ID SPECTRE_FILE_LEAK Type canvas Reporter Immunity Canvas Modified 2018-01-04T13:29:00
Description
Name| spectre_file_leak
---|--- CVE| CVE-2017-5753 Exploit Pack| CANVAS Description| Spectre File Leak Notes| CVE Name: CVE-2017-5753
Notes:
This module gives an unpriviledged user the ability to dump a file from the kernel
memory. A common scenario is to dump the /etc/shadow or kerberos tickets.
Note: For Fedora, the attack is targetless while for Ubuntu / CentOS and others
you will need specific offsets compiled within the binary itself.
Caveats:
1. Attacking vmware is slower, virtualbox while doable is insanely slower.
2. Sometimes on vmware the KASLR bypass may fail, this is work in progress.
3. The more recent the processor, the faster the attack.
4. Not all the filesystems are handled. In particular tmpfs files cannot be leaked.
5. The attack may not work at all on some specific kernels
6. The attack may not work at all on some hardware.
7. With this version you can only dump files fitting within a single page (<= 4096 bytes)
About (possible) future versions:
--------------------------------
a) A cache may be implemented to speedup attempts
b) A completely targetless version (not exclusive to Fedora) may be written later.
{"suse": [{"lastseen": "2022-04-18T12:40:10", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for spectre-meltdown-checker fixes the following issues:\n\n spectre-meltdown-checker was updated to version 0.44 (bsc#1189477)\n\n - feat: add support for SRBDS related vulnerabilities\n - feat: add zstd kernel decompression (#370)\n - enh: arm: add experimental support for binary arm images\n - enh: rsb filling: no longer need the 'strings' tool to check for kernel\n support in live mode\n - fix: fwdb: remove Intel extract tempdir on exit\n - fix: has_vmm: ignore kernel threads when looking for a hypervisor (fixes\n #278)\n - fix: fwdb: use the commit date as the intel fwdb version\n - fix: fwdb: update Intel's repository URL\n - fix: arm64: CVE-2017-5753: kernels 4.19+ use a different nospec macro\n - fix: on CPU parse info under FreeBSD\n - chore: github: add check run on pull requests\n - chore: fwdb: update to v165.20201021+i20200616\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2021-2861=1", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-08-27T00:00:00", "type": "suse", "title": "Security update for spectre-meltdown-checker (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5753"], "modified": "2021-08-27T00:00:00", "id": "OPENSUSE-SU-2021:2861-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5MOJKTUHVZFZADZQ6EYELCLEJ5BD766Q/", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-05-13T00:50:37", "description": "An update that fixes one vulnerability is now available.\n\nDescription:\n\n This update for spectre-meltdown-checker fixes the following issues:\n\n spectre-meltdown-checker was updated to version 0.44 (bsc#1189477)\n\n - feat: add support for SRBDS related vulnerabilities\n - feat: add zstd kernel decompression (#370)\n - enh: arm: add experimental support for binary arm images\n - enh: rsb filling: no longer need the 'strings' tool to check for kernel\n support in live mode\n - fix: fwdb: remove Intel extract tempdir on exit\n - fix: has_vmm: ignore kernel threads when looking for a hypervisor (fixes\n #278)\n - fix: fwdb: use the commit date as the intel fwdb version\n - fix: fwdb: update Intel's repository URL\n - fix: arm64: CVE-2017-5753: kernels 4.19+ use a different nospec macro\n - fix: on CPU parse info under FreeBSD\n - chore: github: add check run on pull requests\n - chore: fwdb: update to v165.20201021+i20200616\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-1212=1", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-08-31T00:00:00", "type": "suse", "title": "Security update for spectre-meltdown-checker (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "vectorString": "AV:L/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5753"], "modified": "2021-08-31T00:00:00", "id": "OPENSUSE-SU-2021:1212-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5IDOTKMILRKOFD2ODQXJF3OOEYZ3EMR5/", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2018-01-11T22:52:40", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\n security and bugfixes.\n\n This update is only provided as a fix update for IBM Z platform.\n\n - CVE-2017-5753 / "Spectre Attack": IBM Z fixes were included but not\n enabled in the previous update. This update enables those fixes.\n - CVE-2017-5715 / "Spectre Attack": IBM Z fixes were already included in\n the previous update. A bugfix for the patches has been applied on top.\n - CVE-2017-5754: The IBM Z architecture is not affected by the "Meltdown"\n attack.\n\n", "cvss3": {}, "published": "2018-01-11T18:10:26", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "modified": "2018-01-11T18:10:26", "id": "SUSE-SU-2018:0069-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00034.html", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-17T00:53:11", "description": "The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive\n various security and bugfixes.\n\n This update is only provided as a fix update for IBM Z platform.\n\n - CVE-2017-5753 / "Spectre Attack": IBM Z fixes were included but not\n enabled in the previous update. This update enables those fixes.\n - CVE-2017-5715 / "Spectre Attack": IBM Z fixes were already included in\n the previous update. A bugfix for the patches has been applied on top.\n - CVE-2017-5754: The IBM Z architecture is not affected by the "Meltdown"\n attack.\n\n", "cvss3": {}, "published": "2018-01-16T21:08:59", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "modified": "2018-01-16T21:08:59", "id": "SUSE-SU-2018:0114-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00044.html", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-17T00:53:11", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various\n security and bugfixes.\n\n This update is only provided as a fix update for IBM Z platform.\n\n - CVE-2017-5753 / "Spectre Attack": IBM Z fixes were included but not\n enabled in the previous update. This update enables those fixes.\n - CVE-2017-5715 / "Spectre Attack": IBM Z fixes were already included in\n the previous update. A bugfix for the patches has been applied on top.\n - CVE-2017-5754: The IBM Z architecture is not affected by the "Meltdown"\n attack.\n\n", "cvss3": {}, "published": "2018-01-16T21:08:19", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-5753", "CVE-2017-5754", "CVE-2017-5715"], "modified": "2018-01-16T21:08:19", "id": "SUSE-SU-2018:0113-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00043.html", "cvss": {"score": 4.7, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}], "nessus": [{"lastseen": "2022-04-08T14:55:47", "description": "This Solaris system is missing necessary patches to address a critical security update :\n\n - Vulnerability in the Oracle Communications LSMS component of Oracle Communications Applications (subcomponent: Platform (Kernel)). Supported versions that are affected are 13.1, 13.2 and 13.3. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Communications LSMS executes to compromise Oracle Communications LSMS. While the vulnerability is in Oracle Communications LSMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Communications LSMS accessible data. (CVE-2017-5753)", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-04-20T00:00:00", "type": "nessus", "title": "Oracle Solaris Critical Patch Update : apr2018_SRU11_3_31_6_0 (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5753"], "modified": "2020-01-16T00:00:00", "cpe": ["cpe:/o:oracle:solaris:11.3"], "id": "SOLARIS_APR2018_SRU11_3_31_6_0.NASL", "href": "https://www.tenable.com/plugins/nessus/109176", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the Oracle CPU for apr2018.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109176);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2020/01/16\");\n\n script_cve_id(\"CVE-2017-5753\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Oracle Solaris Critical Patch Update : apr2018_SRU11_3_31_6_0 (Spectre)\");\n script_summary(english:\"Check for the apr2018 CPU\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Solaris system is missing a security patch from CPU\napr2018.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This Solaris system is missing necessary patches to address a critical\nsecurity update :\n\n - Vulnerability in the Oracle Communications LSMS\n component of Oracle Communications Applications\n (subcomponent: Platform (Kernel)). Supported versions\n that are affected are 13.1, 13.2 and 13.3. Difficult to\n exploit vulnerability allows low privileged attacker\n with logon to the infrastructure where Oracle\n Communications LSMS executes to compromise Oracle\n Communications LSMS. While the vulnerability is in\n Oracle Communications LSMS, attacks may significantly\n impact additional products. Successful attacks of this\n vulnerability can result in unauthorized access to\n critical data or complete access to all Oracle\n Communications LSMS accessible data. (CVE-2017-5753)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.oracle.com/epmos/faces/DocumentDisplay?id=2379155.1\"\n );\n # https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/4422902.xml\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?64303a9a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.oracle.com/security-alerts/cpuapr2018.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the apr2018 CPU from the Oracle support website.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:solaris:11.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/20\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Solaris Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Solaris11/release\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"solaris.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Solaris11/release\");\nif (isnull(release)) audit(AUDIT_OS_NOT, \"Solaris11\");\n\n\nfix_release = \"0.5.11-0.175.3.31.0.6.0\";\n\nflag = 0;\n\nif (solaris_check_release(release:\"0.5.11-0.175.3.31.0.6.0\", sru:\"11.3.31.6.0\") > 0) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report2());\n else security_warning(0);\n exit(0);\n}\naudit(AUDIT_OS_RELEASE_NOT, \"Solaris\", fix_release, release);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-07T16:11:46", "description": "The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2021:2861-1 advisory.\n\n - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5753)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2021-08-28T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : spectre-meltdown-checker (SUSE-SU-2021:2861-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5753"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:spectre-meltdown-checker", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-2861-1.NASL", "href": "https://www.tenable.com/plugins/nessus/152888", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2861-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152888);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\"CVE-2017-5753\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2861-1\");\n script_xref(name:\"IAVA\", value:\"2017-A-0345-S\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n script_xref(name:\"IAVA\", value:\"2018-A-0017\");\n script_xref(name:\"IAVA\", value:\"2018-A-0022-S\");\n script_xref(name:\"IAVA\", value:\"2017-A-0347-S\");\n script_xref(name:\"IAVA\", value:\"2018-A-0123-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : spectre-meltdown-checker (SUSE-SU-2021:2861-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by a vulnerability as referenced in\nthe SUSE-SU-2021:2861-1 advisory.\n\n - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized\n disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5753)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189477\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-August/009366.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?91ef45f5\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-5753\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected spectre-meltdown-checker package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5753\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:spectre-meltdown-checker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1/2/3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'spectre-meltdown-checker-0.44-3.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'spectre-meltdown-checker-0.44-3.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'spectre-meltdown-checker-0.44-3.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'spectre-meltdown-checker-0.44-3.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'spectre-meltdown-checker-0.44-3.6.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'spectre-meltdown-checker-0.44-3.6.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'spectre-meltdown-checker-0.44-3.6.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'spectre-meltdown-checker-0.44-3.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'spectre-meltdown-checker-0.44-3.6.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'spectre-meltdown-checker');\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-07T16:11:46", "description": "The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:2862-1 advisory.\n\n - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5753)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2021-08-28T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : spectre-meltdown-checker (SUSE-SU-2021:2862-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5753"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:spectre-meltdown-checker", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-2862-1.NASL", "href": "https://www.tenable.com/plugins/nessus/152889", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2862-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152889);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\"CVE-2017-5753\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2862-1\");\n script_xref(name:\"IAVA\", value:\"2017-A-0345-S\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n script_xref(name:\"IAVA\", value:\"2018-A-0017\");\n script_xref(name:\"IAVA\", value:\"2018-A-0022-S\");\n script_xref(name:\"IAVA\", value:\"2017-A-0347-S\");\n script_xref(name:\"IAVA\", value:\"2018-A-0123-S\");\n\n script_name(english:\"SUSE SLES12 Security Update : spectre-meltdown-checker (SUSE-SU-2021:2862-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-\nSU-2021:2862-1 advisory.\n\n - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized\n disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5753)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189477\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-August/009367.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9c88fcbd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-5753\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected spectre-meltdown-checker package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5753\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:spectre-meltdown-checker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'spectre-meltdown-checker-0.44-3.6.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'spectre-meltdown-checker-0.44-3.6.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'spectre-meltdown-checker');\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:50:53", "description": "New kernel packages are available for Slackware 14.2 to mitigate the speculative side channel attack known as Spectre variant 1.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-02-27T00:00:00", "type": "nessus", "title": "Slackware 14.2 : Slackware 14.2 kernel (SSA:2018-057-01) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5753"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:kernel-firmware", "p-cpe:/a:slackware:slackware_linux:kernel-generic", "p-cpe:/a:slackware:slackware_linux:kernel-generic-smp", "p-cpe:/a:slackware:slackware_linux:kernel-headers", "p-cpe:/a:slackware:slackware_linux:kernel-huge", "p-cpe:/a:slackware:slackware_linux:kernel-huge-smp", "p-cpe:/a:slackware:slackware_linux:kernel-modules", "p-cpe:/a:slackware:slackware_linux:kernel-modules-smp", "p-cpe:/a:slackware:slackware_linux:kernel-source", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2018-057-01.NASL", "href": "https://www.tenable.com/plugins/nessus/107006", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2018-057-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107006);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2019/04/05 23:25:07\");\n\n script_cve_id(\"CVE-2017-5753\");\n script_xref(name:\"SSA\", value:\"2018-057-01\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Slackware 14.2 : Slackware 14.2 kernel (SSA:2018-057-01) (Spectre)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New kernel packages are available for Slackware 14.2 to mitigate the\nspeculative side channel attack known as Spectre variant 1.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.684951\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?094b6cdc\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/26\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-firmware\", pkgver:\"20180222_7344ec9\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-generic\", pkgver:\"4.4.118\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-generic-smp\", pkgver:\"4.4.118_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-headers\", pkgver:\"4.4.118_smp\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-huge\", pkgver:\"4.4.118\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-huge-smp\", pkgver:\"4.4.118_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-modules\", pkgver:\"4.4.118\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-modules-smp\", pkgver:\"4.4.118_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-source\", pkgver:\"4.4.118_smp\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-firmware\", pkgver:\"20180222_7344ec9\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-generic\", pkgver:\"4.4.118\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-headers\", pkgver:\"4.4.118\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-huge\", pkgver:\"4.4.118\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-modules\", pkgver:\"4.4.118\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-source\", pkgver:\"4.4.118\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:21", "description": "Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory.