASL
    descriptionThe openSUSE Leap 42.2 kernel was updated to 4.4.87 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bnc#1057389). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table (bnc#1049580). - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 1053919). The following non-security bugs were fixed : - acpi / scan: Prefer devices without _HID for _ADR matching (git-fixes). - alsa: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978) (bsc#1020657). - alsa: hda - Implement mic-mute LED mode enum (bsc#1055013). - alsa: hda/realtek - Add support headphone Mic for ALC221 of HP platform (bsc#1024405). - alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934). - alsa: usb-audio: Apply sample rate quirk to Sennheiser headset (bsc#1052580). - Add
    last seen2020-06-05
    modified2017-09-18
    plugin id103287
    published2017-09-18
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103287
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2017-1062) (BlueBorne)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2017-1062.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(103287);
      script_version("3.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2017-1000251", "CVE-2017-11472", "CVE-2017-12134", "CVE-2017-14051", "CVE-2017-14106");
    
      script_name(english:"openSUSE Security Update : the Linux Kernel (openSUSE-2017-1062) (BlueBorne)");
      script_summary(english:"Check for the openSUSE-2017-1062 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The openSUSE Leap 42.2 kernel was updated to 4.4.87 to receive various
    security and bugfixes.
    
    The following security bugs were fixed :
    
      - CVE-2017-1000251: The native Bluetooth stack in the
        Linux Kernel (BlueZ) was vulnerable to a stack overflow
        vulnerability in the processing of L2CAP configuration
        responses resulting in Remote code execution in kernel
        space (bnc#1057389).
    
      - CVE-2017-14106: The tcp_disconnect function in
        net/ipv4/tcp.c in the Linux kernel allowed local users
        to cause a denial of service (__tcp_select_window
        divide-by-zero error and system crash) by triggering a
        disconnect within a certain tcp_recvmsg code path
        (bnc#1056982).
    
      - CVE-2017-11472: The acpi_ns_terminate() function in
        drivers/acpi/acpica/nsutils.c in the Linux kernel did
        not flush the operand cache and causes a kernel stack
        dump, which allowed local users to obtain sensitive
        information from kernel memory and bypass the KASLR
        protection mechanism (in the kernel through 4.9) via a
        crafted ACPI table (bnc#1049580).
    
      - CVE-2017-14051: An integer overflow in the
        qla2x00_sysfs_write_optrom_ctl function in
        drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel
        allowed local users to cause a denial of service (memory
        corruption and system crash) by leveraging root access
        (bnc#1056588).
    
      - CVE-2017-12134: The xen_biovec_phys_mergeable function
        in drivers/xen/biomerge.c in Xen might allow local OS
        guest users to corrupt block device data streams and
        consequently obtain sensitive memory information, cause
        a denial of service, or gain host OS privileges by
        leveraging incorrect block IO merge-ability calculation
        (bnc#1051790 1053919).
    
    The following non-security bugs were fixed :
    
      - acpi / scan: Prefer devices without _HID for _ADR
        matching (git-fixes).
    
      - alsa: hda - Add stereo mic quirk for Lenovo G50-70
        (17aa:3978) (bsc#1020657).
    
      - alsa: hda - Implement mic-mute LED mode enum
        (bsc#1055013).
    
      - alsa: hda/realtek - Add support headphone Mic for ALC221
        of HP platform (bsc#1024405).
    
      - alsa: ice1712: Add support for STAudio ADCIII
        (bsc#1048934).
    
      - alsa: usb-audio: Apply sample rate quirk to Sennheiser
        headset (bsc#1052580).
    
      - Add 'shutdown' to 'struct class' (bsc#1053117).
    
      - bluetooth: bnep: fix possible might sleep error in
        bnep_session (bsc#1031784).
    
      - bluetooth: cmtp: fix possible might sleep error in
        cmtp_session (bsc#1031784).
    
      - btrfs: fix early ENOSPC due to delalloc (bsc#1049226).
    
      - nfs: flush data when locking a file to ensure cache
        coherence for mmap (bsc#981309).
    
      - Revert '/proc/iomem: only expose physical resource
        addresses to privileged users' (kabi).
    
      - Revert 'Make file credentials available to the seqfile
        interfaces' (kabi).
    
      - usb: core: fix device node leak (bsc#1047487).
    
      - Update
        patches.drivers/tpm-141-fix-RC-value-check-in-tpm2_seal_
        trusted.patch (bsc#1020645, fate#321435, fate#321507,
        fate#321600, bsc#1034048, git-fixes 5ca4c20cfd37).
    
      - bnxt: add a missing rcu synchronization (bnc#1038583).
    
      - bnxt: do not busy-poll when link is down (bnc#1038583).
    
      - bnxt_en: Enable MRU enables bit when configuring VNIC
        MRU (bnc#1038583).
    
      - bnxt_en: Fix 'uninitialized variable' bug in TPA code
        path (bnc#1038583).
    
      - bnxt_en: Fix NULL pointer dereference in a failure path
        during open (bnc#1038583).
    
      - bnxt_en: Fix NULL pointer dereference in reopen failure
        path (bnc#1038583).
    
      - bnxt_en: Fix TX push operation on ARM64 (bnc#1038583).
    
      - bnxt_en: Fix VF virtual link state (bnc#1038583).
    
      - bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583).
    
      - bnxt_en: Fix and clarify link_info->advertising
        (bnc#1038583).
    
      - bnxt_en: Fix ring arithmetic in bnxt_setup_tc()
        (bnc#1038583).
    
      - bnxt_en: Pad TX packets below 52 bytes (bnc#1038583).
    
      - bnxt_en: Refactor TPA code path (bnc#1038583).
    
      - bnxt_en: fix pci cleanup in bnxt_init_one() failure path
        (bnc#1038583).
    
      - bnxt_en: initialize rc to zero to avoid returning
        garbage (bnc#1038583).
    
      - ceph: fix readpage from fscache (bsc#1057015).
    
      - cxgb4: Fix stack out-of-bounds read due to wrong size to
        t4_record_mbox() (bsc#1021424 bsc#1022743).
    
      - drivers: net: xgene: Fix wrong logical operation
        (bsc#1056827).
    
      - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K
        (bsc#1048155).
    
      - fuse: initialize the flock flag in fuse_file on
        allocation (git-fixes).
    
      - gfs2: Do not clear SGID when inheriting ACLs
        (bsc#1012829).
    
      - ibmvnic: Clean up resources on probe failure
        (fate#323285, bsc#1058116).
    
      - iwlwifi: missing error code in iwl_trans_pcie_alloc()
        (bsc#1031717).
    
      - iwlwifi: mvm: do not send CTDP commands via debugfs if
        not supported (bsc#1031717).
    
      - kernel/*: switch to memdup_user_nul() (bsc#1048893).
    
      - lib: test_rhashtable: Fix KASAN warning (bsc#1055359).
    
      - lib: test_rhashtable: fix for large entry counts
        (bsc#1055359).
    
      - lightnvm: remove unused rq parameter of
        nvme_nvm_rqtocmd() to kill warning (FATE#319466).
    
      - md/raid5: fix a race condition in stripe batch
        (linux-stable).
    
      - mm, madvise: ensure poisoned pages are removed from
        per-cpu lists (VM hw poison -- git fixes).
    
      - mm/page_alloc.c: apply gfp_allowed_mask before the first
        allocation attempt (bnc#971975 VM -- git fixes).
    
      - mptsas: Fixup device hotplug for VMware ESXi
        (bsc#1030850).
    
      - netfilter: fix IS_ERR_VALUE usage (bsc#1052888).
    
      - netfilter: x_tables: pack percpu counter allocations
        (bsc#1052888).
    
      - netfilter: x_tables: pass xt_counters struct instead of
        packet counter (bsc#1052888).
    
      - netfilter: x_tables: pass xt_counters struct to counter
        allocator (bsc#1052888).
    
      - new helper: memdup_user_nul() (bsc#1048893).
    
      - of: fix '/cpus' reference leak in
        of_numa_parse_cpu_nodes() (bsc#1056827).
    
      - ovl: fix dentry leak for default_permissions
        (bsc#1054084).
    
      - percpu_ref: allow operation mode switching operations to
        be called concurrently (bsc#1055096).
    
      - percpu_ref: remove unnecessary RCU grace period for
        staggered atomic switching confirmation (bsc#1055096).
    
      - percpu_ref: reorganize __percpu_ref_switch_to_atomic()
        and relocate percpu_ref_switch_to_atomic()
        (bsc#1055096).
    
      - percpu_ref: restructure operation mode switching
        (bsc#1055096).
    
      - percpu_ref: unify staggered atomic switching wait
        behavior (bsc#1055096).
    
      - rtnetlink: fix rtnl_vfinfo_size (bsc#1056261).
    
      - s390: export symbols for crash-kmp (bsc#1053915).
    
      - supported.conf: clear mistaken external support flag for
        cifs.ko (bsc#1053802).
    
      - sysctl: fix lax sysctl_check_table() sanity check
        (bsc#1048893).
    
      - sysctl: fold sysctl_writes_strict checks into helper
        (bsc#1048893).
    
      - sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893).
    
      - sysctl: simplify unsigned int support (bsc#1048893).
    
      - tpm: Issue a TPM2_Shutdown for TPM2 devices
        (bsc#1053117).
    
      - tpm: KABI fix (bsc#1053117).
    
      - tpm: fix: return rc when devm_add_action() fails
        (bsc#1020645, fate#321435, fate#321507, fate#321600,
        bsc#1034048, git-fixes 8e0ee3c9faed).
    
      - tpm: read burstcount from TPM_STS in one 32-bit
        transaction (bsc#1020645, fate#321435, fate#321507,
        fate#321600, bsc#1034048, git-fixes 27084efee0c3).
    
      - tpm_tis_core: Choose appropriate timeout for reading
        burstcount (bsc#1020645, fate#321435, fate#321507,
        fate#321600, bsc#1034048, git-fixes aec04cbdf723).
    
      - tpm_tis_core: convert max timeouts from msec to jiffies
        (bsc#1020645, fate#321435, fate#321507, fate#321600,
        bsc#1034048, git-fixes aec04cbdf723).
    
      - tty: serial: msm: Support more bauds (git-fixes).
    
      - ubifs: Correctly evict xattr inodes (bsc#1012829).
    
      - ubifs: Do not leak kernel memory to the MTD
        (bsc#1012829).
    
