Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2016-694
HistoryApr 27, 2016 - 4:15 p.m.

Medium: kernel

2016-04-2716:15:00
alas.aws.amazon.com
34

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.038 Low

EPSS

Percentile

91.8%

JSON

Issue Overview:

An integer overflow vulnerability was found in xt_alloc_table_info, which on 32-bit systems can lead to small structure allocation and a copy_from_user based heap corruption. (CVE-2016-3135)

In the mark_source_chains function (net/ipv4/netfilter/ip_tables.c) it is possible for a user-supplied ipt_entry structure to have a large next_offset field. This field is not bounds checked prior to writing a counter value at the supplied offset. (CVE-2016-3134)

A weakness was found in the Linux ASLR implementation. Any user able to run 32-bit applications in a x86 machine can disable the ASLR by setting the RLIMIT_STACK resource to unlimited. (CVE-2016-3672)

Destroying a network interface with a large number of IPv4 addresses keeps a rtnl_lock for a very long time, which can block many network-related operations. (CVE-2016-3156)

A use-after-free vulnerability was found in the kernel’s socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117)

(Updated on 2017-01-19: CVE-2016-7117 was fixed in this release but was previously not part of this errata.)

Affected Packages:

kernel

Issue Correction:
Run yum update kernel to update your system.

New Packages:

i686:  
    perf-4.4.8-20.46.amzn1.i686  
    kernel-4.4.8-20.46.amzn1.i686  
    kernel-devel-4.4.8-20.46.amzn1.i686  
    kernel-tools-4.4.8-20.46.amzn1.i686  
    perf-debuginfo-4.4.8-20.46.amzn1.i686  
    kernel-debuginfo-common-i686-4.4.8-20.46.amzn1.i686  
    kernel-tools-debuginfo-4.4.8-20.46.amzn1.i686  
    kernel-debuginfo-4.4.8-20.46.amzn1.i686  
    kernel-tools-devel-4.4.8-20.46.amzn1.i686  
    kernel-headers-4.4.8-20.46.amzn1.i686  
  
noarch:  
    kernel-doc-4.4.8-20.46.amzn1.noarch  
  
src:  
    kernel-4.4.8-20.46.amzn1.src  
  
x86_64:  
    kernel-debuginfo-common-x86_64-4.4.8-20.46.amzn1.x86_64  
    perf-debuginfo-4.4.8-20.46.amzn1.x86_64  
    kernel-tools-debuginfo-4.4.8-20.46.amzn1.x86_64  
    kernel-tools-4.4.8-20.46.amzn1.x86_64  
    kernel-4.4.8-20.46.amzn1.x86_64  
    kernel-tools-devel-4.4.8-20.46.amzn1.x86_64  
    kernel-debuginfo-4.4.8-20.46.amzn1.x86_64  
    perf-4.4.8-20.46.amzn1.x86_64  
    kernel-devel-4.4.8-20.46.amzn1.x86_64  
    kernel-headers-4.4.8-20.46.amzn1.x86_64

Additional References

Red Hat: CVE-2016-3134, CVE-2016-3135, CVE-2016-3156, CVE-2016-3672, CVE-2016-7117

Mitre: CVE-2016-3134, CVE-2016-3135, CVE-2016-3156, CVE-2016-3672, CVE-2016-7117

OSVersionArchitecturePackageVersionFilename
Amazon Linux1i686perf< 4.4.8-20.46.amzn1perf-4.4.8-20.46.amzn1.i686.rpm
Amazon Linux1i686kernel< 4.4.8-20.46.amzn1kernel-4.4.8-20.46.amzn1.i686.rpm
Amazon Linux1i686kernel-devel< 4.4.8-20.46.amzn1kernel-devel-4.4.8-20.46.amzn1.i686.rpm
Amazon Linux1i686kernel-tools< 4.4.8-20.46.amzn1kernel-tools-4.4.8-20.46.amzn1.i686.rpm
Amazon Linux1i686perf-debuginfo< 4.4.8-20.46.amzn1perf-debuginfo-4.4.8-20.46.amzn1.i686.rpm
Amazon Linux1i686kernel-debuginfo-common-i686< 4.4.8-20.46.amzn1kernel-debuginfo-common-i686-4.4.8-20.46.amzn1.i686.rpm
Amazon Linux1i686kernel-tools-debuginfo< 4.4.8-20.46.amzn1kernel-tools-debuginfo-4.4.8-20.46.amzn1.i686.rpm
Amazon Linux1i686kernel-debuginfo< 4.4.8-20.46.amzn1kernel-debuginfo-4.4.8-20.46.amzn1.i686.rpm
Amazon Linux1i686kernel-tools-devel< 4.4.8-20.46.amzn1kernel-tools-devel-4.4.8-20.46.amzn1.i686.rpm
Amazon Linux1i686kernel-headers< 4.4.8-20.46.amzn1kernel-headers-4.4.8-20.46.amzn1.i686.rpm
Rows per page:
1-10 of 211