\n\nThis update provides mitigations to address the issue, along with compatibility fixes for the corresponding Linux kernel updates.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-10T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : nvidia-graphics-drivers-384 vulnerability (USN-3521-1) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5753"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:nvidia-384", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3521-1.NASL", "href": "https://www.tenable.com/plugins/nessus/105723", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3521-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105723);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-5753\");\n script_xref(name:\"USN\", value:\"3521-1\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : nvidia-graphics-drivers-384 vulnerability (USN-3521-1) (Spectre)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jann Horn discovered that microprocessors utilizing speculative\nexecution and branch prediction may allow unauthorized memory reads\nvia sidechannel attacks. This flaw is known as Spectre. A local\nattacker could use this to expose sensitive information, including\nkernel memory.\n\nThis update provides mitigations to address the issue, along with\ncompatibility fixes for the corresponding Linux kernel updates.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3521-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected nvidia-384 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:nvidia-384\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/10\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"nvidia-384\", pkgver:\"384.111-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"nvidia-384\", pkgver:\"384.111-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"nvidia-384\", pkgver:\"384.111-0ubuntu0.17.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"nvidia-384\", pkgver:\"384.111-0ubuntu0.17.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"nvidia-384\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-07T16:10:22", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:2861-1 advisory.\n\n - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5753)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2021-08-28T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : spectre-meltdown-checker (openSUSE-SU-2021:2861-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5753"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:spectre-meltdown-checker", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-2861.NASL", "href": "https://www.tenable.com/plugins/nessus/152897", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:2861-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152897);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\"CVE-2017-5753\");\n script_xref(name:\"IAVA\", value:\"2017-A-0345-S\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n script_xref(name:\"IAVA\", value:\"2018-A-0017\");\n script_xref(name:\"IAVA\", value:\"2018-A-0022-S\");\n script_xref(name:\"IAVA\", value:\"2017-A-0347-S\");\n script_xref(name:\"IAVA\", value:\"2018-A-0123-S\");\n\n script_name(english:\"openSUSE 15 Security Update : spectre-meltdown-checker (openSUSE-SU-2021:2861-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the\nopenSUSE-SU-2021:2861-1 advisory.\n\n - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized\n disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5753)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189477\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5MOJKTUHVZFZADZQ6EYELCLEJ5BD766Q/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f982c79b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-5753\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected spectre-meltdown-checker package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5753\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:spectre-meltdown-checker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'spectre-meltdown-checker-0.44-3.6.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'spectre-meltdown-checker');\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-07T16:09:51", "description": "The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:1212-1 advisory.\n\n - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5753)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2021-09-01T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : spectre-meltdown-checker (openSUSE-SU-2021:1212-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5753"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:spectre-meltdown-checker", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1212.NASL", "href": "https://www.tenable.com/plugins/nessus/152956", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1212-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152956);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\"CVE-2017-5753\");\n script_xref(name:\"IAVA\", value:\"2017-A-0345-S\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n script_xref(name:\"IAVA\", value:\"2018-A-0017\");\n script_xref(name:\"IAVA\", value:\"2018-A-0022-S\");\n script_xref(name:\"IAVA\", value:\"2017-A-0347-S\");\n script_xref(name:\"IAVA\", value:\"2018-A-0123-S\");\n\n script_name(english:\"openSUSE 15 Security Update : spectre-meltdown-checker (openSUSE-SU-2021:1212-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the\nopenSUSE-SU-2021:1212-1 advisory.\n\n - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized\n disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5753)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189477\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5IDOTKMILRKOFD2ODQXJF3OOEYZ3EMR5/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?496fb694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-5753\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected spectre-meltdown-checker package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5753\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:spectre-meltdown-checker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'spectre-meltdown-checker-0.44-lp152.2.3.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'spectre-meltdown-checker');\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:49:29", "description": "The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 57.0.4. It is, therefore, vulnerable to a speculative execution side-channel attack. Code from a malicious web page could read data from other web sites or private data from the browser itself.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-05T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 57.0.4 Speculative Execution Side-Channel Attack Vulnerability (Spectre) (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MACOSX_FIREFOX_57_0_4.NASL", "href": "https://www.tenable.com/plugins/nessus/105615", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105615);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\");\n script_bugtraq_id(102371, 102376);\n script_xref(name:\"MFSA\", value:\"2018-01\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Mozilla Firefox < 57.0.4 Speculative Execution Side-Channel Attack Vulnerability (Spectre) (macOS)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by a speculative execution side-channel attack vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote macOS or Mac\nOS X host is prior to 57.0.4. It is, therefore, vulnerable to a speculative execution\nside-channel attack. Code from a malicious web page could read data from other\nweb sites or private data from the browser itself.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://spectreattack.com/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 57.0.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5753\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_firefox_installed.nasl\");\n script_require_keys(\"MacOSX/Firefox/Installed\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nkb_base = \"MacOSX/Firefox\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\n\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\n\nif (get_kb_item(kb_base + '/is_esr')) exit(0, 'The Mozilla Firefox installation is in the ESR branch.');\n\nmozilla_check_version(product:'firefox', version:version, path:path, esr:FALSE, fix:'57.0.4', severity:SECURITY_WARNING);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2021-08-19T12:27:12", "description": "The version of Apple iOS running on the mobile device is prior to 11.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the HT208401 advisory.", "cvss3": {"score": 3.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N"}, "published": "2019-04-17T00:00:00", "type": "nessus", "title": "Apple iOS < 11.2.2 Multiple Vulnerabilities (Spectre, APPLE-SA-2018-1-8-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5753", "CVE-2017-5715"], "modified": "2019-04-17T00:00:00", "cpe": ["cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"], "id": "700545.PRM", "href": "https://www.tenable.com/plugins/nnm/700545", "sourceData": "Binary data 700545.prm", "cvss": {"score": 2.6, "vector": "CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-08T14:47:36", "description": "It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions. (CVE-2017-5753, CVE-2017-5715).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-12T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 17.04 / 17.10 : webkit2gtk vulnerabilities (USN-3530-1) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18", "p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3530-1.NASL", "href": "https://www.tenable.com/plugins/nessus/105766", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3530-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105766);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\");\n script_xref(name:\"USN\", value:\"3530-1\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 17.04 / 17.10 : webkit2gtk vulnerabilities (USN-3530-1) (Spectre)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that speculative execution performed by modern CPUs\ncould leak information through a timing side-channel attack, and that\nthis could be exploited in web browser JavaScript engines. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to obtain sensitive information from\nother domains, bypassing same-origin restrictions. (CVE-2017-5753,\nCVE-2017-5715).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3530-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libjavascriptcoregtk-4.0-18 and / or\nlibwebkit2gtk-4.0-37 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libjavascriptcoregtk-4.0-18\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libwebkit2gtk-4.0-37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|17\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 17.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.18.5-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.18.5-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.18.5-0ubuntu0.17.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.18.5-0ubuntu0.17.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libjavascriptcoregtk-4.0-18\", pkgver:\"2.18.5-0ubuntu0.17.10.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"libwebkit2gtk-4.0-37\", pkgver:\"2.18.5-0ubuntu0.17.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libjavascriptcoregtk-4.0-18 / libwebkit2gtk-4.0-37\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:47:36", "description": "The version of Apple iOS running on the mobile device is prior to 11.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the HT208401 advisory.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-12T00:00:00", "type": "nessus", "title": "Apple iOS < 11.2.2 Multiple Vulnerabilities (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753"], "modified": "2022-02-14T00:00:00", "cpe": ["cpe:/o:apple:iphone_os"], "id": "APPLE_IOS_1122_CHECK.NBIN", "href": "https://www.tenable.com/plugins/nessus/105769", "sourceData": "Binary data apple_ios_1122_check.nbin", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:47:37", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4004 advisory.\n\n - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5715)\n\n - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5753)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-12T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4004)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2018-4004.NASL", "href": "https://www.tenable.com/plugins/nessus/105759", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-4004.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105759);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\");\n script_xref(name:\"IAVA\", value:\"2018-A-0017\");\n script_xref(name:\"IAVA\", value:\"2018-A-0034-S\");\n script_xref(name:\"IAVA\", value:\"2017-A-0345-S\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n script_xref(name:\"IAVA\", value:\"2018-A-0022-S\");\n script_xref(name:\"IAVA\", value:\"2017-A-0347-S\");\n script_xref(name:\"IAVA\", value:\"2018-A-0032-S\");\n script_xref(name:\"IAVA\", value:\"2018-A-0123-S\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4004)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2018-4004 advisory.\n\n - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow\n unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5715)\n\n - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized\n disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5753)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2018-4004.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5753\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-112.14.5.el6uek', '4.1.12-112.14.5.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2018-4004');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-112.14.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-112.14.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-112.14.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-112.14.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-112.14.5.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-112.14.5.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-112.14.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-112.14.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-112.14.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-112.14.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-112.14.5.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-112.14.5.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T15:09:29", "description": "An update of [linux] packages for PhotonOS has been released. This kernel update mitigates vulnerabilities [CVE-2017-5753](https://web.nv d.nist.gov/view/vuln/detail?vulnId=CVE-2017-5753) and [CVE-2017-5715]( https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5715) which are referred to as the variants of Spectre vulnerability.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2018-1.0-0098 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0098.NASL", "href": "https://www.tenable.com/plugins/nessus/111911", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0098. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111911);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/04/05 23:25:07\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2018-1.0-0098 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [linux] packages for PhotonOS has been released. This\nkernel update mitigates vulnerabilities [CVE-2017-5753](https://web.nv\nd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5753) and [CVE-2017-5715](\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5715) which\nare referred to as the variants of Spectre vulnerability.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-1.0-98\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2cd6ea4d\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5715\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"linux-4.4.110-2.ph1\",\n \"linux-debuginfo-4.4.110-2.ph1\",\n \"linux-dev-4.4.110-2.ph1\",\n \"linux-docs-4.4.110-2.ph1\",\n \"linux-drivers-gpu-4.4.110-2.ph1\",\n \"linux-esx-4.4.110-2.ph1\",\n \"linux-esx-debuginfo-4.4.110-2.ph1\",\n \"linux-esx-devel-4.4.110-2.ph1\",\n \"linux-esx-docs-4.4.110-2.ph1\",\n \"linux-oprofile-4.4.110-2.ph1\",\n \"linux-sound-4.4.110-2.ph1\",\n \"linux-tools-4.4.110-2.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:22", "description": "This update includes improvements to mitigate the effects of Spectre ([CVE-2017-5753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-20 17-5753) and [CVE-2017-5715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 7-5715)) :\n\n - Disable SharedArrayBuffers from Web API.\n\n - Reduce the precision of “high” resolution time to 1ms.\n\nAdditional fixes :\n\n - Fix API documentation generation with newer gtk-doc.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-15T00:00:00", "type": "nessus", "title": "Fedora 27 : webkitgtk4 (2018-0590e4af13) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk4", "cpe:/o:fedoraproject:fedora:27"], "id": "FEDORA_2018-0590E4AF13.NASL", "href": "https://www.tenable.com/plugins/nessus/106022", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-0590e4af13.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106022);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\");\n script_xref(name:\"FEDORA\", value:\"2018-0590e4af13\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Fedora 27 : webkitgtk4 (2018-0590e4af13) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes improvements to mitigate the effects of Spectre\n([CVE-2017-5753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-20\n17-5753) and\n[CVE-2017-5715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n7-5715)) :\n\n - Disable SharedArrayBuffers from Web API.\n\n - Reduce the precision of “high” resolution\n time to 1ms.\n\nAdditional fixes :\n\n - Fix API documentation generation with newer gtk-doc.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-0590e4af13\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk4 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"webkitgtk4-2.18.5-1.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk4\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:23", "description": "The version of Mozilla Firefox installed on the remote Windows host is prior to 57.0.4. It is, therefore, vulnerable to a speculative execution side-channel attack. Code from a malicious web page could read data from other web sites or private data from the browser itself.