      - xfs: fix inobt inode allocation search optimization
        (bsc#1012829)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1012829"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1020645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1020657"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1021424"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1022743"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1024405"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1030850"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1031717"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1031784"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1034048"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1038583"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1047487"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048155"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048893"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1048934"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1049580"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1051790"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1052580"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1052888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053117"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053802"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053915"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1053919"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1054084"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055013"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055096"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1055359"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056261"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056588"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056827"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1056982"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1057015"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1057389"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1058116"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=971975"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=981309"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected the Linux Kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-docs-pdf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-macros");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-obs-qa");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/09/15");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/18");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-base-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-base-debuginfo-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-debuginfo-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-debugsource-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-devel-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-debug-devel-debuginfo-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-base-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-base-debuginfo-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-debuginfo-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-debugsource-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-default-devel-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-devel-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-docs-html-4.4.87-18.29.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-docs-pdf-4.4.87-18.29.2") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-macros-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-obs-build-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-obs-build-debugsource-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-obs-qa-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-source-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-source-vanilla-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-syms-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-base-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-base-debuginfo-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-debuginfo-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-debugsource-4.4.87-18.29.1") ) flag++;
    if ( rpm_check(release:"SUSE42.2", reference:"kernel-vanilla-devel-4.4.87-18.29.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-docs-html / kernel-docs-pdf / kernel-devel / kernel-macros / etc");
    }
    
