Vulnerabilities > CVE-2017-8797 - Improper Validation of Array Index vulnerability in Linux Kernel

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
linux
CWE-129
nessus

Summary

The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.

Vulnerable Configurations

Part Description Count
OS
Linux
309

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.

Nessus

  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-1842.NASL
    descriptionFrom Red Hat Security Advisory 2017:1842 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. (CVE-2016-10200, Important) * A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges. (CVE-2017-2647, Important) * It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service. (CVE-2017-8797, Important) This update also fixes multiple Moderate and Low impact security issues : * CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242, CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685 Documentation for these issues is available from the Release Notes document linked from the References section. Red Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin (Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi for reporting CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for reporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-6213 and CVE-2016-9685 issues were discovered by Qian Cai (Red Hat); and the CVE-2016-9604 issue was discovered by David Howells (Red Hat). Additional Changes : For detailed information on other changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id102281
    published2017-08-09
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102281
    titleOracle Linux 7 : kernel (ELSA-2017-1842) (Stack Clash)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2017:1842 and 
    # Oracle Linux Security Advisory ELSA-2017-1842 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(102281);
      script_version("3.13");
      script_cvs_date("Date: 2019/09/27 13:00:38");
    
      script_cve_id("CVE-2014-7970", "CVE-2014-7975", "CVE-2015-8839", "CVE-2015-8970", "CVE-2016-10088", "CVE-2016-10147", "CVE-2016-10200", "CVE-2016-10741", "CVE-2016-6213", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8645", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-9604", "CVE-2016-9685", "CVE-2016-9806", "CVE-2017-1000379", "CVE-2017-2584", "CVE-2017-2596", "CVE-2017-2647", "CVE-2017-2671", "CVE-2017-5551", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7495", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-8797", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242");
      script_xref(name:"RHSA", value:"2017:1842");
    
      script_name(english:"Oracle Linux 7 : kernel (ELSA-2017-1842) (Stack Clash)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2017:1842 :
    
    An update for kernel is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es) :
    
    * An use-after-free flaw was found in the Linux kernel which enables a
    race condition in the L2TPv3 IP Encapsulation feature. A local user
    could use this flaw to escalate their privileges or crash the system.
    (CVE-2016-10200, Important)
    
    * A flaw was found that can be triggered in keyring_search_iterator in
    keyring.c if type->match is NULL. A local user could use this flaw to
    crash the system or, potentially, escalate their privileges.
    (CVE-2017-2647, Important)
    
    * It was found that the NFSv4 server in the Linux kernel did not
    properly validate layout type when processing NFSv4 pNFS LAYOUTGET and
    GETDEVICEINFO operands. A remote attacker could use this flaw to
    soft-lockup the system and thus cause denial of service.
    (CVE-2017-8797, Important)
    
    This update also fixes multiple Moderate and Low impact security
    issues :
    
    * CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042,
    CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588,
    CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596,
    CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951,
    CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890,
    CVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890,
    CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242,
    CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604,
    CVE-2016-9685
    
    Documentation for these issues is available from the Release Notes
    document linked from the References section.
    
    Red Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin
    (Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and
    Vasily Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi
    for reporting CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for
    reporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by
    Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by
    Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-6213
    and CVE-2016-9685 issues were discovered by Qian Cai (Red Hat); and
    the CVE-2016-9604 issue was discovered by David Howells (Red Hat).
    
    Additional Changes :
    
    For detailed information on other changes in this release, see the Red
    Hat Enterprise Linux 7.4 Release Notes linked from the References
    section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2017-August/007073.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/08/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/09");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 7", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2014-7970", "CVE-2014-7975", "CVE-2015-8839", "CVE-2015-8970", "CVE-2016-10088", "CVE-2016-10147", "CVE-2016-10200", "CVE-2016-10741", "CVE-2016-6213", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8645", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-9604", "CVE-2016-9685", "CVE-2016-9806", "CVE-2017-1000379", "CVE-2017-2584", "CVE-2017-2596", "CVE-2017-2647", "CVE-2017-2671", "CVE-2017-5551", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7495", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-8797", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242");  
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2017-1842");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    kernel_major_minor = get_kb_item("Host/uname/major_minor");
    if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
    expected_kernel_major_minor = "3.10";
    if (kernel_major_minor != expected_kernel_major_minor)
      audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);
    