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-05T00:00:00", "type": "nessus", "title": "Mozilla Firefox < 57.0.4 Speculative Execution Side-Channel Attack Vulnerability (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:mozilla:firefox"], "id": "MOZILLA_FIREFOX_57_0_4.NASL", "href": "https://www.tenable.com/plugins/nessus/105616", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105616);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\");\n script_bugtraq_id(102371, 102376);\n script_xref(name:\"MFSA\", value:\"2018-01\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Mozilla Firefox < 57.0.4 Speculative Execution Side-Channel Attack Vulnerability (Spectre)\");\n script_summary(english:\"Checks the version of Firefox.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote Windows host is affected by\na speculative execution side-channel attack vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Mozilla Firefox installed on the remote Windows host\nis prior to 57.0.4. It is, therefore, vulnerable to a speculative execution\nside-channel attack. Code from a malicious web page could read data from other\nweb sites or private data from the browser itself.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://spectreattack.com/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mozilla Firefox version 57.0.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5753\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mozilla:firefox\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mozilla_org_installed.nasl\");\n script_require_keys(\"Mozilla/Firefox/Version\");\n\n exit(0);\n}\n\ninclude(\"mozilla_version.inc\");\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\ninstalls = get_kb_list(\"SMB/Mozilla/Firefox/*\");\nif (isnull(installs)) audit(AUDIT_NOT_INST, \"Firefox\");\n\nmozilla_check_version(installs:installs, product:'firefox', fix:'57.0.4', severity:SECURITY_WARNING);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:23", "description": "The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 11.0.2, or is 11.0.2 and missing the January 8th patch.\nIt is, therefore, affected by a vulnerability that exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to disclose information via a side-channel analysis.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-09T00:00:00", "type": "nessus", "title": "macOS : Apple Safari <= 11.0.2 (11604.4.7.1.6 / 12604.4.7.1.6 / 13604.4.7.10.6) Information Disclosure (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "MACOSX_SAFARI11_0_2_PATCH_2018_01_08.NASL", "href": "https://www.tenable.com/plugins/nessus/105689", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105689);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\");\n script_bugtraq_id(102371, 102376);\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"macOS : Apple Safari <= 11.0.2 (11604.4.7.1.6 / 12604.4.7.1.6 / 13604.4.7.10.6) Information Disclosure (Spectre)\");\n script_summary(english:\"Checks the Safari version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A web browser installed on the remote macOS or Mac OS X host is\naffected by an information disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Safari installed on the remote macOS or Mac OS X\nhost is prior to 11.0.2, or is 11.0.2 and missing the January 8th patch.\nIt is, therefore, affected by a vulnerability that exists within\nmicroprocessors utilizing speculative execution and indirect branch\nprediction, which may allow an attacker with local user access to\ndisclose information via a side-channel analysis.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT208403\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Safari version 11.0.2 and apply the vendor\npatch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5753\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\", \"MacOSX/Safari/Detailed_Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X or macOS\");\n\nif (!preg(pattern:\"Mac OS X 10\\.(11|12|13)([^0-9]|$)\", string:os))\n{\n audit(AUDIT_OS_NOT, \"Mac OS X El Capitan 10.11 / macOS Sierra 10.12 / macOS High Sierra 10.13\");\n} \n\ninstalled = get_kb_item_or_exit(\"MacOSX/Safari/Installed\", exit_code:0);\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\ndetailed_version = get_kb_item_or_exit(\"MacOSX/Safari/Detailed_Version\", exit_code:1);\n\nfixed_version = \"11.0.2\";\n\nif (preg(pattern:\"Mac OS X 10\\.13\\.2($|[^0-9])\", string:os))\n detailed_fixed_version = \"13604.4.7.1.6\";\nelse if (preg(pattern:\"Mac OS X 10\\.12\\.6($|[^0-9])\", string:os))\n detailed_fixed_version = \"12604.4.7.1.6\";\nelse if (preg(pattern:\"Mac OS X 10\\.11\\.6($|[^0-9])\", string:os))\n detailed_fixed_version = \"11604.4.7.1.6\";\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version + \" (\" + detailed_version + \")\", path);\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n report = report_items_str(\n report_items:make_array(\n \"Path\", path,\n \"Installed version\", version,\n \"Fixed version\", fixed_version\n ),\n ordered_fields:make_list(\"Path\", \"Installed version\", \"Fixed version\")\n );\n security_report_v4(port:0, severity:SECURITY_WARNING, extra:report);\n}\nelse if (\n ver_compare(ver:version, fix:fixed_version, strict:FALSE) == 0 &&\n ver_compare(ver:detailed_version, fix:detailed_fixed_version, strict:FALSE) == -1\n)\n{\n report = report_items_str(\n report_items:make_array(\n \"Path\", path,\n \"Installed version\", version,\n \"Fixed version\", fixed_version,\n \"Installed detailed version\", detailed_version,\n \"Fixed detailed version\", detailed_fixed_version\n ),\n ordered_fields:make_list(\"Path\", \"Installed version\", \"Fixed version\", \"Installed detailed version\", \"Fixed detailed version\")\n );\n security_report_v4(port:0, severity:SECURITY_WARNING, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Safari\", version + \" (\" + detailed_version + \")\", path);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:24", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - Revert 'kernel.spec: Require the new microcode_ctl.' (Brian Maly)\n\n - xen-blkback: add pending_req allocation stats (Ankur Arora) [Orabug: 27386890]\n\n - xen-blkback: move indirect req allocation out-of-line (Ankur Arora) \n\n - xen-blkback: pull nseg validation out in a function (Ankur Arora) \n\n - xen-blkback: make struct pending_req less monolithic (Ankur Arora) \n\n - x86: Clean up IBRS functionality resident in common code (Kanth Ghatraju) [Orabug: 27403317]\n\n - x86: Display correct settings for the SPECTRE_V2 bug (Kanth Ghatraju) \n\n - Set CONFIG_GENERIC_CPU_VULNERABILITIES flag (Kanth Ghatraju) [Orabug: 27403317]\n\n - x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27403317]\n\n - sysfs/cpu: Fix typos in vulnerability documentation (David Woodhouse) \n\n - sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27403317]\n\n - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (David Woodhouse) [Orabug: 27403317]\n\n - x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27403317]\n\n - KVM: x86: Add memory barrier on vmcs field lookup (Andrew Honig) (CVE-2017-5753)\n\n - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts (Andrew Honig) [Orabug: 27402301] (CVE-2017-1000407) (CVE-2017-1000407)\n\n - xfs: give all workqueues rescuer threads (Chris Mason) [Orabug: 27397568]\n\n - ixgbevf: handle mbox_api_13 in ixgbevf_change_mtu (Joao Martins)", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2018-01-22T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0012) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000407", "CVE-2017-5753"], "modified": "2019-09-27T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2018-0012.NASL", "href": "https://www.tenable.com/plugins/nessus/106226", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2018-0012.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106226);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_cve_id(\"CVE-2017-1000407\", \"CVE-2017-5753\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0012) (Spectre)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - Revert 'kernel.spec: Require the new microcode_ctl.'\n (Brian Maly)\n\n - xen-blkback: add pending_req allocation stats (Ankur\n Arora) [Orabug: 27386890]\n\n - xen-blkback: move indirect req allocation out-of-line\n (Ankur Arora) \n\n - xen-blkback: pull nseg validation out in a function\n (Ankur Arora) \n\n - xen-blkback: make struct pending_req less monolithic\n (Ankur Arora) \n\n - x86: Clean up IBRS functionality resident in common code\n (Kanth Ghatraju) [Orabug: 27403317]\n\n - x86: Display correct settings for the SPECTRE_V2 bug\n (Kanth Ghatraju) \n\n - Set CONFIG_GENERIC_CPU_VULNERABILITIES flag (Kanth\n Ghatraju) [Orabug: 27403317]\n\n - x86/cpu: Implement CPU vulnerabilites sysfs functions\n (Thomas Gleixner) [Orabug: 27403317]\n\n - sysfs/cpu: Fix typos in vulnerability documentation\n (David Woodhouse) \n\n - sysfs/cpu: Add vulnerability folder (Thomas Gleixner)\n [Orabug: 27403317]\n\n - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (David\n Woodhouse) [Orabug: 27403317]\n\n - x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth\n Ghatraju) [Orabug: 27403317]\n\n - KVM: x86: Add memory barrier on vmcs field lookup\n (Andrew Honig) (CVE-2017-5753)\n\n - KVM: VMX: remove I/O port 0x80 bypass on Intel hosts\n (Andrew Honig) [Orabug: 27402301] (CVE-2017-1000407)\n (CVE-2017-1000407)\n\n - xfs: give all workqueues rescuer threads (Chris Mason)\n [Orabug: 27397568]\n\n - ixgbevf: handle mbox_api_13 in ixgbevf_change_mtu (Joao\n Martins)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2018-January/000822.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?026e66b2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/22\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-112.14.13.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-112.14.13.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-04-08T14:48:25", "description": "Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715, CVE-2017-5753).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-30T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-kvm vulnerabilities (USN-3549-1) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3549-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106483", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3549-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106483);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/18 12:31:48\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\");\n script_xref(name:\"USN\", value:\"3549-1\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-kvm vulnerabilities (USN-3549-1) (Spectre)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jann Horn discovered that microprocessors utilizing speculative\nexecution and branch prediction may allow unauthorized memory reads\nvia sidechannel attacks. This flaw is known as Spectre. A local\nattacker could use this to expose sensitive information, including\nkernel memory. (CVE-2017-5715, CVE-2017-5753).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3549-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-4.4-kvm and / or linux-image-kvm\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/30\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5715\", \"CVE-2017-5753\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3549-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1017-kvm\", pkgver:\"4.4.0-1017.22\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.4.0.1017.16\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-kvm / linux-image-kvm\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:49:49", "description": "The version of VMware vCenter Server installed on the remote host is 6.5.x prior to 6.5u1f. It is, therefore, affected by multiple vulnerabilities. See advisory for details.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-02-22T00:00:00", "type": "nessus", "title": "VMware vCenter Server 6.5.x < 6.5u1f Multiple Vulnerabilities (VMSA-2018-0007) (Spectre-1) (Meltdown)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5753", "CVE-2017-5754"], "modified": "2018-08-06T00:00:00", "cpe": ["cpe:/a:vmware:vcenter_server"], "id": "VMWARE_VCENTER_VMSA-2018-0007.NASL", "href": "https://www.tenable.com/plugins/nessus/106950", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106950);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/08/06 14:03:15\");\n\n script_cve_id(\"CVE-2017-5753\", \"CVE-2017-5754\");\n script_bugtraq_id(102371, 102378);\n script_xref(name:\"VMSA\", value:\"2018-0007\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n script_xref(name:\"IAVA\", value:\"2018-A-0062\");\n\n script_name(english:\"VMware vCenter Server 6.5.x < 6.5u1f Multiple Vulnerabilities (VMSA-2018-0007) (Spectre-1) (Meltdown)\");\n script_summary(english:\"Checks the version of VMware vCenter.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A virtualization management application installed on the remote host\nis affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VMware vCenter Server installed on the remote host is\n6.5.x prior to 6.5u1f. It is, therefore, affected by multiple\nvulnerabilities. See advisory for details.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.vmware.com/security/advisories/VMSA-2018-0007.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VMware vCenter Server version\n6.5u1f (6.5.0 build-7801515) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:vmware:vcenter_server\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"vmware_vcenter_detect.nbin\");\n script_require_keys(\"Host/VMware/vCenter\", \"Host/VMware/version\", \"Host/VMware/release\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nport = get_kb_item_or_exit(\"Host/VMware/vCenter\");\nversion = get_kb_item_or_exit(\"Host/VMware/version\");\nrelease = get_kb_item_or_exit(\"Host/VMware/release\");\n\n# Extract and verify the build number\nbuild = ereg_replace(pattern:'^VMware vCenter Server [0-9\\\\.]+ build-([0-9]+)$', string:release, replace:\"\\1\");\nif (build !~ '^[0-9]+$') exit(1, 'Failed to extract the build number from the release string.');\n\nrelease = release - 'VMware vCenter Server ';\nfixversion = NULL;\n\n# Check version and build numbers\nif(version =~ '^VMWare vCenter 6\\\\.5$' && int(build) < 7801515) fixversion = '6.5.0 build-7801515';\nelse audit(AUDIT_LISTEN_NOT_VULN, 'VMware vCenter', port, release);\n\nreport = report_items_str(\n report_items:make_array(\n \"Installed version\", release,\n \"Fixed version\", fixversion\n ),\n ordered_fields:make_list(\"Installed version\", \"Fixed version\")\n);\nsecurity_report_v4(port:port, severity:SECURITY_WARNING, extra:report);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:49:28", "description": "This update includes improvements to mitigate the effects of Spectre ([CVE-2017-5753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-20 17-5753) and [CVE-2017-5715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201 7-5715)) :\n\n - Disable SharedArrayBuffers from Web API.\n\n - Reduce the precision of “high” resolution time to 1ms.\n\nAdditional fixes :\n\n - Fix API documentation generation with newer gtk-doc.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-19T00:00:00", "type": "nessus", "title": "Fedora 26 : webkitgtk4 (2018-690989736a) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:webkitgtk4", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2018-690989736A.NASL", "href": "https://www.tenable.com/plugins/nessus/106178", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-690989736a.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106178);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\");\n script_xref(name:\"FEDORA\", value:\"2018-690989736a\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Fedora 26 : webkitgtk4 (2018-690989736a) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update includes improvements to mitigate the effects of Spectre\n([CVE-2017-5753](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-20\n17-5753) and\n[CVE-2017-5715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-201\n7-5715)) :\n\n - Disable SharedArrayBuffers from Web API.\n\n - Reduce the precision of “high” resolution\n time to 1ms.\n\nAdditional fixes :\n\n - Fix API documentation generation with newer gtk-doc.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-690989736a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected webkitgtk4 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:webkitgtk4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"webkitgtk4-2.18.5-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"webkitgtk4\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T15:44:38", "description": "An update of the linux package has been released.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Linux PHSA-2018-1.0-0098", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753"], "modified": "2019-04-04T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0098_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/121800", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0098. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121800);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/04/04 11:19:02\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2018-1.0-0098\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-98.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5715\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-debuginfo-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-dev-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-docs-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-drivers-gpu-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-debuginfo-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-devel-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-esx-docs-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-oprofile-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-sound-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-4.4.110-2.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"linux-tools-4.4.110-2.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T15:46:25", "description": "An update of the linux package has been released.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Linux PHSA-2018-2.0-0011", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753"], "modified": "2019-04-04T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0011_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/121909", "sourceData": "#\n# (C) Tenable Network Security, Inc.