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2017-086.NASL
    descriptionAccording to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable (PIE), the loader could allow part of that application
    last seen2020-06-10
    modified2017-11-21
    plugin id104703
    published2017-11-21
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104703
    titleVirtuozzo 7 : readykernel-patch (VZA-2017-086)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3657.NASL
    descriptionDescription of changes: [3.8.13-118.20.1.el7uek] - tty: Fix race in pty_write() leading to NULL deref (Todd Vierling) [Orabug: 25392692] - ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) [Orabug: 26479780] - KEYS: fix dereferencing NULL payload with nonzero length (Eric Biggers) [Orabug: 26592025] - oracleasm: Copy the integrity descriptor (Martin K. Petersen) [Orabug: 26649818] - mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug: 26675925] {CVE-2017-7889} - xscore: add dma address check (Zhu Yanjun) [Orabug: 27058468] - more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069042] {CVE-2017-12190} - fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069042] {CVE-2017-12190} - nvme: Drop nvmeq->q_lock before dma_pool_alloc(), so as to prevent hard lockups (Aruna Ramakrishna) [Orabug: 25409587] - nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600] - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403940] {CVE-2017-1000363} - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380} - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404005] {CVE-2017-9077} - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26427126] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26427126] - ping: implement proper locking (Eric Dumazet) [Orabug: 26540286] {CVE-2017-2671} - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598] {CVE-2016-10044} - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643598] {CVE-2016-10044} - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643598] {CVE-2016-10044} - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643645] {CVE-2017-11473} - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650883] {CVE-2017-9075} - [media] saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675142] {CVE-2017-8831} - [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675142] {CVE-2017-8831} - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797306] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899787] {CVE-2017-10661} - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn
    last seen2020-06-05
    modified2017-12-11
    plugin id105144
    published2017-12-11
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105144
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3657) (BlueBorne) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2521-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP2 kernel was updated to receive the following security fixes : - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel was vulnerable to a stack overflow while processing L2CAP configuration responses, resulting in a potential remote denial-of-service vulnerability but no remote code execution due to use of CONFIG_CC_STACKPROTECTOR. [bnc#1057389] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-09-19
    plugin id103316
    published2017-09-19
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103316
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2521-1) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2548-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP4 kernel was updated to receive the following security fixes : - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel was vulnerable to a stack overflow while processing L2CAP configuration responses, resulting in a potential remote code execution vulnerability. [bnc#1057389] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-09-22
    plugin id103415
    published2017-09-22
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103415
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2017:2548-1) (BlueBorne)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3981.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks. - CVE-2017-7518 Andy Lutomirski discovered that KVM is prone to an incorrect debug exception (#DB) error occurring while emulating a syscall instruction. A process inside a guest can take advantage of this flaw for privilege escalation inside a guest. - CVE-2017-7558 (stretch only) Stefano Brivio of Red Hat discovered that the SCTP subsystem is prone to a data leak vulnerability due to an out-of-bounds read flaw, allowing to leak up to 100 uninitialized bytes to userspace. - CVE-2017-10661 (jessie only) Dmitry Vyukov of Google reported that the timerfd facility does not properly handle certain concurrent operations on a single file descriptor. This allows a local attacker to cause a denial of service or potentially execute arbitrary code. - CVE-2017-11600 Bo Zhang reported that the xfrm subsystem does not properly validate one of the parameters to a netlink message. Local users with the CAP_NET_ADMIN capability can use this to cause a denial of service or potentially to execute arbitrary code. - CVE-2017-12134 / #866511 / XSA-229 Jan H. Schoenherr of Amazon discovered that when Linux is running in a Xen PV domain on an x86 system, it may incorrectly merge block I/O requests. A buggy or malicious guest may trigger this bug in dom0 or a PV driver domain, causing a denial of service or potentially execution of arbitrary code. This issue can be mitigated by disabling merges on the underlying back-end block devices, e.g.:echo 2 > /sys/block/nvme0n1/queue/nomerges - CVE-2017-12146 (stretch only) Adrian Salido of Google reported a race condition in access to the
    last seen2020-06-05
    modified2017-09-21
    plugin id103365
    published2017-09-21
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103365
    titleDebian DSA-3981-1 : linux - security update (BlueBorne) (Stack Clash)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3658.NASL
    descriptionDescription of changes: [2.6.39-400.298.1.el6uek] - ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) [Orabug: 23320090] - tty: Fix race in pty_write() leading to NULL deref (Todd Vierling) [Orabug: 24337879] - xen-netfront: cast grant table reference first to type int (Dongli Zhang) [Orabug: 25102637] - xen-netfront: do not cast grant table reference to signed short (Dongli Zhang) [Orabug: 25102637] - RDS: Print failed rdma op details if failure is remote access error (Rama Nichanamatlu) [Orabug: 25440316] - ping: implement proper locking (Eric Dumazet) [Orabug: 26540288] {CVE-2017-2671} - KEYS: fix dereferencing NULL payload with nonzero length (Eric Biggers) [Orabug: 26592013] - oracleasm: Copy the integrity descriptor (Martin K. Petersen) [Orabug: 26650039] - mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug: 26675934] {CVE-2017-7889} - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797307] - xscore: add dma address check (Zhu Yanjun) [Orabug: 27058559] - more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069045] {CVE-2017-12190} - fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069045] {CVE-2017-12190} - xsigo: [backport] Fix race in freeing aged Forwarding tables (Pradeep Gopanapalli) [Orabug: 24823234] - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 25671723] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 25671723] - net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308} - net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 26143563] {CVE-2017-7308} - char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403941] {CVE-2017-1000363} - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403958] {CVE-2017-1000380} - ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403974] {CVE-2017-9074} - ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403974] {CVE-2017-9074} - ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403974] {CVE-2017-9074} - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404007] {CVE-2017-9077} - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643601] {CVE-2016-10044} - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643601] {CVE-2016-10044} - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643601] {CVE-2016-10044} - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643652] {CVE-2017-11473} - sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650889] {CVE-2017-9075} - saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675148] {CVE-2017-8831} - saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675148] {CVE-2017-8831} - saa7164: get rid of warning: no previous prototype (Mauro Carvalho Chehab) [Orabug: 26675148] {CVE-2017-8831} - [scsi] lpfc 8.3.44: Fix kernel panics from corrupted ndlp (James Smart) [Orabug: 26765341] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899791] {CVE-2017-10661} - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn
    last seen2020-06-05
    modified2017-12-11
    plugin id105145
    published2017-12-11
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105145
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3658) (BlueBorne) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2772-1.NASL
    descriptionThis update for the Linux Kernel 3.12.61-52_77 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-20
    plugin id104012
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104012
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2772-1) (BlueBorne)
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2017-085.NASL
    descriptionAccording to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - Kernel crash due to missing error handling for negatively instantiated keys. - A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. - The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-10
    modified2017-09-27
    plugin id103468
    published2017-09-27
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103468
    titleVirtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-085)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0113_KERNEL.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple vulnerabilities: - It was found that the fix for CVE-2016-9576 was incomplete: the Linux kernel
    last seen2020-06-01
    modified2020-06-02
    plugin id127351
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127351
    titleNewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2019-0113)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3419-2.NASL
    descriptionUSN-3419-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that a buffer overflow existed in the Broadcom FullMAC WLAN driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7541). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-09-19
    plugin id103322
    published2017-09-19
    reporterUbuntu Security Notice (C) 2017-2020 Canonical, Inc. / NASL script (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103322
    titleUbuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3419-2) (BlueBorne)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3420-2.NASL
    descriptionUSN-3420-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10663) It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-12762) Pengfei Wang discovered that a race condition existed in the NXP SAA7164 TV Decoder driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-8831). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id103324
    published2017-09-19
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103324
    titleUbuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3420-2) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-0040-1.NASL
    descriptionThe SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory (bnc#1068032). - CVE-2017-5753: Local attackers on systems with modern CPUs featuring deep instruction pipelining could use attacker controllable speculative execution over code patterns in the Linux Kernel to leak content from otherwise not readable memory in the same address space, allowing retrieval of passwords, cryptographic keys and other secrets. This problem is mitigated by adding speculative fencing on affected code paths throughout the Linux kernel. - CVE-2017-5715: Local attackers on systems with modern CPUs featuring branch prediction could use mispredicted branches to speculatively execute code patterns that in turn could be made to leak other non-readable content in the same address space, an attack similar to CVE-2017-5753. This problem is mitigated by disabling predictive branches, depending on CPU architecture either by firmware updates and/or fixes in the user-kernel privilege boundaries. Please contact your CPU / hardware vendor for potential microcode or BIOS updates needed for this fix. As this feature can have a performance impact, it can be disabled using the
    last seen2020-06-05
    modified2018-01-09
    plugin id105685
    published2018-01-09
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105685
    titleSUSE SLES11 Security Update : kernel (SUSE-SU-2018:0040-1) (BlueBorne) (KRACK) (Meltdown) (Spectre)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0174.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0174 for details.
    last seen2020-06-05
    modified2017-12-14
    plugin id105248
    published2017-12-14
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105248
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0174) (BlueBorne) (Dirty COW) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2777-1.NASL
    descriptionThis update for the Linux Kernel 3.12.60-52_60 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-20
    plugin id104017
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104017
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2777-1) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2790-1.NASL
    descriptionThis update for the Linux Kernel 3.12.69-60_64_35 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-20
    plugin id104029
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104029
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2790-1) (BlueBorne)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1533.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw was found in the way the Linux kernel
    last seen2020-03-19
    modified2019-05-14
    plugin id124986
    published2019-05-14
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124986
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1533)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2779-1.NASL
    descriptionThis update for the Linux Kernel 3.12.67-60_64_21 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-20
    plugin id104019
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104019
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2779-1) (BlueBorne)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170912_KERNEL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - A stack-based buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important)
    last seen2020-06-05
    modified2017-09-13
    plugin id103175
    published2017-09-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103175
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20170912) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2769-1.NASL
    descriptionThis update for the Linux Kernel 3.12.61-52_69 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-20
    plugin id104009
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104009
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2769-1) (BlueBorne)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-2679.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A stack-based buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important) Red Hat would like to thank Armis Labs for reporting this issue.
    last seen2020-06-05
    modified2017-09-14
    plugin id103196
    published2017-09-14
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103196
    titleCentOS 7 : kernel (CESA-2017:2679) (BlueBorne)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2707.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support and Red Hat Enterprise Linux 6.5 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A stack-based buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important) Red Hat would like to thank Armis Labs for reporting this issue. Bug Fix(es) : * Previously, while the MAP_GROWSDOWN flag was set, writing to the memory which was mapped with the mmap system call failed with the SIGBUS signal. This update fixes memory management in the Linux kernel by backporting an upstream patch that enlarges the stack guard page gap. As a result, mmap now works as expected under the described circumstances. (BZ#1474723)
    last seen2020-06-05
    modified2017-09-14
    plugin id103208
    published2017-09-14
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103208
    titleRHEL 6 : kernel (RHSA-2017:2707) (BlueBorne)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3422-1.NASL