    flag = 0;
    if (rpm_exists(release:"EL7", rpm:"kernel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-3.10.0-693.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-abi-whitelists-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-abi-whitelists-3.10.0-693.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-debug-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-693.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-debug-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-693.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-693.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-doc-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-doc-3.10.0-693.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-headers-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-693.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-tools-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-693.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-tools-libs-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-693.el7")) flag++;
    if (rpm_exists(release:"EL7", rpm:"kernel-tools-libs-devel-3.10.0") && rpm_check(release:"EL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-693.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"perf-3.10.0-693.el7")) flag++;
    if (rpm_check(release:"EL7", cpu:"x86_64", reference:"python-perf-3.10.0-693.el7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0174.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0174 for details.
    last seen2020-06-05
    modified2017-12-14
    plugin id105248
    published2017-12-14
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105248
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0174) (BlueBorne) (Dirty COW) (Stack Clash)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2017-0174.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105248);
      script_version("3.8");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-10044", "CVE-2016-10200", "CVE-2016-10318", "CVE-2016-1575", "CVE-2016-1576", "CVE-2016-6213", "CVE-2016-9191", "CVE-2016-9604", "CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-1000405", "CVE-2017-10661", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-12134", "CVE-2017-12154", "CVE-2017-12190", "CVE-2017-12192", "CVE-2017-14106", "CVE-2017-14489", "CVE-2017-15649", "CVE-2017-16527", "CVE-2017-16650", "CVE-2017-2618", "CVE-2017-2671", "CVE-2017-7477", "CVE-2017-7482", "CVE-2017-7533", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-7618", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-8797", "CVE-2017-8831", "CVE-2017-8890", "CVE-2017-9059", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9077", "CVE-2017-9242");
    
      script_name(english:"OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0174) (BlueBorne) (Dirty COW) (Stack Clash)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates : please see Oracle VM Security Advisory
    OVMSA-2017-0174 for details."
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2017-December/000805.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0059c7d1"
      );
      script_set_attribute(
        attribute:"solution",
        value:"Update the affected kernel-uek / kernel-uek-firmware packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/12/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/14");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.4" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.4", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.4", reference:"kernel-uek-4.1.12-112.14.1.el6uek")) flag++;
    if (rpm_check(release:"OVS3.4", reference:"kernel-uek-firmware-4.1.12-112.14.1.el6uek")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-uek / kernel-uek-firmware");
    }
    
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2017-063.NASL
    descriptionAccording to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - The NFSv4 server in the Linux kernel compiled with CONFIG_NFSD_PNFS enabled does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. The attack payload fits to single one-way UDP packet. The provided input value is used for array dereferencing. This may lead to a remote DoS of [knfsd] and so to a soft-lockup of a whole system. - A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap overflow occurred if
    last seen2020-06-01
    modified2020-06-02
    plugin id101234
    published2017-07-06
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101234
    titleVirtuozzo 7 : readykernel-patch (VZA-2017-063)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101234);
      script_version("3.10");
      script_cvs_date("Date: 2019/01/14 10:10:15");
    
      script_cve_id(
        "CVE-2017-7477",
        "CVE-2017-8797"
      );
    
      script_name(english:"Virtuozzo 7 : readykernel-patch (VZA-2017-063)");
      script_summary(english:"Checks the readykernel output for the updated patch.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Virtuozzo host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the vzkernel package and the
    readykernel-patch installed, the Virtuozzo installation on the remote
    host is affected by the following vulnerabilities :
    
      - The NFSv4 server in the Linux kernel compiled with
        CONFIG_NFSD_PNFS enabled does not properly validate
        layout type when processing NFSv4 pNFS LAYOUTGET and
        GETDEVICEINFO operands. The attack payload fits to
        single one-way UDP packet. The provided input value is
        used for array dereferencing. This may lead to a remote
        DoS of [knfsd] and so to a soft-lockup of a whole
        system.
    
      - A flaw was found in the way Linux kernel allocates heap
        memory to build the scattergather list from a fragment
        list(skb_shinfo(skb)->frag_list) in the socket
        buffer(skb_buff). The heap overflow occurred if
        'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST'
        feature are both used together. A remote user or
        process could use this flaw to potentially escalate
        their privilege on a system.
    
      - A vulnerability was found in the implementation of
        setsockopt() operations in the Linux kernel. A
        privileged user inside a container could cause a DoS
        attack on the host (kernel deadlock in ip_ra_control()
        function) using a specially crafted sequence of system
        calls.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Virtuozzo security advisory.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues.");
      script_set_attribute(attribute:"see_also", value:"https://help.virtuozzo.com/customer/portal/articles/2835416");
      # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.10-25.0-1.vl7/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3104b434");
      # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.15-25.0-1.vl7/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b0ba13c7");
      script_set_attribute(attribute:"solution", value:"Update the readykernel patch.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/07/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/06");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:readykernel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:virtuozzo:virtuozzo:7");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Virtuozzo Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Virtuozzo/release", "Host/Virtuozzo/rpm-list", "Host/readykernel-info");
    
      exit(0);
    }
    
    include("global_settings.inc");
    include("readykernel.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/Virtuozzo/release");
    if (isnull(release) || "Virtuozzo" >!< release) audit(AUDIT_OS_NOT, "Virtuozzo");
    os_ver = pregmatch(pattern: "Virtuozzo Linux release ([0-9]+\.[0-9])(\D|$)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Virtuozzo");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Virtuozzo 7.x", "Virtuozzo " + os_ver);
    