`\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0011. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121909);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/04/04 11:19:02\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\");\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-2018-2.0-0011\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-11.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5715\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-debuginfo-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-debuginfo-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-devel-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-devel-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-docs-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-docs-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-drivers-gpu-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-drivers-gpu-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-debuginfo-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-debuginfo-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-devel-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-devel-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-docs-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-docs-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-oprofile-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-oprofile-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-debuginfo-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-debuginfo-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-devel-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-devel-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-docs-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-docs-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-lkcm-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-lkcm-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-sound-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-sound-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-tools-4.9.75-3.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-tools-4.9.75-3.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:20", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-4017 advisory.\n\n - The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic. (CVE-2017-1000407)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.4, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2018-01-22T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4017)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000407", "CVE-2017-5753"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2018-4017.NASL", "href": "https://www.tenable.com/plugins/nessus/106225", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-4017.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106225);\n script_version(\"3.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2017-5753\", \"CVE-2017-1000407\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4017)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2018-4017 advisory.\n\n - The Linux Kernel 2.6.32 and later are affected by a denial of service, by flooding the diagnostic port\n 0x80 an exception can be triggered leading to a kernel panic. (CVE-2017-1000407)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2018-4017.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-1000407\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-112.14.13.el6uek', '4.1.12-112.14.13.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2018-4017');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-112.14.13.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-112.14.13.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-112.14.13.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-112.14.13.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-112.14.13.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-112.14.13.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-112.14.13.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-112.14.13.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-112.14.13.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-112.14.13.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-112.14.13.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-112.14.13.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 6.1, "vector": "AV:A/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-04-08T15:07:36", "description": "An update of [linux] packages for PhotonOS has been released. This kernel update mitigates vulnerabilities CVE-2017-5753 and CVE-2017-5715 which are referred to as the variants of Spectre vulnerability.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-07-24T00:00:00", "type": "nessus", "title": "Photon OS 2.0 : linux (PhotonOS-PHSA-2018-2.0-0011) (Spectre) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753"], "modified": "2019-04-05T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0011.NASL", "href": "https://www.tenable.com/plugins/nessus/111282", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0011. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111282);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/04/05 23:25:07\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\");\n script_bugtraq_id(102371, 102376);\n\n script_name(english:\"Photon OS 2.0 : linux (PhotonOS-PHSA-2018-2.0-0011) (Spectre) (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of [linux] packages for PhotonOS has been released. This\nkernel update mitigates vulnerabilities CVE-2017-5753 and CVE-2017-5715\nwhich are referred to as the variants of Spectre vulnerability.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-2-11\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?07abb279\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5715\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"linux-4.9.75-3.ph2\",\n \"linux-debuginfo-4.9.75-3.ph2\",\n \"linux-devel-4.9.75-3.ph2\",\n \"linux-docs-4.9.75-3.ph2\",\n \"linux-drivers-gpu-4.9.75-3.ph2\",\n \"linux-esx-4.9.75-3.ph2\",\n \"linux-esx-debuginfo-4.9.75-3.ph2\",\n \"linux-esx-devel-4.9.75-3.ph2\",\n \"linux-esx-docs-4.9.75-3.ph2\",\n \"linux-oprofile-4.9.75-3.ph2\",\n \"linux-secure-4.9.75-3.ph2\",\n \"linux-secure-debuginfo-4.9.75-3.ph2\",\n \"linux-secure-devel-4.9.75-3.ph2\",\n \"linux-secure-docs-4.9.75-3.ph2\",\n \"linux-secure-lkcm-4.9.75-3.ph2\",\n \"linux-sound-4.9.75-3.ph2\",\n \"linux-tools-4.9.75-3.ph2\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:49:00", "description": "Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 (CVE-2017-5753 only) and amd64 architectures.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-23T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-3542-1) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3542-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106272", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3542-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106272);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\");\n script_xref(name:\"USN\", value:\"3542-1\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-3542-1) (Spectre)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jann Horn discovered that microprocessors utilizing speculative\nexecution and branch prediction may allow unauthorized memory reads\nvia sidechannel attacks. This flaw is known as Spectre. A local\nattacker could use this to expose sensitive information, including\nkernel memory. This update provides mitigations for the i386\n(CVE-2017-5753 only) and amd64 architectures.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3542-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5715\", \"CVE-2017-5753\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3542-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-141-generic\", pkgver:\"3.13.0-141.190\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-141-lowlatency\", pkgver:\"3.13.0-141.190\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic\", pkgver:\"3.13.0.141.151\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"3.13.0.141.151\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-lowlatency / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:54", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - x86/ibrs: Remove 'ibrs_dump' and remove the pr_debug (Konrad Rzeszutek Wilk) [Orabug: 27350825]\n\n - kABI: Revert kABI: Make the boot_cpu_data look normal (Konrad Rzeszutek Wilk) (CVE-2017-5715)\n\n - userns: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753)\n\n - udf: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753)\n\n - net: mpls: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753)\n\n - fs: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753)\n\n - ipv6: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753)\n\n - ipv4: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753)\n\n - Thermal/int340x: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753)\n\n - cw1200: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753)\n\n - qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753)\n\n - p54: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753)\n\n - carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753)\n\n - uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753)\n\n - bpf: prevent speculative execution in eBPF interpreter (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753)\n\n - locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753)\n\n - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug:\n 27340459] (CVE-2017-5753)\n\n - x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753)\n\n - kABI: Make the boot_cpu_data look normal. (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715)\n\n - kernel.spec: Require the new microcode_ctl. (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715) (CVE-2017-5715)\n\n - x86/microcode/AMD: Add support for fam17h microcode loading (Tom Lendacky) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86/spec_ctrl: Disable if running as Xen PV guest.\n (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715)\n\n - Set IBPB when running a different VCPU (Dave Hansen) [Orabug: 27339995] (CVE-2017-5715)\n\n - Clear the host registers after setbe (Jun Nakajima) [Orabug: 27339995] (CVE-2017-5715)\n\n - Use the ibpb_inuse variable. (Jun Nakajima) [Orabug:\n 27339995] (CVE-2017-5715)\n\n - KVM: x86: add SPEC_CTRL to MSR and CPUID lists (Andrea Arcangeli) [Orabug: 27339995] (CVE-2017-5715)\n\n - kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Paolo Bonzini) [Orabug: 27339995] (CVE-2017-5715)\n\n - Use the 'ibrs_inuse' variable. (Jun Nakajima) [Orabug:\n 27339995] (CVE-2017-5715)\n\n - kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Andrea Arcangeli) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86/svm: Set IBPB when running a different VCPU (Paolo Bonzini) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86/kvm: Pad RSB on VM transition (Tim Chen) [Orabug:\n 27339995] (CVE-2017-5715)\n\n - x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86/microcode: Recheck IBRS and IBPB feature on microcode reload (Tim Chen) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86: Move IBRS/IBPB feature detection to scattered.c (Tim Chen) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control (Tim Chen) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Konrad Rzeszutek Wilk) [Orabug:\n 27339995] (CVE-2017-5715)\n\n - x86/kvm: clear registers on VM exit (Tom Lendacky) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86/kvm: Set IBPB when switching VM (Tim Chen) [Orabug:\n 27339995] (CVE-2017-5715)\n\n - *INCOMPLETE* x86/syscall: Clear unused extra registers on syscall entrance (Konrad Rzeszutek Wilk) [Orabug:\n 27339995] (CVE-2017-5715)\n\n - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug:\n 27339995] (CVE-2017-5715)\n\n - x86/mm: Set IBPB upon context switch (Tim Chen) [Orabug:\n 27339995] (CVE-2017-5715)\n\n - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup (Tim Chen) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86/spec_ctrl: save IBRS MSR value in paranoid_entry (Andrea Arcangeli) [Orabug: 27339995] (CVE-2017-5715)\n\n - *Scaffolding* x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug:\n 27339995] (CVE-2017-5715)\n\n - x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86: Add macro that does not save rax, rcx, rdx on stack to disable IBRS (Tim Chen) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86/enter: MACROS to set/clear IBRS and set IBP (Tim Chen) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86/feature: Report presence of IBPB and IBRS control (Tim Chen) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86: Add STIBP feature enumeration (Konrad Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug:\n 27339995] (CVE-2017-5715)\n\n - x86/feature: Enable the x86 feature to control (Tim Chen) [Orabug: 27339995] (CVE-2017-5715)", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-12T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0007) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753"], "modified": "2019-09-27T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2018-0007.NASL", "href": "https://www.tenable.com/plugins/nessus/105761", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2018-0007.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105761);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n script_xref(name:\"IAVA\", value:\"2018-A-0062\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0007) (Spectre)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - x86/ibrs: Remove 'ibrs_dump' and remove the pr_debug\n (Konrad Rzeszutek Wilk) [Orabug: 27350825]\n\n - kABI: Revert kABI: Make the boot_cpu_data look normal\n (Konrad Rzeszutek Wilk) (CVE-2017-5715)\n\n - userns: prevent speculative execution (Elena Reshetova)\n [Orabug: 27340459] (CVE-2017-5753)\n\n - udf: prevent speculative execution (Elena Reshetova)\n [Orabug: 27340459] (CVE-2017-5753)\n\n - net: mpls: prevent speculative execution (Elena\n Reshetova) [Orabug: 27340459] (CVE-2017-5753)\n\n - fs: prevent speculative execution (Elena Reshetova)\n [Orabug: 27340459] (CVE-2017-5753)\n\n - ipv6: prevent speculative execution (Elena Reshetova)\n [Orabug: 27340459] (CVE-2017-5753)\n\n - ipv4: prevent speculative execution (Elena Reshetova)\n [Orabug: 27340459] (CVE-2017-5753)\n\n - Thermal/int340x: prevent speculative execution (Elena\n Reshetova) [Orabug: 27340459] (CVE-2017-5753)\n\n - cw1200: prevent speculative execution (Elena Reshetova)\n [Orabug: 27340459] (CVE-2017-5753)\n\n - qla2xxx: prevent speculative execution (Elena Reshetova)\n [Orabug: 27340459] (CVE-2017-5753)\n\n - p54: prevent speculative execution (Elena Reshetova)\n [Orabug: 27340459] (CVE-2017-5753)\n\n - carl9170: prevent speculative execution (Elena\n Reshetova) [Orabug: 27340459] (CVE-2017-5753)\n\n - uvcvideo: prevent speculative execution (Elena\n Reshetova) [Orabug: 27340459] (CVE-2017-5753)\n\n - bpf: prevent speculative execution in eBPF interpreter\n (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753)\n\n - locking/barriers: introduce new observable speculation\n barrier (Elena Reshetova) [Orabug: 27340459]\n (CVE-2017-5753)\n\n - x86/cpu/AMD: Remove now unused definition of\n MFENCE_RDTSC feature (Elena Reshetova) [Orabug:\n 27340459] (CVE-2017-5753)\n\n - x86/cpu/AMD: Make the LFENCE instruction serialized\n (Elena Reshetova) [Orabug: 27340459] (CVE-2017-5753)\n\n - kABI: Make the boot_cpu_data look normal. (Konrad\n Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715)\n\n - kernel.spec: Require the new microcode_ctl. (Konrad\n Rzeszutek Wilk) [Orabug: 27339995] (CVE-2017-5715)\n (CVE-2017-5715)\n\n - x86/microcode/AMD: Add support for fam17h microcode\n loading (Tom Lendacky) [Orabug: 27339995]\n (CVE-2017-5715)\n\n - x86/spec_ctrl: Disable if running as Xen PV guest.\n (Konrad Rzeszutek Wilk) [Orabug: 27339995]\n (CVE-2017-5715)\n\n - Set IBPB when running a different VCPU (Dave Hansen)\n [Orabug: 27339995] (CVE-2017-5715)\n\n - Clear the host registers after setbe (Jun Nakajima)\n [Orabug: 27339995] (CVE-2017-5715)\n\n - Use the ibpb_inuse variable. (Jun Nakajima) [Orabug:\n 27339995] (CVE-2017-5715)\n\n - KVM: x86: add SPEC_CTRL to MSR and CPUID lists (Andrea\n Arcangeli) [Orabug: 27339995] (CVE-2017-5715)\n\n - kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD\n (Paolo Bonzini) [Orabug: 27339995] (CVE-2017-5715)\n\n - Use the 'ibrs_inuse' variable. (Jun Nakajima) [Orabug:\n 27339995] (CVE-2017-5715)\n\n - kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD\n (Andrea Arcangeli) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86/svm: Set IBPB when running a different VCPU (Paolo\n Bonzini) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86/kvm: Pad RSB on VM transition (Tim Chen) [Orabug:\n 27339995] (CVE-2017-5715)\n\n - x86/cpu/AMD: Add speculative control support for AMD\n (Tom Lendacky) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86/microcode: Recheck IBRS and IBPB feature on\n microcode reload (Tim Chen) [Orabug: 27339995]\n (CVE-2017-5715)\n\n - x86: Move IBRS/IBPB feature detection to scattered.c\n (Tim Chen) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86/spec_ctrl: Add lock to serialize changes to ibrs and\n ibpb control (Tim Chen) [Orabug: 27339995]\n (CVE-2017-5715)\n\n - x86/spec_ctrl: Add sysctl knobs to enable/disable\n SPEC_CTRL feature (Konrad Rzeszutek Wilk) [Orabug:\n 27339995] (CVE-2017-5715)\n\n - x86/kvm: clear registers on VM exit (Tom Lendacky)\n [Orabug: 27339995] (CVE-2017-5715)\n\n - x86/kvm: Set IBPB when switching VM (Tim Chen) [Orabug:\n 27339995] (CVE-2017-5715)\n\n - *INCOMPLETE* x86/syscall: Clear unused extra registers\n on syscall entrance (Konrad Rzeszutek Wilk) [Orabug:\n 27339995] (CVE-2017-5715)\n\n - x86/entry: Stuff RSB for entry to kernel for non-SMEP\n platform (Konrad Rzeszutek Wilk) [Orabug: 27339995]\n (CVE-2017-5715)\n\n - x86/mm: Only set IBPB when the new thread cannot ptrace\n current thread (Konrad Rzeszutek Wilk) [Orabug:\n 27339995] (CVE-2017-5715)\n\n - x86/mm: Set IBPB upon context switch (Tim Chen) [Orabug:\n 27339995] (CVE-2017-5715)\n\n - x86/idle: Disable IBRS when offlining cpu and re-enable\n on wakeup (Tim Chen) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86/idle: Disable IBRS entering idle and enable it on\n wakeup (Tim Chen) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86/spec_ctrl: save IBRS MSR value in paranoid_entry\n (Andrea Arcangeli) [Orabug: 27339995] (CVE-2017-5715)\n\n - *Scaffolding* x86/spec_ctrl: Add sysctl knobs to\n enable/disable SPEC_CTRL feature (Tim Chen) [Orabug:\n 27339995] (CVE-2017-5715)\n\n - x86/enter: Use IBRS on syscall and interrupts (Tim Chen)\n [Orabug: 27339995] (CVE-2017-5715)\n\n - x86: Add macro that does not save rax, rcx, rdx on stack\n to disable IBRS (Tim Chen) [Orabug: 27339995]\n (CVE-2017-5715)\n\n - x86/enter: MACROS to set/clear IBRS and set IBP (Tim\n Chen) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86/feature: Report presence of IBPB and IBRS control\n (Tim Chen) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86: Add STIBP feature enumeration (Konrad Rzeszutek\n Wilk) [Orabug: 27339995] (CVE-2017-5715)\n\n - x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and\n X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug:\n 27339995] (CVE-2017-5715)\n\n - x86/feature: Enable the x86 feature to control (Tim\n Chen) [Orabug: 27339995] (CVE-2017-5715)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2018-January/000818.