    descriptionIt was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that the asynchronous I/O (aio) subsystem of the Linux kernel did not properly set permissions on aio memory mappings in some situations. An attacker could use this to more easily exploit other vulnerabilities. (CVE-2016-10044) Baozeng Ding and Andrey Konovalov discovered a race condition in the L2TPv3 IP Encapsulation implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-10200) Andreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. (CVE-2016-7097) Sergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke discovered that the key management subsystem in the Linux kernel did not properly allocate memory in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-8650) Vlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO PCI driver for the Linux kernel. A local attacker with access to a vfio PCI device file could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084) It was discovered that an information leak existed in __get_user_asm_ex() in the Linux kernel. A local attacker could use this to expose sensitive information. (CVE-2016-9178) CAI Qian discovered that the sysctl implementation in the Linux kernel did not properly perform reference counting in some situations. An unprivileged attacker could use this to cause a denial of service (system hang). (CVE-2016-9191) It was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. A privileged local attacker could use this to bypass module verification. (CVE-2016-9604) It was discovered that an integer overflow existed in the trace subsystem of the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2016-9754) Andrey Konovalov discovered that the IPv4 implementation in the Linux kernel did not properly handle invalid IP options in some situations. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-5970) Dmitry Vyukov discovered that the Linux kernel did not properly handle TCP packets with the URG flag. A remote attacker could use this to cause a denial of service. (CVE-2017-6214) It was discovered that a race condition existed in the AF_PACKET handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6346) It was discovered that the keyring implementation in the Linux kernel did not properly restrict searches for dead keys. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-6951) Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7187) Eric Biggers discovered a memory leak in the keyring implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-7472) It was discovered that a buffer overflow existed in the Broadcom FullMAC WLAN driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7541). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-09-19
    plugin id103326
    published2017-09-19
    reporterUbuntu Security Notice (C) 2017-2020 Canonical, Inc. / NASL script (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103326
    titleUbuntu 14.04 LTS : linux vulnerabilities (USN-3422-1) (BlueBorne)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3621.NASL
    descriptionDescription of changes: kernel-uek [3.8.13-118.19.7.el7uek] - Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796364] {CVE-2017-1000251} [3.8.13-118.19.6.el7uek] - xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645550] {CVE-2017-12134} [3.8.13-118.19.5.el7uek] - fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638921] {CVE-2017-1000365} {CVE-2017-1000365}
    last seen2020-06-05
    modified2017-09-22
    plugin id103401
    published2017-09-22
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103401
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3621) (BlueBorne) (Stack Clash)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2683.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A stack-based buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important) Red Hat would like to thank Armis Labs for reporting this issue.
    last seen2020-06-05
    modified2017-09-13
    plugin id103171
    published2017-09-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103171
    titleRHEL 6 : kernel (RHSA-2017:2683) (BlueBorne)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2680.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A stack-based buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important) Red Hat would like to thank Armis Labs for reporting this issue.
    last seen2020-06-05
    modified2017-09-13
    plugin id103168
    published2017-09-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103168
    titleRHEL 7 : kernel (RHSA-2017:2680) (BlueBorne)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2705.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * A stack-based buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important) Red Hat would like to thank Armis Labs for reporting this issue.
    last seen2020-06-05
    modified2017-09-15
    plugin id103239
    published2017-09-15
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103239
    titleRHEL 6 : MRG (RHSA-2017:2705) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2778-1.NASL
    descriptionThis update for the Linux Kernel 3.12.67-60_64_18 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-20
    plugin id104018
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104018
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2778-1) (BlueBorne)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-2681.NASL
    descriptionFrom Red Hat Security Advisory 2017:2681 : An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A stack-based buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important) Red Hat would like to thank Armis Labs for reporting this issue.
    last seen2020-06-05
    modified2017-09-13
    plugin id103165
    published2017-09-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103165
    titleOracle Linux 6 : kernel (ELSA-2017-2681) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2783-1.NASL
    descriptionThis update for the Linux Kernel 3.12.69-60_64_29 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-20
    plugin id104023
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104023
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2783-1) (BlueBorne)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3420-1.NASL
    descriptionIt was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10663) It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-12762) Pengfei Wang discovered that a race condition existed in the NXP SAA7164 TV Decoder driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-8831). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id103323
    published2017-09-19
    reporterUbuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103323
    titleUbuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3420-1) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2770-1.NASL
    descriptionThis update for the Linux Kernel 3.12.61-52_80 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-20
    plugin id104010
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104010
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2770-1) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2781-1.NASL
    descriptionThis update for the Linux Kernel 3.12.61-52_83 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-20
    plugin id104021
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104021
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2781-1) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2793-1.NASL
    descriptionThis update for the Linux Kernel 3.12.74-60_64_48 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-23
    plugin id104095
    published2017-10-23
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104095
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2793-1) (BlueBorne)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2681.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A stack-based buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important) Red Hat would like to thank Armis Labs for reporting this issue.
    last seen2020-06-05
    modified2017-09-13
    plugin id103169
    published2017-09-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103169
    titleRHEL 6 : kernel (RHSA-2017:2681) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2776-1.NASL
    descriptionThis update for the Linux Kernel 3.12.60-52_57 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-20
    plugin id104016
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104016
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2776-1) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2773-1.NASL
    descriptionThis update for the Linux Kernel 3.12.61-52_89 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-20
    plugin id104013
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104013
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2773-1) (BlueBorne)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3419-1.NASL
    descriptionIt was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251) It was discovered that a buffer overflow existed in the Broadcom FullMAC WLAN driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7541). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-09-19
    plugin id103321
    published2017-09-19
    reporterUbuntu Security Notice (C) 2017-2020 Canonical, Inc. / NASL script (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103321
    titleUbuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3419-1) (BlueBorne)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1099.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-7482 Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does not properly verify metadata, leading to information disclosure, denial of service or potentially execution of arbitrary code. CVE-2017-7542 An integer overflow vulnerability in the ip6_find_1stfragopt() function was found allowing a local attacker with privileges to open raw sockets to cause a denial of service. CVE-2017-7889 Tommi Rantala and Brad Spengler reported that the mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, allowing a local attacker with access to /dev/mem to obtain sensitive information or potentially execute arbitrary code. CVE-2017-10661 Dmitry Vyukov of Google reported that the timerfd facility does not properly handle certain concurrent operations on a single file descriptor. This allows a local attacker to cause a denial of service or potentially to execute arbitrary code. CVE-2017-10911 / XSA-216 Anthony Perard of Citrix discovered an information leak flaw in Xen blkif response handling, allowing a malicious unprivileged guest to obtain sensitive information from the host or other guests. CVE-2017-11176 It was discovered that the mq_notify() function does not set the sock pointer to NULL upon entry into the retry logic. An attacker can take advantage of this flaw during a userspace close of a Netlink socket to cause a denial of service or potentially cause other impact. CVE-2017-11600 bo Zhang reported that the xfrm subsystem does not properly validate one of the parameters to a netlink message. Local users with the CAP_NET_ADMIN capability can use this to cause a denial of service or potentially to execute arbitrary code. CVE-2017-12134 / #866511 / XSA-229 Jan H. Sch&ouml;nherr of Amazon discovered that when Linux is running in a Xen PV domain on an x86 system, it may incorrectly merge block I/O requests. A buggy or malicious guest may trigger this bug in dom0 or a PV driver domain, causing a denial of service or potentially execution of arbitrary code. This issue can be mitigated by disabling merges on the underlying back-end block devices, e.g.: echo 2 > /sys/block/nvme0n1/queue/nomerges CVE-2017-12153 bo Zhang reported that the cfg80211 (wifi) subsystem does not properly validate the parameters to a netlink message. Local users with the CAP_NET_ADMIN capability on a system with a wifi device can use this to cause a denial of service. CVE-2017-12154 Jim Mattson of Google reported that the KVM implementation for Intel x86 processors did not correctly handle certain nested hypervisor configurations. A malicious guest (or nested guest in a suitable L1 hypervisor) could use this for denial of service. CVE-2017-14106 Andrey Konovalov of Google reported that a specific sequence of operations on a TCP socket could lead to division by zero. A local user could use this for denial of service. CVE-2017-14140 Otto Ebeling reported that the move_pages() system call permitted users to discover the memory layout of a set-UID process running under their real user-ID. This made it easier for local users to exploit vulnerabilities in programs installed with the set-UID permission bit set. CVE-2017-14156
    last seen2020-03-17
    modified2017-09-21
    plugin id103363
    published2017-09-21
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103363
    titleDebian DLA-1099-1 : linux security update (BlueBorne) (Stack Clash)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-E07D7FB18E.NASL
    descriptionThe 4.12.13 stable kernel update contains a number of important fixes across the tree. ---- The 4.12.12 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-09-22
    plugin id103394
    published2017-09-22
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103394
    titleFedora 25 : kernel (2017-e07d7fb18e) (BlueBorne)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2679.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A stack-based buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important) Red Hat would like to thank Armis Labs for reporting this issue.
    last seen2020-06-05
    modified2017-09-13
    plugin id103167
    published2017-09-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103167
    titleRHEL 7 : kernel (RHSA-2017:2679) (BlueBorne)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2706.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A stack-based buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important) Red Hat would like to thank Armis Labs for reporting this issue.
    last seen2020-06-05
    modified2017-09-14
    plugin id103207
    published2017-09-14
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103207
    titleRHEL 7 : kernel (RHSA-2017:2706) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2788-1.NASL
    descriptionThis update for the Linux Kernel 3.12.74-60_64_45 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-20
    plugin id104028
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104028
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2788-1) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2784-1.NASL
    descriptionThis update for the Linux Kernel 3.12.60-52_63 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-20
    plugin id104024
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104024
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2784-1) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2796-1.NASL
    descriptionThis update for the Linux Kernel 3.12.74-60_64_57 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-23
    plugin id104096
    published2017-10-23
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104096
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2796-1) (BlueBorne)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0015.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0015 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id106469
    published2018-01-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106469
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0015) (BlueBorne) (Meltdown) (Spectre) (Stack Clash)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3622.NASL
    descriptionDescription of changes: [2.6.39-400.297.8.el6uek] - Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796428] {CVE-2017-1000251} [2.6.39-400.297.7.el6uek] - xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645562] {CVE-2017-12134} - fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638926] {CVE-2017-1000365} {CVE-2017-1000365}
    last seen2020-06-05
    modified2017-09-22
    plugin id103402
    published2017-09-22
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103402
    titleOracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3622) (BlueBorne) (Stack Clash)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2017-7369EA045C.NASL
    descriptionThe 4.12.13 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-09-18
    plugin id103264
    published2017-09-18
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103264
    titleFedora 26 : kernel (2017-7369ea045c) (BlueBorne)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0173.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - tty: Fix race in pty_write leading to NULL deref (Todd Vierling) - ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) [Orabug: 26479780] - KEYS: fix dereferencing NULL payload with nonzero length (Eric Biggers) [Orabug: 26592025] - oracleasm: Copy the integrity descriptor (Martin K. Petersen) - mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug: 26675925] (CVE-2017-7889) - xscore: add dma address check (Zhu Yanjun) [Orabug: 27058468] - more bio_map_user_iov leak fixes (Al Viro) [Orabug: 27069042] (CVE-2017-12190) - fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069042] (CVE-2017-12190) - nvme: Drop nvmeq->q_lock before dma_pool_alloc, so as to prevent hard lockups (Aruna Ramakrishna) [Orabug: 25409587] - nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600] - char: lp: fix possible integer overflow in lp_setup (Willy Tarreau) [Orabug: 26403940] (CVE-2017-1000363) - ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380) - ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380) - ALSA: timer: fix NULL pointer dereference in read/ioctl race (Vegard Nossum) [Orabug: 26403956] (CVE-2017-1000380) - ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380) - ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380) - ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403956] (CVE-2017-1000380) - ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404005] (CVE-2017-9077) - ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26427126] - ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26427126] - ping: implement proper locking (Eric Dumazet) [Orabug: 26540286] (CVE-2017-2671) - aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598] (CVE-2016-10044) - vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643598] (CVE-2016-10044) - vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643598] (CVE-2016-10044) - x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643645] (CVE-2017-11473) - sctp: do not inherit ipv6_[mc|ac|fl]_list from parent (Eric Dumazet) [Orabug: 26650883] (CVE-2017-9075) - [media] saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675142] (CVE-2017-8831) - [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675142] (CVE-2017-8831) - fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797306] - timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899787] (CVE-2017-10661) - scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn
    last seen2020-06-05
    modified2017-12-11
    plugin id105147
    published2017-12-11
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105147
    titleOracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0173) (BlueBorne) (Stack Clash)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1498.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer overflow vulnerability was found in the ring_buffer_resize() calculations in which a privileged user can adjust the size of the ringbuffer message size. These calculations can create an issue where the kernel memory allocator will not allocate the correct count of pages yet expect them to be usable. This can lead to the ftrace() output to appear to corrupt kernel memory and possibly be used for privileged escalation or more likely kernel panic.(CVE-2016-9754) - A flaw was found in the Linux kernel
    last seen2020-06-12
    modified2019-05-13
    plugin id124821
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124821
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1498)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2017-914.NASL
    descriptionstack buffer overflow in the native Bluetooth stack A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251) dereferencing NULL payload with nonzero length A flaw was found in the implementation of associative arrays where the add_key systemcall and KEYCTL_UPDATE operations allowed for a NULL payload with a nonzero length. When accessing the payload within this length parameters value, an unprivileged user could trivially cause a NULL pointer dereference (kernel oops). (CVE-2017-15274) xfs: unprivileged user kernel oops A flaw was found where the XFS filesystem code mishandles a user-settable inode flag in the Linux kernel prior to 4.14-rc1. This can cause a local denial of service via a kernel panic.(CVE-2017-14340) Information leak in the scsi driver The sg_ioctl() function in
    last seen2020-06-05
    modified2017-10-27
    plugin id104180
    published2017-10-27
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104180
    titleAmazon Linux AMI : kernel (ALAS-2017-914) (BlueBorne)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2732.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important) * A stack-based buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important) Red Hat would like to thank Ari Kauppi for reporting CVE-2017-7895 and Armis Labs for reporting CVE-2017-1000251. Bug Fix(es) : * Previously, while the MAP_GROWSDOWN flag was set, writing to the memory which was mapped with the mmap system call failed with the SIGBUS signal. This update fixes memory management in the Linux kernel by backporting an upstream patch that enlarges the stack guard page gap. As a result, mmap now works as expected under the described circumstances. (BZ#1474720)
    last seen2020-06-01
    modified2020-06-02
    plugin id103243
    published2017-09-15
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103243
    titleRHEL 6 : kernel (RHSA-2017:2732) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2780-1.NASL
    descriptionThis update for the Linux Kernel 3.12.61-52_72 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-20
    plugin id104020
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104020
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2780-1) (BlueBorne)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0151.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796363] (CVE-2017-1000251)
    last seen2020-06-05
    modified2017-09-22
    plugin id103403
    published2017-09-22
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103403
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0151) (BlueBorne)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2731.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A stack-based buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important) Red Hat would like to thank Armis Labs for reporting this issue. Bug Fix(es) : * Previously, while the MAP_GROWSDOWN flag was set, writing to the memory which was mapped with the mmap system call failed with the SIGBUS signal. This update fixes memory management in the Linux kernel by backporting an upstream patch that enlarges the stack guard page gap. As a result, mmap now works as expected under the described circumstances. (BZ#1474722)
    last seen2020-06-05
    modified2017-09-15
    plugin id103242
    published2017-09-15
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103242
    titleRHEL 6 : kernel (RHSA-2017:2731) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2787-1.NASL
    descriptionThis update for the Linux Kernel 3.12.74-60_64_40 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-20
    plugin id104027
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104027
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2787-1) (BlueBorne)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2017-1245.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.(CVE-2017-14489) - The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn
    last seen2020-06-10
    modified2017-11-16
    plugin id104578
    published2017-11-16
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104578
    titleEulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1245)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2459-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP1 kernel was updated to receive the following security fixes : - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel was vulnerable to a stack overflow while processing L2CAP configuration responses, resulting in a potential remote denial-of-service vulnerability but no remote code execution due to use of CONFIG_CC_STACKPROTECTOR. [bnc#1057389] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-09-15
    plugin id103245
    published2017-09-15
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103245
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2459-1) (BlueBorne)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-2679.NASL
    descriptionFrom Red Hat Security Advisory 2017:2679 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A stack-based buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important) Red Hat would like to thank Armis Labs for reporting this issue.
    last seen2020-06-05
    modified2017-09-13
    plugin id103164
    published2017-09-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103164
    titleOracle Linux 7 : kernel (ELSA-2017-2679) (BlueBorne)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2017-258-02.NASL
    descriptionNew kernel packages are available for Slackware 14.1, 14.2, and -current to fix a security issue.
    last seen2020-06-05
    modified2017-09-18
    plugin id103256
    published2017-09-18
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103256
    titleSlackware 14.1 / 14.2 / current : kernel (SSA:2017-258-02) (BlueBorne)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-2930-1.NASL
    descriptionDescription of changes: - [3.10.0-693.5.2.0.1.el7.OL7] - [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug 22552377] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(<A HREF=
    last seen2020-06-01
    modified2020-06-02
    plugin id104088
    published2017-10-23
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104088
    titleOracle Linux 7 : kernel (ELSA-2017-2930-1) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2797-1.NASL
    descriptionThis update for the Linux Kernel 3.12.74-60_64_51 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-23
    plugin id104097
    published2017-10-23
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104097
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2797-1) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2017-1063.NASL
    descriptionThe openSUSE Leap 42.3 kernel was updated to 4.4.87 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bnc#1057389). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI table (bnc#1049580). The following non-security bugs were fixed : - acpica: IORT: Update SMMU models for revision C (bsc#1036060). - acpi/nfit: Fix memory corruption/Unregister mce decoder on failure (bsc#1057047). - ahci: do not use MSI for devices with the silly Intel NVMe remapping scheme (bsc#1048912). - ahci: thunderx2: stop engine fix update (bsc#1057031). - alsa: hda/realtek - Add support headphone Mic for ALC221 of HP platform (bsc#1024405). - arm64: mm: select CONFIG_ARCH_PROC_KCORE_TEXT (bsc#1046529). - arm64: PCI: Fix struct acpi_pci_root_ops allocation failure path (bsc#1056849). - arm64: Update config files. Enable ARCH_PROC_KCORE_TEXT - blacklist.conf: gcc7 compiler warning (bsc#1056849) - bnxt: add a missing rcu synchronization (bnc#1038583). - bnxt: do not busy-poll when link is down (bnc#1038583). - bnxt_en: Enable MRU enables bit when configuring VNIC MRU (bnc#1038583). - bnxt_en: Fix and clarify link_info->advertising (bnc#1038583). - bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583). - bnxt_en: Fix NULL pointer dereference in a failure path during open (bnc#1038583). - bnxt_en: Fix NULL pointer dereference in reopen failure path (bnc#1038583). - bnxt_en: fix pci cleanup in bnxt_init_one() failure path (bnc#1038583). - bnxt_en: Fix ring arithmetic in bnxt_setup_tc() (bnc#1038583). - bnxt_en: Fix TX push operation on ARM64 (bnc#1038583). - bnxt_en: Fix
    last seen2020-06-05
    modified2017-09-18
    plugin id103288
    published2017-09-18
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103288
    titleopenSUSE Security Update : the Linux Kernel (openSUSE-2017-1063) (BlueBorne)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2682.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A stack-based buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important) Red Hat would like to thank Armis Labs for reporting this issue.
    last seen2020-06-05
    modified2017-09-13
    plugin id103170
    published2017-09-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103170
    titleRHEL 6 : kernel (RHSA-2017:2682) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2534-1.NASL
    descriptionThe SUSE Linux Enterprise 12 GA kernel was updated to receive the following security fixes : - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel was vulnerable to a stack overflow while processing L2CAP configuration responses, resulting in a potential remote denial-of-service vulnerability but no remote code execution due to use of CONFIG_CC_STACKPROTECTOR. [bnc#1057389] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-09-21
    plugin id103371
    published2017-09-21
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103371
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2534-1) (BlueBorne)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2704.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * A stack-based buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important) Red Hat would like to thank Armis Labs for reporting this issue.
    last seen2020-06-05
    modified2017-09-14
    plugin id103206
    published2017-09-14
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103206
    titleRHEL 7 : kernel-rt (RHSA-2017:2704) (BlueBorne)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3659.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-05
    modified2017-12-14
    plugin id105247
    published2017-12-14
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105247
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3659) (BlueBorne) (Dirty COW) (Stack Clash)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2786-1.NASL
    descriptionThis update for the Linux Kernel 3.12.67-60_64_24 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-20
    plugin id104026
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104026
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2786-1) (BlueBorne)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0152.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796364] (CVE-2017-1000251) - xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645550] (CVE-2017-12134) - fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638921] (CVE-2017-1000365) (CVE-2017-1000365)
    last seen2020-06-05
    modified2017-09-22
    plugin id103404
    published2017-09-22
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103404
    titleOracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0152) (BlueBorne) (Stack Clash)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170912_KERNEL_ON_SL6_X.NASL
    descriptionSecurity Fix(es) : - A stack-based buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important)
    last seen2020-06-05
    modified2017-09-13
    plugin id103174
    published2017-09-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103174
    titleScientific Linux Security Update : kernel on SL6.x i386/x86_64 (20170912) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2774-1.NASL
    descriptionThis update for the Linux Kernel 3.12.61-52_86 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-20
    plugin id104014
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104014
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2774-1) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2785-1.NASL
    descriptionThis update for the Linux Kernel 3.12.62-60_64_8 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-20
    plugin id104025
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104025
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2785-1) (BlueBorne)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3620.NASL
    descriptionDescription of changes: kernel-uek [4.1.12-103.3.8.1.el7uek] - Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796363] {CVE-2017-1000251}
    last seen2020-06-05
    modified2017-09-20
    plugin id103348
    published2017-09-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103348
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3620) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2523-1.NASL
    descriptionThe SUSE Linux Enterprise 12 SP3 kernel was updated to receive the following security fixes : - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel was vulnerable to a stack overflow while processing L2CAP configuration responses, resulting in a potential remote denial-of-service vulnerability but no remote code execution due to use of CONFIG_CC_STACKPROTECTOR. [bnc#1057389] Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-09-19
    plugin id103318
    published2017-09-19
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103318
    titleSUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2523-1) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2771-1.NASL
    descriptionThis update for the Linux Kernel 3.12.61-52_66 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-20
    plugin id104011
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104011
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2771-1) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2782-1.NASL
    descriptionThis update for the Linux Kernel 3.12.69-60_64_32 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-20
    plugin id104022
    published2017-10-20
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104022
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2782-1) (BlueBorne)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-2681.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A stack-based buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important) Red Hat would like to thank Armis Labs for reporting this issue.
    last seen2020-06-05
    modified2017-09-13
    plugin id103144
    published2017-09-13
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103144
    titleCentOS 6 : kernel (CESA-2017:2681) (BlueBorne)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2017-2792-1.NASL
    descriptionThis update for the Linux Kernel 3.12.74-60_64_54 fixes one issue. The following security bugs were fixed : - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call (bsc#1045327). - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bsc#1057950). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2017-10-23
    plugin id104094
    published2017-10-23
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/104094
    titleSUSE SLES12 Security Update : kernel (SUSE-SU-2017:2792-1) (BlueBorne)