    if (!get_kb_item("Host/Virtuozzo/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Virtuozzo", cpu);
    
    rk_info = get_kb_item("Host/readykernel-info");
    if (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, "Virtuozzo");
    
    checks = make_list2(
      make_array(
        "kernel","vzkernel-3.10.0-514.16.1.vz7.30.10",
        "patch","readykernel-patch-30.10-25.0-1.vl7"
      ),
      make_array(
        "kernel","vzkernel-3.10.0-514.16.1.vz7.30.15",
        "patch","readykernel-patch-30.15-25.0-1.vl7"
      )
    );
    readykernel_execute_checks(checks:checks, severity:SECURITY_HOLE, release:"Virtuozzo-7");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-1842.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. (CVE-2016-10200, Important) * A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges. (CVE-2017-2647, Important) * It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service. (CVE-2017-8797, Important) This update also fixes multiple Moderate and Low impact security issues : * CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242, CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685 Documentation for these issues is available from the Release Notes document linked from the References section. Red Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin (Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi for reporting CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for reporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-6213 and CVE-2016-9685 issues were discovered by Qian Cai (Red Hat); and the CVE-2016-9604 issue was discovered by David Howells (Red Hat). Additional Changes : For detailed information on other changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id102143
    published2017-08-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102143
    titleRHEL 7 : kernel (RHSA-2017:1842) (Stack Clash)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2017:1842. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(102143);
      script_version("3.19");
      script_cvs_date("Date: 2019/10/24 15:35:43");
    
      script_cve_id("CVE-2014-7970", "CVE-2014-7975", "CVE-2015-8839", "CVE-2015-8970", "CVE-2016-10088", "CVE-2016-10147", "CVE-2016-10200", "CVE-2016-10741", "CVE-2016-6213", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8645", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-9604", "CVE-2016-9685", "CVE-2016-9806", "CVE-2017-1000379", "CVE-2017-2584", "CVE-2017-2596", "CVE-2017-2647", "CVE-2017-2671", "CVE-2017-5551", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7495", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-8797", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242");
      script_xref(name:"RHSA", value:"2017:1842");
    
      script_name(english:"RHEL 7 : kernel (RHSA-2017:1842) (Stack Clash)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kernel is now available for Red Hat Enterprise Linux 7.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel packages contain the Linux kernel, the core of any Linux
    operating system.
    
    Security Fix(es) :
    
    * An use-after-free flaw was found in the Linux kernel which enables a
    race condition in the L2TPv3 IP Encapsulation feature. A local user
    could use this flaw to escalate their privileges or crash the system.
    (CVE-2016-10200, Important)
    
    * A flaw was found that can be triggered in keyring_search_iterator in
    keyring.c if type->match is NULL. A local user could use this flaw to
    crash the system or, potentially, escalate their privileges.
    (CVE-2017-2647, Important)
    
    * It was found that the NFSv4 server in the Linux kernel did not
    properly validate layout type when processing NFSv4 pNFS LAYOUTGET and
    GETDEVICEINFO operands. A remote attacker could use this flaw to
    soft-lockup the system and thus cause denial of service.
    (CVE-2017-8797, Important)
    
    This update also fixes multiple Moderate and Low impact security
    issues :
    
    * CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042,
    CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588,
    CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596,
    CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951,
    CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890,
    CVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890,
    CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242,
    CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604,
    CVE-2016-9685
    
    Documentation for these issues is available from the Release Notes
    document linked from the References section.
    
    Red Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin
    (Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and
    Vasily Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi
    for reporting CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for
    reporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by
    Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by
    Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-6213
    and CVE-2016-9685 issues were discovered by Qian Cai (Red Hat); and
    the CVE-2016-9604 issue was discovered by David Howells (Red Hat).
    
    Additional Changes :
    
    For detailed information on other changes in this release, see the Red
    Hat Enterprise Linux 7.4 Release Notes linked from the References
    section."
      );
      # https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?3395ff0b"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2017:1842"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-7970"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2014-7975"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-8839"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-8970"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-6213"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-7042"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-7097"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-8645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-9576"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-9588"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-9604"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-9685"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-9806"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-10088"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-10147"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-10200"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-10741"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-2584"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-2596"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-2647"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-2671"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-5551"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-5970"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-6001"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-6951"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-7187"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-7495"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-7616"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-7889"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-8797"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-8890"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-9074"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-9075"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-9076"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-9077"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-9242"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-1000379"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/08/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/03");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2014-7970", "CVE-2014-7975", "CVE-2015-8839", "CVE-2015-8970", "CVE-2016-10088", "CVE-2016-10147", "CVE-2016-10200", "CVE-2016-10741", "CVE-2016-6213", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8645", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-9604", "CVE-2016-9685", "CVE-2016-9806", "CVE-2017-1000379", "CVE-2017-2584", "CVE-2017-2596", "CVE-2017-2647", "CVE-2017-2671", "CVE-2017-5551", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7495", "CVE-2017-7616", "CVE-2017-7889", "CVE-2017-8797", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2017:1842");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2017:1842";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"kernel-abi-whitelists-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-debuginfo-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debug-devel-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debuginfo-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debuginfo-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-debuginfo-common-s390x-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-devel-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", reference:"kernel-doc-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-headers-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-debuginfo-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"kernel-kdump-devel-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-tools-debuginfo-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"perf-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"perf-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"perf-debuginfo-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"perf-debuginfo-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-perf-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-perf-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"python-perf-debuginfo-3.10.0-693.el7")) flag++;
    
      if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-perf-debuginfo-3.10.0-693.el7")) flag++;
    