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e046af99\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-112.14.5.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-112.14.5.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-03-10T20:22:05", "description": "The remote host is running a version of RancherOS prior to 1.4.0, hence is exposted to a side-channel vulnerabilities:\n\n - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.(CVE-2017-5753)\n\n - A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer\u2019s Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. (CVE-2018-8897)", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-19T00:00:00", "type": "nessus", "title": "RancherOS < 1.4.0 Information Disclosure", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5753", "CVE-2018-8897"], "modified": "2020-08-19T00:00:00", "cpe": ["cpe:/o:rancher:rancheros"], "id": "RANCHEROS_1_4_0.NASL", "href": "https://www.tenable.com/plugins/nessus/132252", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @NOAGENT@\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132252);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/19\");\n\n script_cve_id(\"CVE-2017-5753\", \"CVE-2018-8897\");\n script_bugtraq_id(102371, 104071);\n\n script_name(english:\"RancherOS < 1.4.0 Information Disclosure\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of RancherOS prior to 1.4.0, hence is\nexposted to a side-channel vulnerabilities:\n\n - Systems with microprocessors utilizing speculative execution and branch\n prediction may allow unauthorized disclosure of information to an attacker\n with local user access via a side-channel analysis.(CVE-2017-5753)\n\n - A statement in the System Programming Guide of the Intel 64 and IA-32\n Architectures Software Developer\u00e2\u0080\u0099s Manual (SDM) was mishandled in the\n development of some or all operating-system kernels, resulting in\n unexpected behavior for #DB exceptions that are deferred by MOV SS or\n POP SS, as demonstrated by (for example) privilege escalation in\n Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel\n crash. (CVE-2018-8897)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://rancher.com/docs/os/v1.x/en/about/security/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/rancher/os/releases/tag/v1.4.0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to RancherOS v1.4.0 or later\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-8897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rancher:rancheros\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint_linux_distro.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RancherOS/version\", \"Host/RancherOS\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\n# Fix version is v1.4.0\nfix_version = '1.4.0';\nos = get_kb_item('Host/RancherOS');\n\nif (!os) audit(AUDIT_OS_NOT, 'RancherOS');\n\nos_ver = get_kb_item('Host/RancherOS/version');\nif (!os_ver)\n{\n exit(1, 'Could not determine the RancherOS version');\n}\n\nmatch = pregmatch(pattern:\"v([0-9\\.]+)\", string:os_ver);\n\nif (!isnull(match))\n{ \n version = match[1]; \n if (ver_compare(ver:version, fix:fix_version, strict:TRUE) == -1)\n {\n security_report_v4(\n port:0,\n severity:SECURITY_HOLE,\n extra:\n '\\n Installed version : ' + os_ver +\n '\\n Fixed version : v' + fix_version +\n '\\n'\n );\n }\n}\n\naudit(AUDIT_INST_VER_NOT_VULN, 'RancherOS', os_ver);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-08T14:49:34", "description": "Bounds Check bypass and Branch Target Injection issues\n\nCPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. (Speculative execution is an automatic and inherent CPU performance optimization used in all modern processors.) ESXi, Workstation and Fusion are vulnerable to Bounds Check Bypass and Branch Target Injection issues resulting from this vulnerability.\n\nResult of exploitation may allow for information disclosure from one Virtual Machine to another Virtual Machine that is running on the same host. The remediation listed in the table below is for the known variants of the Bounds Check Bypass and Branch Target Injection issues.\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-5753 (Bounds Check bypass) and CVE-2017-5715 (Branch Target Injection) to these issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-04T00:00:00", "type": "nessus", "title": "VMSA-2018-0002 : VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution. (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753"], "modified": "2018-08-06T00:00:00", "cpe": ["cpe:/o:vmware:esxi:5.5", "cpe:/o:vmware:esxi:6.0", "cpe:/o:vmware:esxi:6.5"], "id": "VMWARE_VMSA-2018-0002.NASL", "href": "https://www.tenable.com/plugins/nessus/105584", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from VMware Security Advisory 2018-0002. \n# The text itself is copyright (C) VMware Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105584);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2018/08/06 14:03:16\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\");\n script_xref(name:\"VMSA\", value:\"2018-0002\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"VMSA-2018-0002 : VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution. (Spectre)\");\n script_summary(english:\"Checks esxupdate output for the patches\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote VMware ESXi host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Bounds Check bypass and Branch Target Injection issues\n\nCPU data cache timing can be abused to efficiently leak information\nout of mis-speculated CPU execution, leading to (at worst) arbitrary\nvirtual memory read vulnerabilities across local security boundaries\nin various contexts. (Speculative execution is an automatic and\ninherent CPU performance optimization used in all modern processors.)\nESXi, Workstation and Fusion are vulnerable to Bounds Check Bypass\nand Branch Target Injection issues resulting from this vulnerability.\n\nResult of exploitation may allow for information disclosure from one\nVirtual Machine to another Virtual Machine that is running on the\nsame host. The remediation listed in the table below is for the known\nvariants of the Bounds Check Bypass and Branch Target Injection\nissues.\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the identifiers CVE-2017-5753 (Bounds Check bypass) and\nCVE-2017-5715 (Branch Target Injection) to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://lists.vmware.com/pipermail/security-announce/2018/000400.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply the missing patches.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:5.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:esxi:6.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"VMware ESX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/VMware/release\", \"Host/VMware/version\");\n script_require_ports(\"Host/VMware/esxupdate\", \"Host/VMware/esxcli_software_vibs\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"vmware_esx_packages.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/VMware/release\")) audit(AUDIT_OS_NOT, \"VMware ESX / ESXi\");\nif (\n !get_kb_item(\"Host/VMware/esxcli_software_vibs\") &&\n !get_kb_item(\"Host/VMware/esxupdate\")\n) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ninit_esx_check(date:\"2018-01-03\");\nflag = 0;\n\n\nif (esx_check(ver:\"ESXi 5.5\", vib:\"VMware:esx-base:5.5.0-3.103.6480267\")) flag++;\n\nif (esx_check(ver:\"ESXi 6.0\", vib:\"VMware:esx-base:6.0.0-3.76.6856897\")) flag++;\nif (esx_check(ver:\"ESXi 6.0\", vib:\"VMware:vsan:6.0.0-3.76.6769077\")) flag++;\nif (esx_check(ver:\"ESXi 6.0\", vib:\"VMware:vsanhealth:6.0.0-3000000.3.0.3.76.6769078\")) flag++;\n\nif (esx_check(ver:\"ESXi 6.5\", vib:\"VMware:esx-base:6.5.0-1.33.7273056\")) flag++;\nif (esx_check(ver:\"ESXi 6.5\", vib:\"VMware:esx-tboot:6.5.0-1.33.7273056\")) flag++;\nif (esx_check(ver:\"ESXi 6.5\", vib:\"VMware:vsan:6.5.0-1.33.6852403\")) flag++;\nif (esx_check(ver:\"ESXi 6.5\", vib:\"VMware:vsanhealth:6.5.0-1.33.6852404\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:esx_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:46:52", "description": "The NVIDIA GPU display driver software on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-12T00:00:00", "type": "nessus", "title": "NVIDIA Windows GPU Display Driver 384.x / 385.x / 386.x < 386.07 / 390.x < 390.65 Multiple Vulnerabilities (Meltdown)(Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/a:nvidia:gpu_driver"], "id": "NVIDIA_WIN_CVE_2017_5753.NASL", "href": "https://www.tenable.com/plugins/nessus/105777", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105777);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_bugtraq_id(102371, 102376, 102378);\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"NVIDIA Windows GPU Display Driver 384.x / 385.x / 386.x < 386.07 / 390.x < 390.65 Multiple Vulnerabilities (Meltdown)(Spectre)\");\n script_summary(english:\"Checks the driver version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A display driver installed on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The NVIDIA GPU display driver software on the remote host is missing\na security update. It is, therefore, affected by multiple\nvulnerabilities.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://nvidia.custhelp.com/app/answers/detail/a_id/4611\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the NVIDIA graphics driver to version 386.07 or 390.65 or\nlater in accordance with the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5754\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/12\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:nvidia:gpu_driver\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wmi_enum_display_drivers.nbin\");\n script_require_keys(\"WMI/DisplayDrivers/NVIDIA\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nkb_base = 'WMI/DisplayDrivers/';\n\n# double check in case optimization is disabled\nkbs = get_kb_list(kb_base + '*/Name');\nif (isnull(kbs)) exit(0, 'No display drivers were found.');\n\nreport = '';\n\nforeach kb (keys(kbs))\n{\n name = kbs[kb];\n # only check NVIDIA drivers\n if (\"NVIDIA\" >!< name) continue;\n\n nvidia_found = TRUE;\n id = kb - kb_base - '/Name';\n version = get_kb_item_or_exit(kb_base + id + '/Version');\n driver_date = get_kb_item_or_exit(kb_base + id + '/DriverDate');\n\n disp_driver_date = driver_date;\n\n # convert to something we can pass to ver_compare (YYYY.MM.DD)\n driver_date = split(driver_date, sep:'/', keep:FALSE);\n driver_date = driver_date[2] + '.' + driver_date[0] + '.' + driver_date[1];\n\n fix = '';\n\n # 384.x / 385.x / 386.x < 386.07 / 390.x < 390.65\n if (version =~ \"^38[456]\\.\")\n fix = \"386.07\";\n else if (version =~ \"^390\\.\")\n fix = \"390.65\";\n\n if (!empty(fix) && (ver_compare(ver:version, fix:fix, strict:FALSE) == -1))\n {\n order = make_list('Device name','Driver version','Driver date','Fixed version');\n report = make_array(\n order[0],name,\n order[1],version,\n order[2],disp_driver_date,\n order[3],fix\n );\n\n report = report_items_str(report_items:report, ordered_fields:order);\n break;\n }\n}\n\nif (!nvidia_found) exit(0, 'No NVIDIA display drivers were found.');\n\nif (!empty(report))\n security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);\nelse\n exit(0, \"No vulnerable NVIDIA display drivers were found.\");\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:51:39", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* hw: cpu: speculative execution branch target injection (s390-only) (CVE-2017-5715, Important)\n\n* hw: cpu: speculative execution bounds-check bypass (s390 and powerpc) (CVE-2017-5753, Important)\n\n* hw: cpu: speculative execution permission faults handling (powerpc-only) (CVE-2017-5754)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fixes :\n\n* If a fibre channel (FC) switch was powered down and then powered on again, the SCSI device driver stopped permanently the SCSI device's request queue. Consequently, the FC port login failed, leaving the port state as 'Bypassed' instead of 'Online', and users had to reboot the operating system. This update fixes the driver to avoid the permanent stop of the request queue. As a result, SCSI device now continues working as expected after power cycling the FC switch.\n(BZ#1519857)\n\n* Previously, on final close or unlink of a file, the find_get_pages() function in the memory management sometimes found no pages even if there were some pages left to save. Consequently, a kernel crash occurred when attempting to enter the unlink() function. This update fixes the find_get_pages() function in the memory management code to not return 0 too early. As a result, the kernel no longer crashes due to this behavior.(BZ# 1527811)\n\n* Using IPsec connections under a heavy load could previously lead to a network performance degradation, especially when using the aesni-intel module. This update fixes the issue by making the cryptd queue length configurable so that it can be increased to prevent an overflow and packet drop. As a result, using IPsec under a heavy load no longer reduces network performance. (BZ#1527802)\n\n* Previously, a deadlock in the bnx2fc driver caused all adapters to block and the SCSI error handler to become unresponsive. As a result, data transferring through the adapter was sometimes blocked. This update fixes bnx2fc, and data transferring through the adapter is no longer blocked due to this behavior. (BZ#1523783)\n\n* If an NFSv3 client mounted a subdirectory of an exported file system, a directory entry to the mount hosting the export was incorrectly held even after clearing the cache. Consequently, attempts to unmount the subdirectory with the umount command failed with the EBUSY error. With this update, the underlying source code has been fixed, and the unmount operation now succeeds as expected in the described situation. (BZ#1535938)\n\nUsers of kernel are advised to upgrade to these updated packages, which fix these bugs. The system must be rebooted for this update to take effect.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-03-14T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2018:0512) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2020-05-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-0512.NASL", "href": "https://www.tenable.com/plugins/nessus/108329", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0512. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108329);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/18\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"RHSA\", value:\"2018:0512\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2018:0512) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* hw: cpu: speculative execution branch target injection (s390-only)\n(CVE-2017-5715, Important)\n\n* hw: cpu: speculative execution bounds-check bypass (s390 and\npowerpc) (CVE-2017-5753, Important)\n\n* hw: cpu: speculative execution permission faults handling\n(powerpc-only) (CVE-2017-5754)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fixes :\n\n* If a fibre channel (FC) switch was powered down and then powered on\nagain, the SCSI device driver stopped permanently the SCSI device's\nrequest queue. Consequently, the FC port login failed, leaving the\nport state as 'Bypassed' instead of 'Online', and users had to reboot\nthe operating system. This update fixes the driver to avoid the\npermanent stop of the request queue. As a result, SCSI device now\ncontinues working as expected after power cycling the FC switch.\n(BZ#1519857)\n\n* Previously, on final close or unlink of a file, the find_get_pages()\nfunction in the memory management sometimes found no pages even if\nthere were some pages left to save. Consequently, a kernel crash\noccurred when attempting to enter the unlink() function. This update\nfixes the find_get_pages() function in the memory management code to\nnot return 0 too early. As a result, the kernel no longer crashes due\nto this behavior.(BZ# 1527811)\n\n* Using IPsec connections under a heavy load could previously lead to\na network performance degradation, especially when using the\naesni-intel module. This update fixes the issue by making the cryptd\nqueue length configurable so that it can be increased to prevent an\noverflow and packet drop. As a result, using IPsec under a heavy load\nno longer reduces network performance. (BZ#1527802)\n\n* Previously, a deadlock in the bnx2fc driver caused all adapters to\nblock and the SCSI error handler to become unresponsive. As a result,\ndata transferring through the adapter was sometimes blocked. This\nupdate fixes bnx2fc, and data transferring through the adapter is no\nlonger blocked due to this behavior. (BZ#1523783)\n\n* If an NFSv3 client mounted a subdirectory of an exported file\nsystem, a directory entry to the mount hosting the export was\nincorrectly held even after clearing the cache. Consequently, attempts\nto unmount the subdirectory with the umount command failed with the\nEBUSY error. With this update, the underlying source code has been\nfixed, and the unmount operation now succeeds as expected in the\ndescribed situation. (BZ#1535938)\n\nUsers of kernel are advised to upgrade to these updated packages,\nwhich fix these bugs. The system must be rebooted for this update to\ntake effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5754\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:0512\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0512\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-abi-whitelists-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-696.23.