Lucene search

K
amazonAmazonALAS-2018-1049
HistoryAug 04, 2018 - 11:48 p.m.

Critical: kernel

2018-08-0423:48:00
alas.aws.amazon.com
537

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.783 High

EPSS

Percentile

98.3%

Issue Overview:

2024-05-23: CVE-2018-13405 was added to this advisory.

A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. (CVE-2018-13405)

A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390)

Affected Packages:

kernel

Issue Correction:
Run yum update kernel and reboot your instance to update your system.

New Packages:

i686:  
    kernel-headers-4.14.59-64.43.amzn1.i686  
    kernel-tools-4.14.59-64.43.amzn1.i686  
    kernel-debuginfo-common-i686-4.14.59-64.43.amzn1.i686  
    kernel-debuginfo-4.14.59-64.43.amzn1.i686  
    perf-4.14.59-64.43.amzn1.i686  
    kernel-tools-debuginfo-4.14.59-64.43.amzn1.i686  
    kernel-4.14.59-64.43.amzn1.i686  
    kernel-devel-4.14.59-64.43.amzn1.i686  
    perf-debuginfo-4.14.59-64.43.amzn1.i686  
    kernel-tools-devel-4.14.59-64.43.amzn1.i686  
  
src:  
    kernel-4.14.59-64.43.amzn1.src  
  
x86_64:  
    perf-debuginfo-4.14.59-64.43.amzn1.x86_64  
    kernel-tools-4.14.59-64.43.amzn1.x86_64  
    kernel-debuginfo-common-x86_64-4.14.59-64.43.amzn1.x86_64  
    perf-4.14.59-64.43.amzn1.x86_64  
    kernel-headers-4.14.59-64.43.amzn1.x86_64  
    kernel-4.14.59-64.43.amzn1.x86_64  
    kernel-tools-debuginfo-4.14.59-64.43.amzn1.x86_64  
    kernel-tools-devel-4.14.59-64.43.amzn1.x86_64  
    kernel-devel-4.14.59-64.43.amzn1.x86_64  
    kernel-debuginfo-4.14.59-64.43.amzn1.x86_64  

Additional References

Red Hat: CVE-2018-13405, CVE-2018-5390

Mitre: CVE-2018-13405, CVE-2018-5390

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.783 High

EPSS

Percentile

98.3%