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2669.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab
    last seen2020-06-01
    modified2020-06-02
    plugin id103046
    published2017-09-08
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/103046
    titleRHEL 6 : MRG (RHSA-2017:2669)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2017:2669. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(103046);
      script_version("3.13");
      script_cvs_date("Date: 2019/10/24 15:35:43");
    
      script_cve_id("CVE-2015-8839", "CVE-2016-10088", "CVE-2016-10741", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8645", "CVE-2016-9576", "CVE-2016-9604", "CVE-2016-9685", "CVE-2016-9806", "CVE-2017-2671", "CVE-2017-5551", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7495", "CVE-2017-7533", "CVE-2017-7889", "CVE-2017-8797", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077");
      script_xref(name:"RHSA", value:"2017:2669");
    
      script_name(english:"RHEL 6 : MRG (RHSA-2017:2669)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for kernel-rt is now available for Red Hat Enterprise MRG 2.
    
    Red Hat Product Security has rated this update as having a security
    impact of Important. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The kernel-rt packages provide the Real Time Linux Kernel, which
    enables fine-tuning for systems with extremely high determinism
    requirements.
    
    Security Fix(es) :
    
    * A race condition was found in the Linux kernel, present since
    v3.14-rc1 through v4.12. The race happens between threads of
    inotify_handle_event() and vfs_rename() while running the rename
    operation against the same file. As a result of the race the next slab
    data or the slab's free list pointer can be corrupted with
    attacker-controlled data, which may lead to the privilege escalation.
    (CVE-2017-7533, Important)
    
    * It was found that the NFSv4 server in the Linux kernel did not
    properly validate layout type when processing NFSv4 pNFS LAYOUTGET and
    GETDEVICEINFO operands. A remote attacker could use this flaw to
    soft-lockup the system and thus cause denial of service.
    (CVE-2017-8797, Important)
    
    This update also fixes multiple Moderate and Low impact security
    issues :
    
    CVE-2017-8797 CVE-2015-8839 CVE-2016-9576 CVE-2016-7042 CVE-2016-7097
    CVE-2016-8645 CVE-2016-9576 CVE-2016-9806 CVE-2016-10088 CVE-2017-2671
    CVE-2017-5970 CVE-2017-6001 CVE-2017-6951 CVE-2017-7187 CVE-2017-7889
    CVE-2017-8890 CVE-2017-9074 CVE-2017-8890 CVE-2017-9075 CVE-2017-8890
    CVE-2017-9076 CVE-2017-8890 CVE-2017-9077 CVE-2016-9604 CVE-2016-9685
    
    Documentation for these issues are available from the Technical Notes
    document linked to in the References section.
    
    Red Hat would like to thank Leilei Lin (Alibaba Group), Fan Wu (The
    University of Hong Kong), and Shixiong Zhao (The University of Hong
    Kong) for reporting CVE-2017-7533 and Marco Grassi for reporting
    CVE-2016-8645. The CVE-2016-7042 issue was discovered by Ondrej Kozina
    (Red Hat); the CVE-2016-7097 issue was discovered by Andreas
    Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-9604 issue was
    discovered by David Howells (Red Hat); and the CVE-2016-9685 issue was
    discovered by Qian Cai (Red Hat)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/articles/3173821"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2017:2669"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2015-8839"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-7042"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-7097"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-8645"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-9576"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-9604"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-9685"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-9806"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-10088"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2016-10741"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-2671"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-5551"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-5970"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-6001"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-6951"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-7187"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-7495"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-7533"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-7889"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-8797"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-8890"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-9074"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-9075"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-9076"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2017-9077"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/09/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    include("ksplice.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    if (get_one_kb_item("Host/ksplice/kernel-cves"))
    {
      rm_kb_item(name:"Host/uptrack-uname-r");
      cve_list = make_list("CVE-2015-8839", "CVE-2016-10088", "CVE-2016-10741", "CVE-2016-7042", "CVE-2016-7097", "CVE-2016-8645", "CVE-2016-9576", "CVE-2016-9604", "CVE-2016-9685", "CVE-2016-9806", "CVE-2017-2671", "CVE-2017-5551", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7495", "CVE-2017-7533", "CVE-2017-7889", "CVE-2017-8797", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077");
      if (ksplice_cves_check(cve_list))
      {
        audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2017:2669");
      }
      else
      {
        __rpm_report = ksplice_reporting_text();
      }
    }
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2017:2669";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
    
      if (! (rpm_exists(release:"RHEL6", rpm:"mrg-release"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "MRG");
    