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-696.23.1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:52", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform.\n\n - CVE-2017-5753 / 'Spectre Attack': IBM Z fixes were included but not enabled in the previous update. This update enables those fixes.\n\n - CVE-2017-5715 / 'Spectre Attack': IBM Z fixes were already included in the previous update. A bugfix for the patches has been applied on top.\n\n - CVE-2017-5754: The IBM Z architecture is not affected by the 'Meltdown' attack.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0069-1) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0069-1.NASL", "href": "https://www.tenable.com/plugins/nessus/105765", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0069-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105765);\n script_version(\"3.10\");\n script_cvs_date(\"Date: 2019/09/10 13:51:46\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0069-1) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\nsecurity and bugfixes. This update is only provided as a fix update\nfor IBM Z platform.\n\n - CVE-2017-5753 / 'Spectre Attack': IBM Z fixes were\n included but not enabled in the previous update. This\n update enables those fixes.\n\n - CVE-2017-5715 / 'Spectre Attack': IBM Z fixes were\n already included in the previous update. A bugfix for\n the patches has been applied on top.\n\n - CVE-2017-5754: The IBM Z architecture is not affected by\n the 'Meltdown' attack.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5715/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5753/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180069-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fbd883d8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-48=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-48=1\n\nSUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch\nSUSE-SLE-HA-12-SP2-2018-48=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/12\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"s390x\") audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-4.4.103-92.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-base-4.4.103-92.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-base-debuginfo-4.4.103-92.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-debuginfo-4.4.103-92.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-debugsource-4.4.103-92.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-devel-4.4.103-92.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.103-92.59.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-syms-4.4.103-92.59.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:55", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-04T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2018:0020) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6.2"], "id": "REDHAT-RHSA-2018-0020.NASL", "href": "https://www.tenable.com/plugins/nessus/105562", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0020. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105562);\n script_version(\"3.17\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"RHSA\", value:\"2018:0020\");\n script_xref(name:\"IAVA\", value:\"2018-A-0017\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2018:0020) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.2\nAdvanced Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization). There are three primary\nvariants of the issue which differ in the way the speculative\nexecution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software\nmitigation for this hardware issue at a cost of potential performance\npenalty. Please refer to References section for further information\nabout this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing\na bounds-check bypass. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing\nbranch target injection. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall and\nguest/host boundaries and read privileged memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction\npermission faults, exception generation triggered by a faulting access\nis suppressed until the retirement of the whole instruction block. In\na combination with the fact that memory accesses may populate the\ncache even when the block is being dropped and never committed\n(executed), an unprivileged local attacker could use this flaw to read\nprivileged (kernel space) memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64\nmicroprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these\nissues.\"\n );\n # https://access.redhat.com/security/vulnerabilities/speculativeexecution\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?892ef523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0020\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6\\.2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.2\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:0020\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0020\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-2.6.32-220.76.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-220.76.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-220.76.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-220.76.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-220.76.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-220.76.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-220.76.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", reference:\"kernel-doc-2.6.32-220.76.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", reference:\"kernel-firmware-2.6.32-220.76.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-220.76.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"perf-2.6.32-220.76.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-220.76.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-220.76.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"2\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-220.76.2.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:20", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-04T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2018:0016) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2018-0016.NASL", "href": "https://www.tenable.com/plugins/nessus/105532", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0016. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105532);\n script_version(\"3.18\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"RHSA\", value:\"2018:0016\");\n script_xref(name:\"IAVA\", value:\"2018-A-0017\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2018:0016) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization). There are three primary\nvariants of the issue which differ in the way the speculative\nexecution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software\nmitigation for this hardware issue at a cost of potential performance\npenalty. Please refer to References section for further information\nabout this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing\na bounds-check bypass. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing\nbranch target injection. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall and\nguest/host boundaries and read privileged memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction\npermission faults, exception generation triggered by a faulting access\nis suppressed until the retirement of the whole instruction block. In\na combination with the fact that memory accesses may populate the\ncache even when the block is being dropped and never committed\n(executed), an unprivileged local attacker could use this flaw to read\nprivileged (kernel space) memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64\nmicroprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these\nissues.\"\n );\n # https://access.redhat.com/security/vulnerabilities/speculativeexecution\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?892ef523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0016\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:0016\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0016\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-693.11.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-693.11.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-693.11.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-693.11.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-3.10.0-693.11.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-3.10.0-693.11.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-693.11.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-693.11.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-693.11.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-693.11.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-3.10.0-693.11.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-3.10.0-693.11.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-693.11.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-693.11.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-693.11.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-3.10.0-693.11.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-debuginfo-3.10.0-693.11.1.rt56.639.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:49:31", "description": "USN-3541-1 addressed vulnerabilities in the Linux kernel for Ubuntu 17.10. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.\n\nJann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures.\n(CVE-2017-5715, CVE-2017-5753)\n\nUSN-3523-2 mitigated CVE-2017-5754 (Meltdown) for the amd64 architecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS. This update provides the corresponding mitigations for the ppc64el architecture. \n\nJann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-23T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities (USN-3541-2) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3541-2.NASL", "href": "https://www.tenable.com/plugins/nessus/106271", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3541-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106271);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"USN\", value:\"3541-2\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-hwe, linux-azure, linux-gcp, linux-oem vulnerabilities (USN-3541-2) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-3541-1 addressed vulnerabilities in the Linux kernel for Ubuntu\n17.10. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04\nLTS.\n\nJann Horn discovered that microprocessors utilizing speculative\nexecution and branch prediction may allow unauthorized memory reads\nvia sidechannel attacks. This flaw is known as Spectre. A local\nattacker could use this to expose sensitive information, including\nkernel memory. This update provides mitigations for the i386\n(CVE-2017-5753 only), amd64, ppc64el, and s390x architectures.\n(CVE-2017-5715, CVE-2017-5753)\n\nUSN-3523-2 mitigated CVE-2017-5754 (Meltdown) for the amd64\narchitecture in the Linux Hardware Enablement (HWE) kernel from Ubuntu\n17.10 for Ubuntu 16.04 LTS. This update provides the corresponding\nmitigations for the ppc64el architecture. \n\nJann Horn discovered that microprocessors utilizing speculative\nexecution and indirect branch prediction may allow unauthorized memory\nreads via sidechannel attacks. This flaw is known as Meltdown. A local\nattacker could use this to expose sensitive information, including\nkernel memory. (CVE-2017-5754).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3541-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3541-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.13.0-1006-azure\", pkgver:\"4.13.0-1006.8\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.13.0-1007-gcp\", pkgver:\"4.13.0-1007.10\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.13.0-1017-oem\", pkgver:\"4.13.0-1017.18\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.13.0-31-generic\", pkgver:\"4.13.0-31.34~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.13.0-31-lowlatency\", pkgver:\"4.13.0-31.34~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-azure\", pkgver:\"4.13.0.1006.7\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.13.0.1007.9\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.13.0.31.51\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.13.0.1007.9\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.13.0.31.51\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oem\", pkgver:\"4.13.0.1017.21\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.13-azure / linux-image-4.13-gcp / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:47:32", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 23rd January 2019] The text has been updated to correct the list of architectures addressed by the CVE-2017-5753 mitigation. No changes have been made to the packages.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update, mitigations for x86 (CVE-2017-5753) and x86-64 (CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754) architectures are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-04T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2018:0011) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6.7"], "id": "REDHAT-RHSA-2018-0011.NASL", "href": "https://www.tenable.com/plugins/nessus/105527", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0011. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105527);\n script_version(\"3.19\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"RHSA\", value:\"2018:0011\");\n script_xref(name:\"IAVA\", value:\"2018-A-0017\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2018:0011) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.7\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 23rd January 2019] The text has been updated to correct the\nlist of architectures addressed by the CVE-2017-5753 mitigation. No\nchanges have been made to the packages.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization). There are three primary\nvariants of the issue which differ in the way the speculative\nexecution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software\nmitigation for this hardware issue at a cost of potential performance\npenalty. Please refer to References section for further information\nabout this issue and the performance impact.\n\nIn this update, mitigations for x86 (CVE-2017-5753) and x86-64\n(CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754) architectures are\nprovided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing\na bounds-check bypass. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing\nbranch target injection. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall and\nguest/host boundaries and read privileged memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction\npermission faults, exception generation triggered by a faulting access\nis suppressed until the retirement of the whole instruction block. In\na combination with the fact that memory accesses may populate the\ncache even when the block is being dropped and never committed\n(executed), an unprivileged local attacker could use this flaw to read\nprivileged (kernel space) memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64\nmicroprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these\nissues.\"\n );\n # https://access.redhat.com/security/vulnerabilities/speculativeexecution\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?892ef523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0011\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6\\.7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.7\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:0011\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0011\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"kernel-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"kernel-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", reference:\"kernel-abi-whitelists-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", reference:\"kernel-doc-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", reference:\"kernel-firmware-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"perf-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"perf-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"perf-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"python-perf-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"python-perf-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-573.49.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-573.49.3.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:47:33", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-04T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2018:0018) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6.4"], "id": "REDHAT-RHSA-2018-0018.NASL", "href": "https://www.tenable.com/plugins/nessus/105561", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0018. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105561);\n script_version(\"3.17\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"RHSA\", value:\"2018:0018\");\n script_xref(name:\"IAVA\", value:\"2018-A-0017\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2018:0018) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.4\nAdvanced Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization). There are three primary\nvariants of the issue which differ in the way the speculative\nexecution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software\nmitigation for this hardware issue at a cost of potential performance\npenalty. Please refer to References section for further information\nabout this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing\na bounds-check bypass. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing\nbranch target injection. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall and\nguest/host boundaries and read privileged memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction\npermission faults, exception generation triggered by a faulting access\nis suppressed until the retirement of the whole instruction block. In\na combination with the fact that memory accesses may populate the\ncache even when the block is being dropped and never committed\n(executed), an unprivileged local attacker could use this flaw to read\nprivileged (kernel space) memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64\nmicroprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these\nissues.