Redhat

advisories
  • bugzilla
    id1489716
    titleCVE-2017-1000251 kernel: stack buffer overflow in the native Bluetooth stack
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • commentkernel earlier than 0:3.10.0-693.2.2.el7 is currently running
          ovaloval:com.redhat.rhsa:tst:20172679031
        • commentkernel earlier than 0:3.10.0-693.2.2.el7 is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20172679032
      • OR
        • AND
          • commentkernel-tools-libs-devel is earlier than 0:3.10.0-693.2.2.el7
            ovaloval:com.redhat.rhsa:tst:20172679001
          • commentkernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678022
        • AND
          • commentkernel-abi-whitelists is earlier than 0:3.10.0-693.2.2.el7
            ovaloval:com.redhat.rhsa:tst:20172679003
          • commentkernel-abi-whitelists is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131645022
        • AND
          • commentkernel-doc is earlier than 0:3.10.0-693.2.2.el7
            ovaloval:com.redhat.rhsa:tst:20172679005
          • commentkernel-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842002
        • AND
          • commentpython-perf is earlier than 0:3.10.0-693.2.2.el7
            ovaloval:com.redhat.rhsa:tst:20172679007
          • commentpython-perf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111530024
        • AND
          • commentkernel-debug-devel is earlier than 0:3.10.0-693.2.2.el7
            ovaloval:com.redhat.rhsa:tst:20172679009
          • commentkernel-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842008
        • AND
          • commentkernel-tools is earlier than 0:3.10.0-693.2.2.el7
            ovaloval:com.redhat.rhsa:tst:20172679011
          • commentkernel-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678012
        • AND
          • commentkernel-tools-libs is earlier than 0:3.10.0-693.2.2.el7
            ovaloval:com.redhat.rhsa:tst:20172679013
          • commentkernel-tools-libs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20140678016
        • AND
          • commentkernel-headers is earlier than 0:3.10.0-693.2.2.el7
            ovaloval:com.redhat.rhsa:tst:20172679015
          • commentkernel-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842010
        • AND
          • commentperf is earlier than 0:3.10.0-693.2.2.el7
            ovaloval:com.redhat.rhsa:tst:20172679017
          • commentperf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842006
        • AND
          • commentkernel-debug is earlier than 0:3.10.0-693.2.2.el7
            ovaloval:com.redhat.rhsa:tst:20172679019
          • commentkernel-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842014
        • AND
          • commentkernel-devel is earlier than 0:3.10.0-693.2.2.el7
            ovaloval:com.redhat.rhsa:tst:20172679021
          • commentkernel-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842016
        • AND
          • commentkernel is earlier than 0:3.10.0-693.2.2.el7
            ovaloval:com.redhat.rhsa:tst:20172679023
          • commentkernel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842012
        • AND
          • commentkernel-bootwrapper is earlier than 0:3.10.0-693.2.2.el7
            ovaloval:com.redhat.rhsa:tst:20172679025
          • commentkernel-bootwrapper is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842018
        • AND
          • commentkernel-kdump-devel is earlier than 0:3.10.0-693.2.2.el7
            ovaloval:com.redhat.rhsa:tst:20172679027
          • commentkernel-kdump-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842022
        • AND
          • commentkernel-kdump is earlier than 0:3.10.0-693.2.2.el7
            ovaloval:com.redhat.rhsa:tst:20172679029
          • commentkernel-kdump is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842020
    rhsa
    idRHSA-2017:2679
    released2017-09-12
    severityImportant
    titleRHSA-2017:2679: kernel security update (Important)
  • bugzilla
    id1489716
    titleCVE-2017-1000251 kernel: stack buffer overflow in the native Bluetooth stack
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • commentkernel earlier than 0:2.6.32-696.10.2.el6 is currently running
          ovaloval:com.redhat.rhsa:tst:20172681027
        • commentkernel earlier than 0:2.6.32-696.10.2.el6 is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20172681028
      • OR
        • AND
          • commentpython-perf is earlier than 0:2.6.32-696.10.2.el6
            ovaloval:com.redhat.rhsa:tst:20172681001
          • commentpython-perf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20111530024
        • AND
          • commentkernel-doc is earlier than 0:2.6.32-696.10.2.el6
            ovaloval:com.redhat.rhsa:tst:20172681003
          • commentkernel-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842002
        • AND
          • commentkernel-abi-whitelists is earlier than 0:2.6.32-696.10.2.el6
            ovaloval:com.redhat.rhsa:tst:20172681005
          • commentkernel-abi-whitelists is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20131645022
        • AND
          • commentkernel-firmware is earlier than 0:2.6.32-696.10.2.el6
            ovaloval:com.redhat.rhsa:tst:20172681007
          • commentkernel-firmware is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842004
        • AND
          • commentkernel-headers is earlier than 0:2.6.32-696.10.2.el6
            ovaloval:com.redhat.rhsa:tst:20172681009
          • commentkernel-headers is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842010
        • AND
          • commentkernel-debug is earlier than 0:2.6.32-696.10.2.el6
            ovaloval:com.redhat.rhsa:tst:20172681011
          • commentkernel-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842014
        • AND
          • commentkernel is earlier than 0:2.6.32-696.10.2.el6
            ovaloval:com.redhat.rhsa:tst:20172681013
          • commentkernel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842012
        • AND
          • commentkernel-debug-devel is earlier than 0:2.6.32-696.10.2.el6
            ovaloval:com.redhat.rhsa:tst:20172681015
          • commentkernel-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842008
        • AND
          • commentkernel-devel is earlier than 0:2.6.32-696.10.2.el6
            ovaloval:com.redhat.rhsa:tst:20172681017
          • commentkernel-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842016
        • AND
          • commentperf is earlier than 0:2.6.32-696.10.2.el6
            ovaloval:com.redhat.rhsa:tst:20172681019
          • commentperf is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842006
        • AND
          • commentkernel-bootwrapper is earlier than 0:2.6.32-696.10.2.el6
            ovaloval:com.redhat.rhsa:tst:20172681021
          • commentkernel-bootwrapper is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842018
        • AND
          • commentkernel-kdump is earlier than 0:2.6.32-696.10.2.el6
            ovaloval:com.redhat.rhsa:tst:20172681023
          • commentkernel-kdump is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842020
        • AND
          • commentkernel-kdump-devel is earlier than 0:2.6.32-696.10.2.el6
            ovaloval:com.redhat.rhsa:tst:20172681025
          • commentkernel-kdump-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20100842022
    rhsa
    idRHSA-2017:2681
    released2017-09-12
    severityImportant
    titleRHSA-2017:2681: kernel security update (Important)
  • bugzilla
    id1489716
    titleCVE-2017-1000251 kernel: stack buffer overflow in the native Bluetooth stack
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentkernel-rt-doc is earlier than 0:3.10.0-693.2.2.rt56.623.el7
            ovaloval:com.redhat.rhsa:tst:20172704001
          • commentkernel-rt-doc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727002
        • AND
          • commentkernel-rt-debug-devel is earlier than 0:3.10.0-693.2.2.rt56.623.el7
            ovaloval:com.redhat.rhsa:tst:20172704003
          • commentkernel-rt-debug-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727010
        • AND
          • commentkernel-rt is earlier than 0:3.10.0-693.2.2.rt56.623.el7
            ovaloval:com.redhat.rhsa:tst:20172704005
          • commentkernel-rt is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727006
        • AND
          • commentkernel-rt-trace-devel is earlier than 0:3.10.0-693.2.2.rt56.623.el7
            ovaloval:com.redhat.rhsa:tst:20172704007
          • commentkernel-rt-trace-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727004
        • AND
          • commentkernel-rt-devel is earlier than 0:3.10.0-693.2.2.rt56.623.el7
            ovaloval:com.redhat.rhsa:tst:20172704009
          • commentkernel-rt-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727012
        • AND
          • commentkernel-rt-debug is earlier than 0:3.10.0-693.2.2.rt56.623.el7
            ovaloval:com.redhat.rhsa:tst:20172704011
          • commentkernel-rt-debug is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727014
        • AND
          • commentkernel-rt-trace is earlier than 0:3.10.0-693.2.2.rt56.623.el7
            ovaloval:com.redhat.rhsa:tst:20172704013
          • commentkernel-rt-trace is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20150727008
        • AND
          • commentkernel-rt-debug-kvm is earlier than 0:3.10.0-693.2.2.rt56.623.el7
            ovaloval:com.redhat.rhsa:tst:20172704015
          • commentkernel-rt-debug-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212020
        • AND
          • commentkernel-rt-trace-kvm is earlier than 0:3.10.0-693.2.2.rt56.623.el7
            ovaloval:com.redhat.rhsa:tst:20172704017
          • commentkernel-rt-trace-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212016
        • AND
          • commentkernel-rt-kvm is earlier than 0:3.10.0-693.2.2.rt56.623.el7
            ovaloval:com.redhat.rhsa:tst:20172704019
          • commentkernel-rt-kvm is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20160212018