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-3.10.0-693.2.1.rt56.585.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-3.10.0-693.2.1.rt56.585.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-debuginfo-3.10.0-693.2.1.rt56.585.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-devel-3.10.0-693.2.1.rt56.585.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debuginfo-3.10.0-693.2.1.rt56.585.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debuginfo-common-x86_64-3.10.0-693.2.1.rt56.585.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-devel-3.10.0-693.2.1.rt56.585.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"kernel-rt-doc-3.10.0-693.2.1.rt56.585.el6")) flag++;
      if (rpm_check(release:"RHEL6", reference:"kernel-rt-firmware-3.10.0-693.2.1.rt56.585.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-3.10.0-693.2.1.rt56.585.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-debuginfo-3.10.0-693.2.1.rt56.585.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-devel-3.10.0-693.2.1.rt56.585.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-3.10.0-693.2.1.rt56.585.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-debuginfo-3.10.0-693.2.1.rt56.585.el6")) flag++;
      if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-devel-3.10.0-693.2.1.rt56.585.el6")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc");
      }
    }
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2017-0145.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0145 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id102774
    published2017-08-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102774
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0145) (Stack Clash)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2017-0145.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(102774);
      script_version("3.6");
      script_cvs_date("Date: 2019/09/27 13:00:35");
    
      script_cve_id("CVE-2016-10088", "CVE-2016-10200", "CVE-2016-10208", "CVE-2016-10229", "CVE-2016-1575", "CVE-2016-1576", "CVE-2016-6213", "CVE-2016-7910", "CVE-2016-8399", "CVE-2016-9604", "CVE-2016-9644", "CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-2583", "CVE-2017-2636", "CVE-2017-2671", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6347", "CVE-2017-7184", "CVE-2017-7187", "CVE-2017-7273", "CVE-2017-7308", "CVE-2017-7477", "CVE-2017-7533", "CVE-2017-7645", "CVE-2017-7895", "CVE-2017-8797", "CVE-2017-8890", "CVE-2017-9059", "CVE-2017-9074", "CVE-2017-9077", "CVE-2017-9242");
    
      script_name(english:"OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0145) (Stack Clash)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates : please see Oracle VM Security Advisory
    OVMSA-2017-0145 for details."
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2017-August/000760.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?46381f51"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel-uek / kernel-uek-firmware packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'AF_PACKET packet_set_ring Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2017/08/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/25");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.4" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.4", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.4", reference:"kernel-uek-4.1.12-103.3.8.el6uek")) flag++;
    if (rpm_check(release:"OVS3.4", reference:"kernel-uek-firmware-4.1.12-103.3.8.el6uek")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-uek / kernel-uek-firmware");
    }
    
  • NASL familyVirtuozzo Local Security Checks
    NASL idVIRTUOZZO_VZA-2017-062.NASL
    descriptionAccording to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - The NFSv4 server in the Linux kernel compiled with CONFIG_NFSD_PNFS enabled does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. The attack payload fits to single one-way UDP packet. The provided input value is used for array dereferencing. This may lead to a remote DoS of [knfsd] and so to a soft-lockup of a whole system. - A vulnerability was found in the implementation of setsockopt() operations in the Linux kernel. A privileged user inside a container could cause a DoS attack on the host (kernel deadlock in ip_ra_control() function) using a specially crafted sequence of system calls. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id101233
    published2017-07-06
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/101233
    titleVirtuozzo 7 : readykernel-patch (VZA-2017-062)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(101233);
      script_version("3.10");
      script_cvs_date("Date: 2019/01/14 10:10:15");
    
      script_cve_id(
        "CVE-2017-8797"
      );
    
      script_name(english:"Virtuozzo 7 : readykernel-patch (VZA-2017-062)");
      script_summary(english:"Checks the readykernel output for the updated patch.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Virtuozzo host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the vzkernel package and the
    readykernel-patch installed, the Virtuozzo installation on the remote
    host is affected by the following vulnerabilities :
    
      - The NFSv4 server in the Linux kernel compiled with
        CONFIG_NFSD_PNFS enabled does not properly validate
        layout type when processing NFSv4 pNFS LAYOUTGET and
        GETDEVICEINFO operands. The attack payload fits to
        single one-way UDP packet. The provided input value is
        used for array dereferencing. This may lead to a remote
        DoS of [knfsd] and so to a soft-lockup of a whole
        system.
    