\"\n );\n # https://access.redhat.com/security/vulnerabilities/speculativeexecution\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?892ef523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0018\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6\\.4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.4\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:0018\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0018\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-2.6.32-358.84.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-358.84.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-358.84.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-358.84.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-358.84.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-358.84.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-358.84.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", reference:\"kernel-doc-2.6.32-358.84.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", reference:\"kernel-firmware-2.6.32-358.84.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-358.84.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"perf-2.6.32-358.84.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-358.84.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-358.84.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"4\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-358.84.2.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:47:33", "description": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-25T00:00:00", "type": "nessus", "title": "AIX 6.1 TL 9 : spectre_meltdown (IJ03030) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-04-05T00:00:00", "cpe": ["cpe:/o:ibm:aix:6.1"], "id": "AIX_IJ03030.NASL", "href": "https://www.tenable.com/plugins/nessus/106311", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory spectre_meltdown_advisory.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106311);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"AIX 6.1 TL 9 : spectre_meltdown (IJ03030) (Meltdown) (Spectre)\");\n script_summary(english:\"Check for APAR IJ03030\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Systems with microprocessors utilizing speculative execution and indirect\nbranch prediction may allow unauthorized disclosure of information to an\nattacker with local user access via a side-channel analysis.\"\n );\n # http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0ecfba9a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5715\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:6.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"former\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"6.1\", ml:\"09\", sp:\"08\", patch:\"IJ03030m8a\", package:\"bos.mp64\", minfilesetver:\"6.1.9.0\", maxfilesetver:\"6.1.9.300\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", ml:\"09\", sp:\"09\", patch:\"(IJ03030m9a|IJ05824m9a)\", package:\"bos.mp64\", minfilesetver:\"6.1.9.0\", maxfilesetver:\"6.1.9.300\") < 0) flag++;\nif (aix_check_ifix(release:\"6.1\", ml:\"09\", sp:\"10\", patch:\"(IJ03030mAa|IJ05824mAa)\", package:\"bos.mp64\", minfilesetver:\"6.1.9.0\", maxfilesetver:\"6.1.9.300\") < 0) flag++;\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:47:35", "description": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-25T00:00:00", "type": "nessus", "title": "AIX 7.2 TL 2 : spectre_meltdown (IJ03036) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-04-05T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.2"], "id": "AIX_IJ03036.NASL", "href": "https://www.tenable.com/plugins/nessus/106316", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory spectre_meltdown_advisory.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106316);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"AIX 7.2 TL 2 : spectre_meltdown (IJ03036) (Meltdown) (Spectre)\");\n script_summary(english:\"Check for APAR IJ03036\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Systems with microprocessors utilizing speculative execution and indirect\nbranch prediction may allow unauthorized disclosure of information to an\nattacker with local user access via a side-channel analysis.\"\n );\n # http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0ecfba9a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5715\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"former\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.2\", ml:\"02\", sp:\"00\", patch:\"(IJ03036m1a|IJ05818m1a)\", package:\"bos.mp64\", minfilesetver:\"7.2.2.0\", maxfilesetver:\"7.2.2.0\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"02\", sp:\"01\", patch:\"(IJ03036m1a|IJ05818m1a)\", package:\"bos.mp64\", minfilesetver:\"7.2.2.0\", maxfilesetver:\"7.2.2.0\") < 0) flag++;\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:47:39", "description": "The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-0008 advisory.\n\n - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5715)\n\n - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5753)\n\n - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. (CVE-2017-5754)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-05T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : kernel (ELSA-2018-0008)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2018-0008.NASL", "href": "https://www.tenable.com/plugins/nessus/105599", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-0008.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105599);\n script_version(\"3.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"RHSA\", value:\"2018:0008\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2018-0008)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2018-0008 advisory.\n\n - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow\n unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5715)\n\n - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized\n disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5753)\n\n - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow\n unauthorized disclosure of information to an attacker with local user access via a side-channel analysis\n of the data cache. (CVE-2017-5754)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2018-0008.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5754\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-696.18.7.el6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2018-0008');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-2.6.32-696.18.7.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-2.6.32-696.18.7.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-abi-whitelists-2.6.32-696.18.7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-2.6.32'},\n {'reference':'kernel-debug-2.6.32-696.18.7.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-2.6.32-696.18.7.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-696.18.7.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-696.18.7.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-696.18.7.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-696.18.7.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-firmware-2.6.32-696.18.7.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-firmware-2.6.32'},\n {'reference':'kernel-headers-2.6.32-696.18.7.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'kernel-headers-2.6.32-696.18.7.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'perf-2.6.32-696.18.7.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-696.18.7.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-696.18.7.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:55:20", "description": "Security Fix(es) :\n\n - hw: cpu: speculative execution branch target injection (s390-only) (CVE-2017-5715, Important)\n\n - hw: cpu: speculative execution bounds-check bypass (s390 and powerpc) (CVE-2017-5753, Important)\n\n - hw: cpu: speculative execution permission faults handling (powerpc-only) (CVE-2017-5754)\n\nBug Fixes :\n\n - If a fibre channel (FC) switch was powered down and then powered on again, the SCSI device driver stopped permanently the SCSI device's request queue.\n Consequently, the FC port login failed, leaving the port state as 'Bypassed' instead of 'Online', and users had to reboot the operating system. This update fixes the driver to avoid the permanent stop of the request queue.\n As a result, SCSI device now continues working as expected after power cycling the FC switch.\n\n - Previously, on final close or unlink of a file, the find_get_pages() function in the memory management sometimes found no pages even if there were some pages left to save. Consequently, a kernel crash occurred when attempting to enter the unlink() function. This update fixes the find_get_pages() function in the memory management code to not return 0 too early. As a result, the kernel no longer crashes due to this behavior.\n\n - Using IPsec connections under a heavy load could previously lead to a network performance degradation, especially when using the aesni-intel module. This update fixes the issue by making the cryptd queue length configurable so that it can be increased to prevent an overflow and packet drop. As a result, using IPsec under a heavy load no longer reduces network performance.\n\n - Previously, a deadlock in the bnx2fc driver caused all adapters to block and the SCSI error handler to become unresponsive. As a result, data transferring through the adapter was sometimes blocked. This update fixes bnx2fc, and data transferring through the adapter is no longer blocked due to this behavior.\n\n - If an NFSv3 client mounted a subdirectory of an exported file system, a directory entry to the mount hosting the export was incorrectly held even after clearing the cache. Consequently, attempts to unmount the subdirectory with the umount command failed with the EBUSY error. With this update, the underlying source code has been fixed, and the unmount operation now succeeds as expected in the described situation.\n\nThe system must be rebooted for this update to take effect.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-03-15T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20180313) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-firmware", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20180313_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/108364", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108364);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20180313) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - hw: cpu: speculative execution branch target injection\n (s390-only) (CVE-2017-5715, Important)\n\n - hw: cpu: speculative execution bounds-check bypass (s390\n and powerpc) (CVE-2017-5753, Important)\n\n - hw: cpu: speculative execution permission faults\n handling (powerpc-only) (CVE-2017-5754)\n\nBug Fixes :\n\n - If a fibre channel (FC) switch was powered down and then\n powered on again, the SCSI device driver stopped\n permanently the SCSI device's request queue.\n Consequently, the FC port login failed, leaving the port\n state as 'Bypassed' instead of 'Online', and users had\n to reboot the operating system. This update fixes the\n driver to avoid the permanent stop of the request queue.\n As a result, SCSI device now continues working as\n expected after power cycling the FC switch.\n\n - Previously, on final close or unlink of a file, the\n find_get_pages() function in the memory management\n sometimes found no pages even if there were some pages\n left to save. Consequently, a kernel crash occurred when\n attempting to enter the unlink() function. This update\n fixes the find_get_pages() function in the memory\n management code to not return 0 too early. As a result,\n the kernel no longer crashes due to this behavior.\n\n - Using IPsec connections under a heavy load could\n previously lead to a network performance degradation,\n especially when using the aesni-intel module. This\n update fixes the issue by making the cryptd queue length\n configurable so that it can be increased to prevent an\n overflow and packet drop. As a result, using IPsec under\n a heavy load no longer reduces network performance.\n\n - Previously, a deadlock in the bnx2fc driver caused all\n adapters to block and the SCSI error handler to become\n unresponsive. As a result, data transferring through the\n adapter was sometimes blocked. This update fixes bnx2fc,\n and data transferring through the adapter is no longer\n blocked due to this behavior.\n\n - If an NFSv3 client mounted a subdirectory of an exported\n file system, a directory entry to the mount hosting the\n export was incorrectly held even after clearing the\n cache. Consequently, attempts to unmount the\n subdirectory with the umount command failed with the\n EBUSY error. With this update, the underlying source\n code has been fixed, and the unmount operation now\n succeeds as expected in the described situation.\n\nThe system must be rebooted for this update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1803&L=scientific-linux-errata&F=&S=&P=8507\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45c4ed6f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-abi-whitelists-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-common-i686-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-debuginfo-2.6.32-696.23.1.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:55:22", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* hw: cpu: speculative execution branch target injection (s390-only) (CVE-2017-5715, Important)\n\n* hw: cpu: speculative execution bounds-check bypass (s390 and powerpc) (CVE-2017-5753, Important)\n\n* hw: cpu: speculative execution permission faults handling (powerpc-only) (CVE-2017-5754)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fixes :\n\n* If a fibre channel (FC) switch was powered down and then powered on again, the SCSI device driver stopped permanently the SCSI device's request queue. Consequently, the FC port login failed, leaving the port state as 'Bypassed' instead of 'Online', and users had to reboot the operating system. This update fixes the driver to avoid the permanent stop of the request queue. As a result, SCSI device now continues working as expected after power cycling the FC switch.\n(BZ#1519857)\n\n* Previously, on final close or unlink of a file, the find_get_pages() function in the memory management sometimes found no pages even if there were some pages left to save. Consequently, a kernel crash occurred when attempting to enter the unlink() function. This update fixes the find_get_pages() function in the memory management code to not return 0 too early. As a result, the kernel no longer crashes due to this behavior.(BZ# 1527811)\n\n* Using IPsec connections under a heavy load could previously lead to a network performance degradation, especially when using the aesni-intel module. This update fixes the issue by making the cryptd queue length configurable so that it can be increased to prevent an overflow and packet drop. As a result, using IPsec under a heavy load no longer reduces network performance. (BZ#1527802)\n\n* Previously, a deadlock in the bnx2fc driver caused all adapters to block and the SCSI error handler to become unresponsive. As a result, data transferring through the adapter was sometimes blocked. This update fixes bnx2fc, and data transferring through the adapter is no longer blocked due to this behavior. (BZ#1523783)\n\n* If an NFSv3 client mounted a subdirectory of an exported file system, a directory entry to the mount hosting the export was incorrectly held even after clearing the cache. Consequently, attempts to unmount the subdirectory with the umount command failed with the EBUSY error. With this update, the underlying source code has been fixed, and the unmount operation now succeeds as expected in the described situation. (BZ#1535938)\n\nUsers of kernel are advised to upgrade to these updated packages, which fix these bugs. The system must be rebooted for this update to take effect.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-03-15T00:00:00", "type": "nessus", "title": "CentOS 6 : kernel (CESA-2018:0512) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-firmware", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2018-0512.NASL", "href": "https://www.tenable.com/plugins/nessus/108341", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0512 and \n# CentOS Errata and Security Advisory 2018:0512 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108341);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"RHSA\", value:\"2018:0512\");\n\n script_name(english:\"CentOS 6 : kernel (CESA-2018:0512) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* hw: cpu: speculative execution branch target injection (s390-only)\n(CVE-2017-5715, Important)\n\n* hw: cpu: speculative execution bounds-check bypass (s390 and\npowerpc) (CVE-2017-5753, Important)\n\n* hw: cpu: speculative execution permission faults handling\n(powerpc-only) (CVE-2017-5754)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fixes :\n\n* If a fibre channel (FC) switch was powered down and then powered on\nagain, the SCSI device driver stopped permanently the SCSI device's\nrequest queue. Consequently, the FC port login failed, leaving the\nport state as 'Bypassed' instead of 'Online', and users had to reboot\nthe operating system. This update fixes the driver to avoid the\npermanent stop of the request queue. As a result, SCSI device now\ncontinues working as expected after power cycling the FC switch.\n(BZ#1519857)\n\n* Previously, on final close or unlink of a file, the find_get_pages()\nfunction in the memory management sometimes found no pages even if\nthere were some pages left to save. Consequently, a kernel crash\noccurred when attempting to enter the unlink() function. This update\nfixes the find_get_pages() function in the memory management code to\nnot return 0 too early. As a result, the kernel no longer crashes due\nto this behavior.(BZ# 1527811)\n\n* Using IPsec connections under a heavy load could previously lead to\na network performance degradation, especially when using the\naesni-intel module. This update fixes the issue by making the cryptd\nqueue length configurable so that it can be increased to prevent an\noverflow and packet drop. As a result, using IPsec under a heavy load\nno longer reduces network performance. (BZ#1527802)\n\n* Previously, a deadlock in the bnx2fc driver caused all adapters to\nblock and the SCSI error handler to become unresponsive. As a result,\ndata transferring through the adapter was sometimes blocked. This\nupdate fixes bnx2fc, and data transferring through the adapter is no\nlonger blocked due to this behavior. (BZ#1523783)\n\n* If an NFSv3 client mounted a subdirectory of an exported file\nsystem, a directory entry to the mount hosting the export was\nincorrectly held even after clearing the cache. Consequently, attempts\nto unmount the subdirectory with the umount command failed with the\nEBUSY error. With this update, the underlying source code has been\nfixed, and the unmount operation now succeeds as expected in the\ndescribed situation. (BZ#1535938)\n\nUsers of kernel are advised to upgrade to these updated packages,\nwhich fix these bugs. The system must be rebooted for this update to\ntake effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2018-March/022801.