Related

nessus 66
openvas 30
fedora 6
zdt 3
ubuntucve 5
oraclelinux 11
redhat 15
cve 5
arista 1
centos 4
android 2
debiancve 5
prion 5
veracode 3
f5 2
broadcom 1
ibm 3
exploitdb 3
exploitpack 3
packetstorm 2
zeroscience 1
ubuntu 13
suse 10
nessus
nessus
Amazon Linux AMI : kernel (ALAS-2016-694)
2016-04-29 00:00:00
Fedora 23 : kernel-4.4.6-300.fc23 (2016-02ed08bf15)
2016-03-24 00:00:00
Fedora 22 : kernel-4.4.6-200.fc22 (2016-3a57b19360)
2016-03-24 00:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2016-694)
2016-05-09 00:00:00
Fedora Update for kernel FEDORA-2016-02
2016-03-24 00:00:00
Fedora Update for kernel FEDORA-2016-3
2016-03-24 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: kernel-4.4.6-300.fc23
2016-03-23 22:28:42
[SECURITY] Fedora 22 Update: kernel-4.4.6-200.fc22
2016-03-24 00:03:40
[SECURITY] Fedora 24 Update: kernel-4.5.1-300.fc24
2016-04-17 23:45:13
zdt
zdt
Linux Kernel 3.10 / 3.18 / 4.4 - Netfilter IPT_SO_SET_REPLACE Memory Corruption
2016-03-09 00:00:00
Linux (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited
2016-04-06 00:00:00
eMerge E3 Access Controller 4.6.07 - Remote Code Execution Exploit
2019-11-12 00:00:00
ubuntucve
ubuntucve
CVE-2016-3135
2016-03-10 00:00:00
CVE-2016-3134
2016-03-09 00:00:00
CVE-2016-7117
2016-10-10 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2016-12-20 00:00:00
Unbreakable Enterprise kernel security update
2016-12-21 00:00:00
kernel security and bug fix update
2016-12-20 00:00:00
redhat
redhat
(RHSA-2017:0065) Important: kernel security update
2017-01-17 07:27:02
(RHSA-2017:0216) Important: kernel security update
2017-01-31 12:36:38
(RHSA-2017:0215) Important: kernel security update
2017-01-31 12:36:14
cve
cve
CVE-2016-7117
2016-10-10 11:00:00
CVE-2016-3135
2016-04-27 17:59:00
CVE-2016-3134
2016-04-27 17:59:00
arista
arista
Security Advisory 0028
2017-05-15 00:00:00
centos
centos
kernel security update
2016-12-20 17:00:55
kernel, perf, python security update
2017-01-12 15:47:38
kernel, perf, python security update
2017-01-19 13:30:14
android
android
CVE-2016-7117
2016-10-01 00:00:00
CVE-2016-3134
2016-09-01 00:00:00
debiancve
debiancve
CVE-2016-3135
2016-04-27 17:59:00
CVE-2016-3134
2016-04-27 17:59:00
CVE-2016-7117
2016-10-10 11:00:00
prion
prion
Integer overflow
2016-04-27 17:59:00
Memory corruption
2016-04-27 17:59:00
Design/Logic Flaw
2016-10-10 11:00:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 09:14:57
Denial Of Service (DoS)
2019-01-15 09:13:33
ASLR Bypass
2019-01-15 09:21:19
f5
f5
SOL51201255 - Linux kernel vulnerability CVE-2016-7117
2016-11-08 00:00:00
K51201255 : Linux kernel vulnerability CVE-2016-7117
2016-11-08 00:00:00
broadcom
broadcom
CVE-2016-7117 - Use-after-free vulnerability in the Linux kernel
2023-05-02 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in kernel affects Power Hardware Management Console (‪CVE-2016-3134‬‬)
2021-09-23 01:31:39
Security Bulletin: IBM Security Access Manager appliances are affected by kernel vulnerabilities
2018-06-16 22:03:36
Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM
2018-06-18 01:34:02
exploitdb
exploitdb
FaceSentry Access Control System 6.4.8 - Remote SSH Root
2019-07-01 00:00:00
Linux Kernel (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited
2016-04-06 00:00:00
eMerge E3 Access Controller 4.6.07 - Remote Code Execution
2019-11-12 00:00:00
exploitpack
exploitpack
FaceSentry Access Control System 6.4.8 - Remote SSH Root
2019-07-01 00:00:00
Linux Kernel (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited
2016-04-06 00:00:00
eMerge E3 Access Controller 4.6.07 - Remote Code Execution
2019-11-12 00:00:00
packetstorm
packetstorm
FaceSentry Access Control System 6.4.8 Remote SSH Root Access
2019-07-01 00:00:00
Nortek Linear eMerge E3 Access Controller 1.00-06 SSH/FTP Remote Root
2019-11-12 00:00:00
zeroscience
zeroscience
FaceSentry Access Control System 6.4.8 Remote SSH Root Access Exploit
2019-06-30 00:00:00
ubuntu
ubuntu
Linux kernel (OMAP4) vulnerabilities
2016-11-11 00:00:00
Linux kernel vulnerabilities
2016-11-11 00:00:00
Linux kernel (Xenial HWE) vulnerabilities
2016-08-10 00:00:00
suse
suse
Security update for Linux Kernel Live Patch 9 for SLE 12 (important)
2016-12-13 16:08:42
Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 (important)
2016-12-12 19:22:20
Security update for Linux Kernel Live Patch 3 for SLE 12 SP1 (important)
2016-12-12 19:10:40

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.038 Low

EPSS

Percentile

91.8%

JSON
Related for ALAS-2016-694
nessus66openvas30fedora6zdt3ubuntucve5oraclelinux11redhat15cve5arista1centos4android2debiancve5prion5veracode3f52broadcom1ibm3exploitdb3exploitpack3packetstorm2zeroscience1ubuntu13suse10