      - A vulnerability was found in the implementation of
        setsockopt() operations in the Linux kernel. A
        privileged user inside a container could cause a DoS
        attack on the host (kernel deadlock in ip_ra_control()
        function) using a specially crafted sequence of system
        calls.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Virtuozzo security advisory.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues.");
      script_set_attribute(attribute:"see_also", value:"https://help.virtuozzo.com/customer/portal/articles/2835401");
      # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-15.2-25.0-1.vl7/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?858fd78c");
      # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-18.7-25.0-1.vl7/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7ef02dd1");
      # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-20.18-25.0-1.vl7/
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f55bb5c8");
      script_set_attribute(attribute:"solution", value:"Update the readykernel patch.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2017/07/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2017/07/06");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:readykernel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:virtuozzo:virtuozzo:7");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Virtuozzo Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Virtuozzo/release", "Host/Virtuozzo/rpm-list", "Host/readykernel-info");
    
      exit(0);
    }
    
    include("global_settings.inc");
    include("readykernel.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/Virtuozzo/release");
    if (isnull(release) || "Virtuozzo" >!< release) audit(AUDIT_OS_NOT, "Virtuozzo");
    os_ver = pregmatch(pattern: "Virtuozzo Linux release ([0-9]+\.[0-9])(\D|$)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Virtuozzo");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Virtuozzo 7.x", "Virtuozzo " + os_ver);
    
    if (!get_kb_item("Host/Virtuozzo/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Virtuozzo", cpu);
    
    rk_info = get_kb_item("Host/readykernel-info");
    if (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, "Virtuozzo");
    
    checks = make_list2(
      make_array(
        "kernel","vzkernel-3.10.0-327.18.2.vz7.15.2",
        "patch","readykernel-patch-15.2-25.0-1.vl7"
      ),
      make_array(
        "kernel","vzkernel-3.10.0-327.36.1.vz7.18.7",
        "patch","readykernel-patch-18.7-25.0-1.vl7"
      ),
      make_array(
        "kernel","vzkernel-3.10.0-327.36.1.vz7.20.18",
        "patch","readykernel-patch-20.18-25.0-1.vl7"
      )
    );
    readykernel_execute_checks(checks:checks, severity:SECURITY_HOLE, release:"Virtuozzo-7");
    
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0015.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0015 for details.
    last seen2020-06-01
    modified2020-06-02
    plugin id106469
    published2018-01-30
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106469
    titleOracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0015) (BlueBorne) (Meltdown) (Spectre) (Stack Clash)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The package checks in this plugin were extracted from OracleVM
    # Security Advisory OVMSA-2018-0015.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(106469);
      script_version("1.8");
      script_cvs_date("Date: 2019/09/27 13:00:35");
    
      script_cve_id("CVE-2016-10044", "CVE-2016-10200", "CVE-2016-10229", "CVE-2016-6213", "CVE-2016-9604", "CVE-2017-1000111", "CVE-2017-1000251", "CVE-2017-1000363", "CVE-2017-1000364", "CVE-2017-1000365", "CVE-2017-1000380", "CVE-2017-1000407", "CVE-2017-11176", "CVE-2017-11473", "CVE-2017-12134", "CVE-2017-2671", "CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-7273", "CVE-2017-7308", "CVE-2017-7533", "CVE-2017-7645", "CVE-2017-7895", "CVE-2017-8797", "CVE-2017-8890", "CVE-2017-9059", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9077", "CVE-2017-9242");
      script_xref(name:"IAVA", value:"2018-A-0019");
      script_xref(name:"IAVA", value:"2018-A-0020");
    
      script_name(english:"OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0015) (BlueBorne) (Meltdown) (Spectre) (Stack Clash)");
      script_summary(english:"Checks the RPM output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote OracleVM host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote OracleVM system is missing necessary patches to address
    critical security updates : please see Oracle VM Security Advisory
    OVMSA-2018-0015 for details."
      );
      # https://oss.oracle.com/pipermail/oraclevm-errata/2018-January/000826.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?81fd788e"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected kernel-uek / kernel-uek-firmware packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'AF_PACKET packet_set_ring Privilege Escalation');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:kernel-uek-firmware");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/01/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/30");
      script_set_attribute(attribute:"in_the_news", value:"true");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"OracleVM Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/OracleVM/release");
    if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM");
    if (! preg(pattern:"^OVS" + "3\.4" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.4", "OracleVM " + release);
    if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu);
    if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
    