    rhsa
    idRHSA-2017:2704
    released2017-09-13
    severityImportant
    titleRHSA-2017:2704: kernel-rt security update (Important)
  • rhsa
    idRHSA-2017:2680
  • rhsa
    idRHSA-2017:2682
  • rhsa
    idRHSA-2017:2683
  • rhsa
    idRHSA-2017:2705
  • rhsa
    idRHSA-2017:2706
  • rhsa
    idRHSA-2017:2707
  • rhsa
    idRHSA-2017:2731
  • rhsa
    idRHSA-2017:2732
rpms
  • kernel-0:3.10.0-693.2.2.el7
  • kernel-abi-whitelists-0:3.10.0-693.2.2.el7
  • kernel-bootwrapper-0:3.10.0-693.2.2.el7
  • kernel-debug-0:3.10.0-693.2.2.el7
  • kernel-debug-debuginfo-0:3.10.0-693.2.2.el7
  • kernel-debug-devel-0:3.10.0-693.2.2.el7
  • kernel-debuginfo-0:3.10.0-693.2.2.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-693.2.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-693.2.2.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-693.2.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-693.2.2.el7
  • kernel-devel-0:3.10.0-693.2.2.el7
  • kernel-doc-0:3.10.0-693.2.2.el7
  • kernel-headers-0:3.10.0-693.2.2.el7
  • kernel-kdump-0:3.10.0-693.2.2.el7
  • kernel-kdump-debuginfo-0:3.10.0-693.2.2.el7
  • kernel-kdump-devel-0:3.10.0-693.2.2.el7
  • kernel-tools-0:3.10.0-693.2.2.el7
  • kernel-tools-debuginfo-0:3.10.0-693.2.2.el7
  • kernel-tools-libs-0:3.10.0-693.2.2.el7
  • kernel-tools-libs-devel-0:3.10.0-693.2.2.el7
  • perf-0:3.10.0-693.2.2.el7
  • perf-debuginfo-0:3.10.0-693.2.2.el7
  • python-perf-0:3.10.0-693.2.2.el7
  • python-perf-debuginfo-0:3.10.0-693.2.2.el7
  • kernel-0:3.10.0-514.28.2.el7
  • kernel-abi-whitelists-0:3.10.0-514.28.2.el7
  • kernel-bootwrapper-0:3.10.0-514.28.2.el7
  • kernel-debug-0:3.10.0-514.28.2.el7
  • kernel-debug-debuginfo-0:3.10.0-514.28.2.el7
  • kernel-debug-devel-0:3.10.0-514.28.2.el7
  • kernel-debuginfo-0:3.10.0-514.28.2.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-514.28.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-514.28.2.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-514.28.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-514.28.2.el7
  • kernel-devel-0:3.10.0-514.28.2.el7
  • kernel-doc-0:3.10.0-514.28.2.el7
  • kernel-headers-0:3.10.0-514.28.2.el7
  • kernel-kdump-0:3.10.0-514.28.2.el7
  • kernel-kdump-debuginfo-0:3.10.0-514.28.2.el7
  • kernel-kdump-devel-0:3.10.0-514.28.2.el7
  • kernel-tools-0:3.10.0-514.28.2.el7
  • kernel-tools-debuginfo-0:3.10.0-514.28.2.el7
  • kernel-tools-libs-0:3.10.0-514.28.2.el7
  • kernel-tools-libs-devel-0:3.10.0-514.28.2.el7
  • perf-0:3.10.0-514.28.2.el7
  • perf-debuginfo-0:3.10.0-514.28.2.el7
  • python-perf-0:3.10.0-514.28.2.el7
  • python-perf-debuginfo-0:3.10.0-514.28.2.el7
  • kernel-0:2.6.32-696.10.2.el6
  • kernel-abi-whitelists-0:2.6.32-696.10.2.el6
  • kernel-bootwrapper-0:2.6.32-696.10.2.el6
  • kernel-debug-0:2.6.32-696.10.2.el6
  • kernel-debug-debuginfo-0:2.6.32-696.10.2.el6
  • kernel-debug-devel-0:2.6.32-696.10.2.el6
  • kernel-debuginfo-0:2.6.32-696.10.2.el6
  • kernel-debuginfo-common-i686-0:2.6.32-696.10.2.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-696.10.2.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-696.10.2.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-696.10.2.el6
  • kernel-devel-0:2.6.32-696.10.2.el6
  • kernel-doc-0:2.6.32-696.10.2.el6
  • kernel-firmware-0:2.6.32-696.10.2.el6
  • kernel-headers-0:2.6.32-696.10.2.el6
  • kernel-kdump-0:2.6.32-696.10.2.el6
  • kernel-kdump-debuginfo-0:2.6.32-696.10.2.el6
  • kernel-kdump-devel-0:2.6.32-696.10.2.el6
  • perf-0:2.6.32-696.10.2.el6
  • perf-debuginfo-0:2.6.32-696.10.2.el6
  • python-perf-0:2.6.32-696.10.2.el6
  • python-perf-debuginfo-0:2.6.32-696.10.2.el6
  • kernel-0:2.6.32-573.45.2.el6
  • kernel-abi-whitelists-0:2.6.32-573.45.2.el6
  • kernel-bootwrapper-0:2.6.32-573.45.2.el6
  • kernel-debug-0:2.6.32-573.45.2.el6
  • kernel-debug-debuginfo-0:2.6.32-573.45.2.el6
  • kernel-debug-devel-0:2.6.32-573.45.2.el6
  • kernel-debuginfo-0:2.6.32-573.45.2.el6
  • kernel-debuginfo-common-i686-0:2.6.32-573.45.2.el6
  • kernel-debuginfo-common-ppc64-0:2.6.32-573.45.2.el6
  • kernel-debuginfo-common-s390x-0:2.6.32-573.45.2.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-573.45.2.el6
  • kernel-devel-0:2.6.32-573.45.2.el6
  • kernel-doc-0:2.6.32-573.45.2.el6
  • kernel-firmware-0:2.6.32-573.45.2.el6
  • kernel-headers-0:2.6.32-573.45.2.el6
  • kernel-kdump-0:2.6.32-573.45.2.el6
  • kernel-kdump-debuginfo-0:2.6.32-573.45.2.el6
  • kernel-kdump-devel-0:2.6.32-573.45.2.el6
  • perf-0:2.6.32-573.45.2.el6
  • perf-debuginfo-0:2.6.32-573.45.2.el6
  • python-perf-0:2.6.32-573.45.2.el6
  • python-perf-debuginfo-0:2.6.32-573.45.2.el6
  • kernel-0:2.6.32-358.83.1.el6
  • kernel-debug-0:2.6.32-358.83.1.el6
  • kernel-debug-debuginfo-0:2.6.32-358.83.1.el6
  • kernel-debug-devel-0:2.6.32-358.83.1.el6
  • kernel-debuginfo-0:2.6.32-358.83.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-358.83.1.el6
  • kernel-devel-0:2.6.32-358.83.1.el6
  • kernel-doc-0:2.6.32-358.83.1.el6
  • kernel-firmware-0:2.6.32-358.83.1.el6
  • kernel-headers-0:2.6.32-358.83.1.el6
  • perf-0:2.6.32-358.83.1.el6
  • perf-debuginfo-0:2.6.32-358.83.1.el6
  • python-perf-0:2.6.32-358.83.1.el6
  • python-perf-debuginfo-0:2.6.32-358.83.1.el6
  • kernel-rt-0:3.10.0-693.2.2.rt56.623.el7
  • kernel-rt-debug-0:3.10.0-693.2.2.rt56.623.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-693.2.2.rt56.623.el7
  • kernel-rt-debug-devel-0:3.10.0-693.2.2.rt56.623.el7
  • kernel-rt-debug-kvm-0:3.10.0-693.2.2.rt56.623.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.2.2.rt56.623.el7
  • kernel-rt-debuginfo-0:3.10.0-693.2.2.rt56.623.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.2.2.rt56.623.el7
  • kernel-rt-devel-0:3.10.0-693.2.2.rt56.623.el7
  • kernel-rt-doc-0:3.10.0-693.2.2.rt56.623.el7
  • kernel-rt-kvm-0:3.10.0-693.2.2.rt56.623.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-693.2.2.rt56.623.el7
  • kernel-rt-trace-0:3.10.0-693.2.2.rt56.623.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-693.2.2.rt56.623.el7
  • kernel-rt-trace-devel-0:3.10.0-693.2.2.rt56.623.el7
  • kernel-rt-trace-kvm-0:3.10.0-693.2.2.rt56.623.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.2.2.rt56.623.el7
  • kernel-rt-1:3.10.0-693.2.2.rt56.588.el6rt
  • kernel-rt-debug-1:3.10.0-693.2.2.rt56.588.el6rt
  • kernel-rt-debug-debuginfo-1:3.10.0-693.2.2.rt56.588.el6rt
  • kernel-rt-debug-devel-1:3.10.0-693.2.2.rt56.588.el6rt
  • kernel-rt-debuginfo-1:3.10.0-693.2.2.rt56.588.el6rt
  • kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.2.rt56.588.el6rt
  • kernel-rt-devel-1:3.10.0-693.2.2.rt56.588.el6rt
  • kernel-rt-doc-1:3.10.0-693.2.2.rt56.588.el6rt
  • kernel-rt-firmware-1:3.10.0-693.2.2.rt56.588.el6rt
  • kernel-rt-trace-1:3.10.0-693.2.2.rt56.588.el6rt
  • kernel-rt-trace-debuginfo-1:3.10.0-693.2.2.rt56.588.el6rt
  • kernel-rt-trace-devel-1:3.10.0-693.2.2.rt56.588.el6rt
  • kernel-rt-vanilla-1:3.10.0-693.2.2.rt56.588.el6rt
  • kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.2.rt56.588.el6rt
  • kernel-rt-vanilla-devel-1:3.10.0-693.2.2.rt56.588.el6rt
  • kernel-0:3.10.0-327.59.2.el7
  • kernel-abi-whitelists-0:3.10.0-327.59.2.el7
  • kernel-bootwrapper-0:3.10.0-327.59.2.el7
  • kernel-debug-0:3.10.0-327.59.2.el7
  • kernel-debug-debuginfo-0:3.10.0-327.59.2.el7
  • kernel-debug-devel-0:3.10.0-327.59.2.el7
  • kernel-debuginfo-0:3.10.0-327.59.2.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-327.59.2.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-327.59.2.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-327.59.2.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-327.59.2.el7
  • kernel-devel-0:3.10.0-327.59.2.el7
  • kernel-doc-0:3.10.0-327.59.2.el7
  • kernel-headers-0:3.10.0-327.59.2.el7
  • kernel-kdump-0:3.10.0-327.59.2.el7
  • kernel-kdump-debuginfo-0:3.10.0-327.59.2.el7
  • kernel-kdump-devel-0:3.10.0-327.59.2.el7
  • kernel-tools-0:3.10.0-327.59.2.el7
  • kernel-tools-debuginfo-0:3.10.0-327.59.2.el7
  • kernel-tools-libs-0:3.10.0-327.59.2.el7
  • kernel-tools-libs-devel-0:3.10.0-327.59.2.el7
  • perf-0:3.10.0-327.59.2.el7
  • perf-debuginfo-0:3.10.0-327.59.2.el7
  • python-perf-0:3.10.0-327.59.2.el7
  • python-perf-debuginfo-0:3.10.0-327.59.2.el7
  • kernel-0:2.6.32-431.84.1.el6
  • kernel-abi-whitelists-0:2.6.32-431.84.1.el6
  • kernel-debug-0:2.6.32-431.84.1.el6
  • kernel-debug-debuginfo-0:2.6.32-431.84.1.el6
  • kernel-debug-devel-0:2.6.32-431.84.1.el6
  • kernel-debuginfo-0:2.6.32-431.84.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-431.84.1.el6
  • kernel-devel-0:2.6.32-431.84.1.el6
  • kernel-doc-0:2.6.32-431.84.1.el6
  • kernel-firmware-0:2.6.32-431.84.1.el6
  • kernel-headers-0:2.6.32-431.84.1.el6
  • perf-0:2.6.32-431.84.1.el6
  • perf-debuginfo-0:2.6.32-431.84.1.el6
  • python-perf-0:2.6.32-431.84.1.el6
  • python-perf-debuginfo-0:2.6.32-431.84.1.el6
  • kernel-0:2.6.32-504.63.2.el6
  • kernel-abi-whitelists-0:2.6.32-504.63.2.el6
  • kernel-debug-0:2.6.32-504.63.2.el6
  • kernel-debug-debuginfo-0:2.6.32-504.63.2.el6
  • kernel-debug-devel-0:2.6.32-504.63.2.el6
  • kernel-debuginfo-0:2.6.32-504.63.2.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-504.63.2.el6
  • kernel-devel-0:2.6.32-504.63.2.el6
  • kernel-doc-0:2.6.32-504.63.2.el6
  • kernel-firmware-0:2.6.32-504.63.2.el6
  • kernel-headers-0:2.6.32-504.63.2.el6
  • perf-0:2.6.32-504.63.2.el6
  • perf-debuginfo-0:2.6.32-504.63.2.el6
  • python-perf-0:2.6.32-504.63.2.el6
  • python-perf-debuginfo-0:2.6.32-504.63.2.el6
  • kernel-0:2.6.32-220.75.1.el6
  • kernel-debug-0:2.6.32-220.75.1.el6
  • kernel-debug-debuginfo-0:2.6.32-220.75.1.el6
  • kernel-debug-devel-0:2.6.32-220.75.1.el6
  • kernel-debuginfo-0:2.6.32-220.75.1.el6
  • kernel-debuginfo-common-x86_64-0:2.6.32-220.75.1.el6
  • kernel-devel-0:2.6.32-220.75.1.el6
  • kernel-doc-0:2.6.32-220.75.1.el6
  • kernel-firmware-0:2.6.32-220.75.1.el6
  • kernel-headers-0:2.6.32-220.75.1.el6
  • perf-0:2.6.32-220.75.1.el6
  • perf-debuginfo-0:2.6.32-220.75.1.el6
  • python-perf-0:2.6.32-220.75.1.el6
  • python-perf-debuginfo-0:2.6.32-220.75.1.el6