    flag = 0;
    if (rpm_check(release:"OVS3.4", reference:"kernel-uek-4.1.12-61.63.1.el6uek")) flag++;
    if (rpm_check(release:"OVS3.4", reference:"kernel-uek-firmware-4.1.12-61.63.1.el6uek")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-uek / kernel-uek-firmware");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2437.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. (CVE-2016-10200, Important) * A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges. (CVE-2017-2647, Important) * It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service. (CVE-2017-8797, Important) * The lrw_crypt() function in
    last seen2020-06-01
    modified2020-06-02
    plugin id102349
    published2017-08-10
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102349
    titleRHEL 7 : kernel (RHSA-2017:2437)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2017-1842.NASL
    descriptionAn update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. (CVE-2016-10200, Important) * A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges. (CVE-2017-2647, Important) * It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service. (CVE-2017-8797, Important) This update also fixes multiple Moderate and Low impact security issues : * CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242, CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685 Documentation for these issues is available from the Release Notes document linked from the References section. Red Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin (Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi for reporting CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for reporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-6213 and CVE-2016-9685 issues were discovered by Qian Cai (Red Hat); and the CVE-2016-9604 issue was discovered by David Howells (Red Hat). Additional Changes : For detailed information on other changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id102734
    published2017-08-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102734
    titleCentOS 7 : kernel (CESA-2017:1842) (Stack Clash)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1504.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in the Linux kernel where the keyctl_set_reqkey_keyring() function leaks the thread keyring. This allows an unprivileged local user to exhaust kernel memory and thus cause a DoS.(CVE-2017-7472) - A reference counter leak in Linux kernel in ipxitf_ioctl function was found which results in a use after free vulnerability that
    last seen2020-06-01
    modified2020-06-02
    plugin id124827
    published2019-05-13
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124827
    titleEulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1504)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3659.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-05
    modified2017-12-14
    plugin id105247
    published2017-12-14
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105247
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3659) (BlueBorne) (Dirty COW) (Stack Clash)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2017-2077.NASL
    descriptionAn update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. (CVE-2016-10200, Important) * A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges. (CVE-2017-2647, Important) * It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service. (CVE-2017-8797, Important) This update also fixes multiple Moderate and Low impact security issues : * CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242, CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685 Documentation for these issues is available from the Release Notes document linked from the References section. Red Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin (Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi for reporting CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for reporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-6213 and CVE-2016-9685 issues were discovered by Qian Cai (Red Hat); and the CVE-2016-9604 issue was discovered by David Howells (Red Hat). Additional Changes : For detailed information on other changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id102151
    published2017-08-03
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102151
    titleRHEL 7 : kernel-rt (RHSA-2017:2077)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2017-3609.NASL
    descriptionThe remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen2020-06-01
    modified2020-06-02
    plugin id102773
    published2017-08-25
    reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102773
    titleOracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3609) (Stack Clash)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20170801_KERNEL_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. (CVE-2016-10200, Important) - A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges. (CVE-2017-2647, Important) - It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft- lockup the system and thus cause denial of service. (CVE-2017-8797, Important) This update also fixes multiple Moderate and Low impact security issues : - CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242, CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685
    last seen2020-03-18
    modified2017-08-22
    plugin id102645
    published2017-08-22
    reporterThis script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/102645
    titleScientific Linux Security Update : kernel on SL7.x x86_64 (20170801)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1482.NASL
    descriptionAccording to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An information-leak vulnerability was found in the kernel when it truncated a file to a smaller size which consisted of an inline extent that was compressed. The data between the new file size and the old file size was not discarded and the number of bytes used by the inode were not correctly decremented, which gave the wrong report for callers of the stat(2) syscall. This wasted metadata space and allowed for the truncated data to be leaked, and data corruption or loss to occur. A caller of the clone ioctl could exploit this flaw by using only standard file-system operations without root access to read the truncated data.(CVE-2015-8374i1/4%0 - crypto/pcrypt.c in the Linux kernel, before 4.14.13, mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-18075i1/4%0 - An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-32835279. References: QC-CR#1096945.(CVE-2017-0523i1/4%0 - The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.10.14 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a
    last seen2020-03-19
    modified2019-05-13
    plugin id124806
    published2019-05-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124806
    titleEulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1482)

Redhat

advisories
  • rhsa
    idRHSA-2017:1842
  • rhsa
    idRHSA-2017:2077
  • rhsa
    idRHSA-2017:2437
  • rhsa
    idRHSA-2017:2669
rpms
  • kernel-0:3.10.0-693.el7
  • kernel-abi-whitelists-0:3.10.0-693.el7
  • kernel-bootwrapper-0:3.10.0-693.el7
  • kernel-debug-0:3.10.0-693.el7
  • kernel-debug-debuginfo-0:3.10.0-693.el7
  • kernel-debug-devel-0:3.10.0-693.el7
  • kernel-debuginfo-0:3.10.0-693.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-693.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-693.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-693.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-693.el7
  • kernel-devel-0:3.10.0-693.el7
  • kernel-doc-0:3.10.0-693.el7
  • kernel-headers-0:3.10.0-693.el7
  • kernel-kdump-0:3.10.0-693.el7
  • kernel-kdump-debuginfo-0:3.10.0-693.el7
  • kernel-kdump-devel-0:3.10.0-693.el7
  • kernel-tools-0:3.10.0-693.el7
  • kernel-tools-debuginfo-0:3.10.0-693.el7
  • kernel-tools-libs-0:3.10.0-693.el7
  • kernel-tools-libs-devel-0:3.10.0-693.el7
  • perf-0:3.10.0-693.el7
  • perf-debuginfo-0:3.10.0-693.el7
  • python-perf-0:3.10.0-693.el7
  • python-perf-debuginfo-0:3.10.0-693.el7
  • kernel-rt-0:3.10.0-693.rt56.617.el7
  • kernel-rt-debug-0:3.10.0-693.rt56.617.el7
  • kernel-rt-debug-debuginfo-0:3.10.0-693.rt56.617.el7
  • kernel-rt-debug-devel-0:3.10.0-693.rt56.617.el7
  • kernel-rt-debug-kvm-0:3.10.0-693.rt56.617.el7
  • kernel-rt-debug-kvm-debuginfo-0:3.10.0-693.rt56.617.el7
  • kernel-rt-debuginfo-0:3.10.0-693.rt56.617.el7
  • kernel-rt-debuginfo-common-x86_64-0:3.10.0-693.rt56.617.el7
  • kernel-rt-devel-0:3.10.0-693.rt56.617.el7
  • kernel-rt-doc-0:3.10.0-693.rt56.617.el7
  • kernel-rt-kvm-0:3.10.0-693.rt56.617.el7
  • kernel-rt-kvm-debuginfo-0:3.10.0-693.rt56.617.el7
  • kernel-rt-trace-0:3.10.0-693.rt56.617.el7
  • kernel-rt-trace-debuginfo-0:3.10.0-693.rt56.617.el7
  • kernel-rt-trace-devel-0:3.10.0-693.rt56.617.el7
  • kernel-rt-trace-kvm-0:3.10.0-693.rt56.617.el7
  • kernel-rt-trace-kvm-debuginfo-0:3.10.0-693.rt56.617.el7
  • kernel-0:3.10.0-514.28.1.el7
  • kernel-abi-whitelists-0:3.10.0-514.28.1.el7
  • kernel-bootwrapper-0:3.10.0-514.28.1.el7
  • kernel-debug-0:3.10.0-514.28.1.el7
  • kernel-debug-debuginfo-0:3.10.0-514.28.1.el7
  • kernel-debug-devel-0:3.10.0-514.28.1.el7
  • kernel-debuginfo-0:3.10.0-514.28.1.el7
  • kernel-debuginfo-common-ppc64-0:3.10.0-514.28.1.el7
  • kernel-debuginfo-common-ppc64le-0:3.10.0-514.28.1.el7
  • kernel-debuginfo-common-s390x-0:3.10.0-514.28.1.el7
  • kernel-debuginfo-common-x86_64-0:3.10.0-514.28.1.el7
  • kernel-devel-0:3.10.0-514.28.1.el7
  • kernel-doc-0:3.10.0-514.28.1.el7
  • kernel-headers-0:3.10.0-514.28.1.el7
  • kernel-kdump-0:3.10.0-514.28.1.el7
  • kernel-kdump-debuginfo-0:3.10.0-514.28.1.el7
  • kernel-kdump-devel-0:3.10.0-514.28.1.el7
  • kernel-tools-0:3.10.0-514.28.1.el7
  • kernel-tools-debuginfo-0:3.10.0-514.28.1.el7
  • kernel-tools-libs-0:3.10.0-514.28.1.el7
  • kernel-tools-libs-devel-0:3.10.0-514.28.1.el7
  • perf-0:3.10.0-514.28.1.el7
  • perf-debuginfo-0:3.10.0-514.28.1.el7
  • python-perf-0:3.10.0-514.28.1.el7
  • python-perf-debuginfo-0:3.10.0-514.28.1.el7
  • kernel-rt-1:3.10.0-693.2.1.rt56.585.el6rt
  • kernel-rt-debug-1:3.10.0-693.2.1.rt56.585.el6rt
  • kernel-rt-debug-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt
  • kernel-rt-debug-devel-1:3.10.0-693.2.1.rt56.585.el6rt
  • kernel-rt-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt
  • kernel-rt-debuginfo-common-x86_64-1:3.10.0-693.2.1.rt56.585.el6rt
  • kernel-rt-devel-1:3.10.0-693.2.1.rt56.585.el6rt
  • kernel-rt-doc-1:3.10.0-693.2.1.rt56.585.el6rt
  • kernel-rt-firmware-1:3.10.0-693.2.1.rt56.585.el6rt
  • kernel-rt-trace-1:3.10.0-693.2.1.rt56.585.el6rt
  • kernel-rt-trace-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt
  • kernel-rt-trace-devel-1:3.10.0-693.2.1.rt56.585.el6rt
  • kernel-rt-vanilla-1:3.10.0-693.2.1.rt56.585.el6rt
  • kernel-rt-vanilla-debuginfo-1:3.10.0-693.2.1.rt56.585.el6rt
  • kernel-rt-vanilla-devel-1:3.10.0-693.2.1.rt56.585.el6rt

References