Seebug

bulletinFamilyexploit
description### General Overview Armis Labs revealed a new attack vector endangering major mobile, desktop, and IoT operating systems, including Android, iOS, Windows, and Linux, and the devices using them. The new vector is dubbed “BlueBorne”, as it spread through the air (airborne) and attacks devices via Bluetooth. Armis has also disclosed eight related zero-day vulnerabilities, four of which are classified as critical. BlueBorne allows attackers to take control of devices, access corporate data and networks, penetrate secure “air-gapped” networks, and spread malware laterally to adjacent devices. Armis reported these vulnerabilities to the responsible actors, and is working with them as patches are being identified and released. Here is a quick overview of how BlueBorne works: https://youtu.be/LLNtZKpL0P8 #### Blueborne Brief Overview What Is BlueBorne? BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. Armis Labs has identified eight zero-day vulnerabilities so far, which indicate the existence and potential of the attack vector. Armis believes many more vulnerabilities await discovery in the various platforms using Bluetooth. These vulnerabilities are fully operational, and can be successfully exploited, as demonstrated in our research. The BlueBorne attack vector can be used to conduct a large range of offenses, including remote code execution as well as Man-in-The-Middle attacks. Additional Information: Download our Technical White Paper on BlueBorne ### What Is The Risk? The BlueBorne attack vector has several qualities which can have a devastating effect when combined. By spreading through the air, BlueBorne targets the weakest spot in the networks’ defense – and the only one that no security measure protects. Spreading from device to device through the air also makes BlueBorne highly infectious. Moreover, since the Bluetooth process has high privileges on all operating systems, exploiting it provides virtually full control over the device. Unfortunately, this set of capabilities is extremely desireable to a hacker. BlueBorne can serve any malicious objective, such as cyber espionage, data theft, ransomware, and even creating large botnets out of IoT devices like the Mirai Botnet or mobile devices as with the recent WireX Botnet. The BlueBorne attack vector surpasses the capabilities of most attack vectors by penetrating secure “air-gapped” networks which are disconnected from any other network, including the internet. ### How Wide Is The Threat? #### The threat posed by the BlueBorne attack vector The BlueBorne attack vector can potentially affect all devices with Bluetooth capabilities, estimated at over 8.2 billion devices today. Bluetooth is the leading and most widespread protocol for short-range communications, and is used by devices of all kinds, from regular computers and mobile devices to IoT devices such as TVs, watches, cars, and even medical appliances. The latest published reports show more than 2 billion Android, 2 billion Windows, and 1 billion Apple devices in use. Gartner reports that there are 8 billions connected or IoT devices in the world today, many of which have Bluetooth. ### What Is New About BlueBorne? #### A new airborne attack vector BlueBorne concerns us because of the medium by which it operates. Unlike the majority of attacks today, which rely on the internet, a BlueBorne attack spreads through the air. This works similarly to the two less extensive vulnerabilities discovered recently in a Broadcom Wi-Fi chip by Project Zero and Exodus. The vulnerabilities found in Wi-Fi chips affect only the peripherals of the device, and require another step to take control of the device. With BlueBorne, b attackers can gain full control right from the start. Moreover, Bluetooth offers a wider attacker surface than WiFi, almost entirely unexplored by the research community and hence contains far more vulnerabilities. Airborne attacks, unfortunately, provide a number of opportunities for the attacker. First, spreading through the air renders the attack much more contagious, and allows it to spread with minimum effort. Second, it allows the attack to bypass current security measures and remain undetected, as traditional methods do not protect from airborne threats. Airborne attacks can also allow hackers to penetrate secure internal networks which are “air gapped,” meaning they are disconnected from any other network for protection. This can endanger industrial systems, government agencies, and critical infrastructure. Finally, unlike traditional malware or attacks, the user does not have to click on a link or download a questionable file. No action by the user is necessary to enable the attack #### A comprehensive and severe threat The BlueBorne attack vector requires no user interaction, is compatible to all software versions, and does not require any preconditions or configurations aside of the Bluetooth being active. Unlike the common misconception, Bluetooth enabled devices are constantly searching for incoming connections from any devices, and not only those they have been paired with. This means a Bluetooth connection can be established without pairing the devices at all. This makes BlueBorne one of the most broad potential attacks found in recent years, and allows an attacker to strike completely undetected. #### Next generation Bluetooth vulnerabilities In the past, most Bluetooth vulnerabilities and security flaws originated in issues with the protocol itself, which were resolved in version 2.1 in 2007. Nearly all vulnerabilities found since were of low severity, and did not allow remote code execution. This transition occurred as the research community turned its eyes elsewhere, and did not scrutinize the implementations of the Bluetooth protocol in the different platforms, as it did with other major protocols. Bluetooth is a difficult protocol to implement, which makes it prone to two kinds of vulnerabilities. On the one hand, vendors are likely to follow the protocol’s implementation guidelines word-for-word, which means that when a vulnerability is found in one platform it might affect others. These mirrored vulnerabilities happened with CVE-2017-8628 and CVE-2017-0783 (Windows & Android MiTM) which are “identical twins”. On the other hand, in some areas the Bluetooth specifications leave too much room for interpretation, causing fragmented methods of implementation in the various platforms, making each of them more likely to contain a vulnerability of its own. This is why the vulnerabilities which comprise BlueBorne are based on the various implementations of the Bluetooth protocol, and are more prevalent and severe than those of recent years. We are concerned that the vulnerabilities we found are only the tip of the iceberg, and that the distinct implementations of the protocol on other platforms may contain additional vulnerabilities. #### A Coordinated Disclosure Armis reached out to the following actors to ensure a safe, secure, and coordinated response to the vulnerabilities identified. Google – Contacted on April 19, 2017, after which details were shared. Released public security update and security bulletin on September 4th, 2017. Coordinated disclosure on September 12th, 2017. Microsoft – Contacted on April 19, 2017 after which details were shared. Updates were made on July 11. Public disclosure on September 12, 2017 as part of coordinated disclosure. Apple – Contacted on August 9, 2017. Apple had no vulnerability in its current versions. Samsung – Contact on three separate occasions in April, May, and June. No response was received back from any outreach. Linux – Contacted August 15 and 17, 2017. On September 5, 2017, we connected and provided the necessary information to the the Linux kernel security team and to the Linux distributions security contact list and conversations followed from there. Targeting updates for on or about September 12, 2017 for coordinated disclosure. ### Affected Devices #### The threat posed by the vulnerabilities Armis disclosed The vulnerabilities disclosed by Armis affect all devices running on Android, Linux, Windows, and pre-version 10 of iOS operating systems, regardless of the Bluetooth version in use. This means almost every computer, mobile device, smart TV or other IoT device running on one of these operating systems is endangered by at least one of the eight vulnerabilities. This covers a significant portion of all connected devices globally. #### What Devices Are Affected? ##### Android All Android phones, tablets, and wearables (except those using only Bluetooth Low Energy) of all versions are affected by four vulnerabilities found in the Android operating system, two of which allow remote code execution (CVE-2017-0781 and CVE-2017-0782), one results in information leak (CVE-2017-0785) and the last allows an attacker to perform a Man-in-The-Middle attack (CVE-2017-0783). Examples of impacted devices: * Google Pixel * Samsung Galaxy * Samsung Galaxy Tab * LG Watch Sport * Pumpkin Car Audio System Google has issued a patch and notified its partners. It will be available for: * Nougat (7.0) * Marshmallow (6.0) Google has issued a security update patch and notified its partners. It was available to Android partners on August 7th, 2017, and made available as part of the September Security Update and Bulletin. We recommend that users check that Bulletin for the latest most accurate information. Android users should verify that they have the September 9, 2017 Security Patch Level, Note to Android users: To check if your device is risk or is the devices around you are at risk, download the Armis BlueBorne Scanner App on Google Play. ##### Windows All Windows computers since Windows Vista are affected by the “Bluetooth Pineapple” vulnerability which allows an attacker to perform a Man-in-The-Middle attack (CVE-2017-8628). Microsoft is issuing security patches to all supported Windows versions at 10 AM, Tuesday, September 12. We recommend that Windows users should check with the Microsoft release here for the latest information. ##### Linux Linux is the underlying operating system for a wide range of devices. The most commercial, and consumer-oriented platform based on Linux is the Tizen OS. * All Linux devices running BlueZ are affected by the information leak vulnerability (CVE-2017-1000250). * All Linux devices from version 3.3-rc1 (released in October 2011) are affected by the remote code execution vulnerability (CVE-2017-1000251). Examples of impacted devices: * Samsung Gear S3 (Smartwatch) * Samsung Smart TVs * Samsung Family Hub (Smart refrigerator) Information on Linux updates will be provided as soon as they are live. ##### iOS All iPhone, iPad and iPod touch devices with iOS 9.3.5 and lower, and AppleTV devices with version 7.2.2 and lower are affected by the remote code execution vulnerability. This vulnerability was already mitigated by Apple in iOS 10, so no new patch is needed to mitigate it. We recommend you upgrade to the latest iOS or tvOS available. If you are concerned that your device may not be patched, we recommend disabling Bluetooth, and minimizing its use until you can confirm a patch is issued and installed on your device. ### Technical Overview #### BlueBorne Explained: How The Attack Vector Works The BlueBorne attack vector has several stages. First, the attacker locates active Bluetooth connections around him or her. Devices can be identified even if they are not set to “discoverable” mode. Next, the attacker obtains the device’s MAC address, which is a unique identifier of that specific device. By probing the device, the attacker can determine which operating system his victim is using, and adjust his exploit accordingly. The attacker will then exploit a vulnerability in the implementation of the Bluetooth protocol in the relevant platform and gain the access he needs to act on his malicious objective. At this stage the attacker can choose to create a Man-in-The-Middle attack and control the device’s communication, or take full control over the device and use it for a wide array of cybercriminal purposes. [Download our Technical White Paper on BlueBorne](http://go.armis.com/blueborne-technical-paper) #### BlueBorne attack on Android Once the attacker determined his target is using the Android operating system, he can use four of the vulnerabilities disclosed by Armis to exploit the device, or they can use a separate vulnerability to conduct a Man-in-The-Middle attack. Here is a quick demo of how BlueBorne can take control of an Android device: https://youtu.be/Az-l90RCns8 ##### Information Leak Vulnerability (CVE-2017-0785) The first vulnerability in the Android operating system reveals valuable information which helps the attacker leverage one of the remote code execution vulnerabilities described below. The vulnerability was found in the SDP (Service Discovery Protocol) server, which enables the device to identify other Bluetooth services around it. The flaw allows the attacker to send a set of crafted requests to the server, causing it to disclose memory bits in response. These pieces of information can later be used by the attacker to overcome advanced security measures and take control over the device. This vulnerability can also allow an attacker to leak encryption keys from the targeted device and eavesdrop on Bluetooth communications, in an attack that very much resembles heartbleed. ##### Remote Code Execution Vulnerability #1 (CVE-2017-0781) This vulnerability resides in the Bluetooth Network Encapsulation Protocol (BNEP) service, which enables internet sharing over a Bluetooth connection (tethering). Due to a flaw in the BNEP service, a hacker can trigger a surgical memory corruption, which is easy to exploit and enables him to run code on the device, effectively granting him complete control. Due to lack of proper authorization validations, triggering this vulnerability does not require any user interaction, authentication or pairing, so the targeted user is completely unaware of an ongoing attack. ##### Remote Code Execution vulnerability #2 (CVE-2017-0782) This vulnerability is similar to the previous one, but resides in a higher level of the BNEP service – the Personal Area Networking (PAN) profile – which is responsible for establishing an IP based network connection between two devices. In this case, the memory corruption is larger, but can still be leveraged by an attacker to gain full control over the infected device. Similar to the previous vulnerability, this vulnerability can also be triggered without any user interaction, authentication or pairing. ##### The Bluetooth Pineapple – Man in The Middle attack (CVE-2017-0783) Man-in-The-Middle (MiTM) attacks allow the attacker to intercept and intervene in all data going to or from the targeted device. To create a MiTM attack using Wi-Fi, the attacker requires both special equipment, and a connection request from the targeted device to an open WiFi network. In Bluetooth, the attacker can actively engage his target, using any device with Bluetooth capabilities. The vulnerability resides in the PAN profile of the Bluetooth stack, and enables the attacker to create a malicious network interface on the victim’s device, re-configure IP routing and force the device to transmit all communication through the malicious network interface. This attack does not require any user interaction, authentication or pairing, making it practically invisible. #### BlueBorne attack on Windows We have disclosed a vulnerability in Windows which allows an attacker to conduct a Man-in-The-Middle attack. Here is a quick demo of how BlueBorne can take create a MiTM attack: https://youtu.be/QrHbZPO9Rnc ##### The Bluetooth Pineapple #2 – Man in The Middle attack (CVE-2017-8628) This vulnerability is identical to the one found in the Android operating system, and affects both systems since they shared the same principals in implementing some of the Bluetooth protocol. The vulnerability resides in the Bluetooth stack, and enables the attacker to create a malicious network interface on the victim’s device, re-configure IP routing and force the device to transmit all communication through it. This attack does not require any user interaction, authentication or pairing, making it also practically invisible. #### BlueBorne attack on Linux Armis has disclosed two vulnerabilities in the Linux operating system which allow attackers to take complete control over infected devices. The first is an information leak vulnerability, which can help the attacker determine the exact version used by the targeted device and adjust his exploit accordingly. The second is a stack overflow with can lead to full control of a device. Here is a quick demo of how BlueBorne can take over a Linux device: https://youtu.be/U7mWeKhd_-A ##### Information leak vulnerability (CVE-2017-1000250) Similar to the information leak vulnerability in Android, this vulnerability resides in the SDP server responsible for identifying other services using Bluetooth around the device. The flaw allows the attacker to send a set of crafted requests to the server, causing it to disclose memory bits in response. This can be used by an attacker to expose sensitive data from the Bluetooth processthat may also contain encryption keys of Bluetooth communications. These can be used by the attacker to initiate an attack that very much resembles heartbleed. ##### A stack overflow in BlueZ (CVE-2017-1000251) This vulnerability was found in the Bluetooth stack of the Linux Kernel, which is the very core of the operating system. An internal flaw in the L2CAP (Logical Link Control and Adaptation Protocol) that is used to connect between two devices causes a memory corruption. An attacker can use this memory corruption to gain full control of the device. #### BlueBorne attack on iOS This vulnerability found by Armis was disclosed to Apple. Since it was mitigated in iOS version 10 and Apple TV version above 7.2.2, a full exploit was not developed to demonstrate how this vulnerability can be leveraged for gaining full control of an iOS device. However, this vulnerability still poses great risk to any iOS device prior to version 10, as it is does not require any interaction from the users, or configuration of any sort on the targeted device. The vulnerability can be leveraged by an attacker to gain remote code execution in a high-privileged context (the Bluetooth process). ##### Remote code execution via Apple’s Low Energy Audio Protocol This vulnerability was found in a new protocol Apple has invented, which operates on top of Bluetooth, called LEAP (Low energy audio protocol). The protocol is designed to stream audio to low energy audio peripherals (such as low energy headsets, or the Siri Remote). This enables devices that only have Bluetooth Low Energy to stream audio and send audio commands. Due to a flaw in the implementation of LEAP, a large audio command can be sent to a targeted device and lead to a memory corruption. Since the audio commands sent via LEAP are not properly validated, an attacker can use the memory corruption to gain full control of the device. ### Securing against BlueBorne Vulnerabilities that can spread over the air and between devices pose a tremendous threat to any organization or individual. Current security measures, including endpoint protection, mobile data management, firewalls, and network security solution are not designed to identify these type of attacks, and related vulnerabilities and exploits, as their main focus is to block attacks that can spread via IP connections. New solutions are needed to address the new airborne attack vector, especially those that make air gapping irrelevant. Additionally, there will need to be more attention and research as new protocols are using for consumers and businesses alike. With the large number of desktop, mobile, and IoT devices only increasing, it is critical we can ensure these types of vulnerabilities are not exploited. This is the primary mission of Armis in this new connected age.
idSSV:96467
last seen2017-11-19
modified2017-09-13
published2017-09-13
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-96467
titleThe IoT Attack Vector “BlueBorne” Exposes Almost Every Connected Device (BlueBorne)

The Hacker News