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3314062b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5715\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-abi-whitelists-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-devel-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-devel-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-doc-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-firmware-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-headers-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perf-2.6.32-696.23.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-perf-2.6.32-696.23.1.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:55:47", "description": "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0029 for details.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-04-06T00:00:00", "type": "nessus", "title": "OracleVM 3.2 : xen (OVMSA-2018-0029) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-09-27T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:xen", "p-cpe:/a:oracle:vm:xen-devel", "p-cpe:/a:oracle:vm:xen-tools", "cpe:/o:oracle:vm_server:3.2"], "id": "ORACLEVM_OVMSA-2018-0029.NASL", "href": "https://www.tenable.com/plugins/nessus/108864", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2018-0029.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108864);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"OracleVM 3.2 : xen (OVMSA-2018-0029) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates : please see Oracle VM Security Advisory\nOVMSA-2018-0029 for details.\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2018-April/000839.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2dd34c4e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected xen / xen-devel / xen-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/06\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.2\", reference:\"xen-4.1.3-25.el5.223.166\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"xen-devel-4.1.3-25.el5.223.166\")) flag++;\nif (rpm_check(release:\"OVS3.2\", reference:\"xen-tools-4.1.3-25.el5.223.166\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"xen / xen-devel / xen-tools\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T16:40:55", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The recent speculative execution CVEs address three potential attacks across a wide variety of architectures and hardware platforms.\n\n - Note: This issue is present in hardware and cannot be fully fixed via software update. The nature of these vulnerabilities and their fixes introduces the possibility of reduced performance on patched systems.\n The performance impact depends on the hardware and the applications in place.\n\n - The first two variants abuse speculative execution to perform bounds-check bypass (CVE-2017-5753), or by utilizing branch target injection (CVE-2017-5715) to cause kernel code at an address under attacker control to execute speculatively. Collectively these are known as 'Spectre'.\n\n - Variant CVE-2017-5715 fixes require CPU microcode to update.And advise to contact hardware vendors to receive the appropriate microcode for your processor.\n\n - The third variant (CVE-2017-5754) relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block.\n Researchers have called this exploit 'Meltdown'.\n\n - Note1: Upgrade and performance specifications,please see http://developer.huawei.com/ict/en/performance_update\n\n - Note2i1/4sDescription of microcode and security patchesaEURtm switches,please see https://developer.huawei.com/ict/en/site-euleros/articl e/switch\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-06-07T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.2 : kernel (EulerOS-SA-2019-1637)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:2.5.2"], "id": "EULEROS_SA-2019-1637.NASL", "href": "https://www.tenable.com/plugins/nessus/125752", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125752);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-5715\",\n \"CVE-2017-5753\",\n \"CVE-2017-5754\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.2 : kernel (EulerOS-SA-2019-1637)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The recent speculative execution CVEs address three\n potential attacks across a wide variety of\n architectures and hardware platforms.\n\n - Note: This issue is present in hardware and cannot be\n fully fixed via software update. The nature of these\n vulnerabilities and their fixes introduces the\n possibility of reduced performance on patched systems.\n The performance impact depends on the hardware and the\n applications in place.\n\n - The first two variants abuse speculative execution to\n perform bounds-check bypass (CVE-2017-5753), or by\n utilizing branch target injection (CVE-2017-5715) to\n cause kernel code at an address under attacker control\n to execute speculatively. Collectively these are known\n as 'Spectre'.\n\n - Variant CVE-2017-5715 fixes require CPU microcode to\n update.And advise to contact hardware vendors to\n receive the appropriate microcode for your processor.\n\n - The third variant (CVE-2017-5754) relies on the fact\n that, on impacted microprocessors, during speculative\n execution of instruction permission faults, exception\n generation triggered by a faulting access is suppressed\n until the retirement of the whole instruction block.\n Researchers have called this exploit 'Meltdown'.\n\n - Note1: Upgrade and performance specifications,please\n see\n http://developer.huawei.com/ict/en/performance_update\n\n - Note2i1/4sDescription of microcode and security\n patchesaEURtm switches,please see\n https://developer.huawei.com/ict/en/site-euleros/articl\n e/switch\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1637\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?09e234f4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.2\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.2\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.35.4.1_39\",\n \"kernel-devel-3.10.0-514.35.4.1_39\",\n \"kernel-headers-3.10.0-514.35.4.1_39\",\n \"kernel-tools-3.10.0-514.35.4.1_39\",\n \"kernel-tools-libs-3.10.0-514.35.4.1_39\",\n \"kernel-tools-libs-devel-3.10.0-514.35.4.1_39\",\n \"perf-3.10.0-514.35.4.1_39\",\n \"python-perf-3.10.0-514.35.4.1_39\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T16:40:55", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The recent speculative execution CVEs address three potential attacks across a wide variety of architectures and hardware platforms.\n\n - Note: This issue is present in hardware and cannot be fully fixed via software update. The nature of these vulnerabilities and their fixes introduces the possibility of reduced performance on patched systems.\n The performance impact depends on the hardware and the applications in place.\n\n - The first two variants abuse speculative execution to perform bounds-check bypass (CVE-2017-5753), or by utilizing branch target injection (CVE-2017-5715) to cause kernel code at an address under attacker control to execute speculatively. Collectively these are known as 'Spectre'.\n\n - Variant CVE-2017-5715 fixes require CPU microcode to update.And advise to contact hardware vendors to receive the appropriate microcode for your processor.\n\n - The third variant (CVE-2017-5754) relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block.\n Researchers have called this exploit 'Meltdown'.\n\n - Note1: Upgrade and performance specifications,please see http://developer.huawei.com/ict/en/performance_update\n\n - Note2i1/4sDescription of microcode and security patchesaEURtm switches,please see https://developer.huawei.com/ict/en/site-euleros/articl e/switch\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2019-06-07T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.1 : kernel (EulerOS-SA-2019-1638)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:2.5.1"], "id": "EULEROS_SA-2019-1638.NASL", "href": "https://www.tenable.com/plugins/nessus/125753", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125753);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-5715\",\n \"CVE-2017-5753\",\n \"CVE-2017-5754\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.1 : kernel (EulerOS-SA-2019-1638)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The recent speculative execution CVEs address three\n potential attacks across a wide variety of\n architectures and hardware platforms.\n\n - Note: This issue is present in hardware and cannot be\n fully fixed via software update. The nature of these\n vulnerabilities and their fixes introduces the\n possibility of reduced performance on patched systems.\n The performance impact depends on the hardware and the\n applications in place.\n\n - The first two variants abuse speculative execution to\n perform bounds-check bypass (CVE-2017-5753), or by\n utilizing branch target injection (CVE-2017-5715) to\n cause kernel code at an address under attacker control\n to execute speculatively. Collectively these are known\n as 'Spectre'.\n\n - Variant CVE-2017-5715 fixes require CPU microcode to\n update.And advise to contact hardware vendors to\n receive the appropriate microcode for your processor.\n\n - The third variant (CVE-2017-5754) relies on the fact\n that, on impacted microprocessors, during speculative\n execution of instruction permission faults, exception\n generation triggered by a faulting access is suppressed\n until the retirement of the whole instruction block.\n Researchers have called this exploit 'Meltdown'.\n\n - Note1: Upgrade and performance specifications,please\n see\n http://developer.huawei.com/ict/en/performance_update\n\n - Note2i1/4sDescription of microcode and security\n patchesaEURtm switches,please see\n https://developer.huawei.com/ict/en/site-euleros/articl\n e/switch\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1638\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?35f9534c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.35.4.1_39\",\n \"kernel-devel-3.10.0-514.35.4.1_39\",\n \"kernel-headers-3.10.0-514.35.4.1_39\",\n \"kernel-tools-3.10.0-514.35.4.1_39\",\n \"kernel-tools-libs-3.10.0-514.35.4.1_39\",\n \"kernel-tools-libs-devel-3.10.0-514.35.4.1_39\",\n \"perf-3.10.0-514.35.4.1_39\",\n \"python-perf-3.10.0-514.35.4.1_39\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:52", "description": "Security Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. The performance impact of these patches may vary considerably based on workload and hardware configuration.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-04T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20180103) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-firmware", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20180103_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/105534", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105534);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20180103) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization). There are three primary\nvariants of the issue which differ in the way the speculative\nexecution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software\nmitigation for this hardware issue at a cost of potential performance\npenalty. The performance impact of these patches may vary considerably\nbased on workload and hardware configuration.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing\na bounds-check bypass. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing\nbranch target injection. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall and\nguest/host boundaries and read privileged memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction\npermission faults, exception generation triggered by a faulting access\nis suppressed until the retirement of the whole instruction block. In\na combination with the fact that memory accesses may populate the\ncache even when the block is being dropped and never committed\n(executed), an unprivileged local attacker could use this flaw to read\nprivileged (kernel space) memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64\nmicroprocessors are not affected by this issue.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1801&L=scientific-linux-errata&F=&S=&P=769\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bd2ad4ad\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-abi-whitelists-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-common-i686-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-debuginfo-2.6.32-696.18.7.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:52", "description": "It was discovered that speculative execution performed by modern CPUs could leak information through a timing side-channel attack, and that this could be exploited in web browser JavaScript engines. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions. (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-08T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : firefox vulnerabilities (USN-3516-1) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:firefox", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3516-1.NASL", "href": "https://www.tenable.com/plugins/nessus/105649", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3516-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105649);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"USN\", value:\"3516-1\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : firefox vulnerabilities (USN-3516-1) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that speculative execution performed by modern CPUs\ncould leak information through a timing side-channel attack, and that\nthis could be exploited in web browser JavaScript engines. If a user\nwere tricked in to opening a specially crafted website, an attacker\ncould potentially exploit this to obtain sensitive information from\nother domains, bypassing same-origin restrictions. (CVE-2017-5715,\nCVE-2017-5753, CVE-2017-5754).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3516-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected firefox package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:firefox\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/08\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|17\\.04|17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 17.04 / 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"firefox\", pkgver:\"57.0.4+build1-0ubuntu0.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"firefox\", pkgver:\"57.0.4+build1-0ubuntu0.16.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"firefox\", pkgver:\"57.0.4+build1-0ubuntu0.17.04.1\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"firefox\", pkgver:\"57.0.4+build1-0ubuntu0.17.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"firefox\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:53", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-05T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2018:0007) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2018-0007.NASL", "href": "https://www.tenable.com/plugins/nessus/105588", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0007 and \n# CentOS Errata and Security Advisory 2018:0007 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105588);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"RHSA\", value:\"2018:0007\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2018:0007) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization). There are three primary\nvariants of the issue which differ in the way the speculative\nexecution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software\nmitigation for this hardware issue at a cost of potential performance\npenalty. Please refer to References section for further information\nabout this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing\na bounds-check bypass. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing\nbranch target injection. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall and\nguest/host boundaries and read privileged memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction\npermission faults, exception generation triggered by a faulting access\nis suppressed until the retirement of the whole instruction block. In\na combination with the fact that memory accesses may populate the\ncache even when the block is being dropped and never committed\n(executed), an unprivileged local attacker could use this flaw to read\nprivileged (kernel space) memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64\nmicroprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these\nissues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2018-January/022696.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4d13bf81\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5715\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/05\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-693.11.6.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-693.11.6.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-693.11.6.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-693.11.6.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-693.11.6.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-693.11.6.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-693.11.6.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-693.11.6.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-693.11.6.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-693.11.6.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-693.11.6.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-693.11.6.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:53", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform.\n\n - CVE-2017-5753 / 'Spectre Attack': IBM Z fixes were included but not enabled in the previous update. This update enables those fixes.\n\n - CVE-2017-5715 / 'Spectre Attack': IBM Z fixes were already included in the previous update. A bugfix for the patches has been applied on top.\n\n - CVE-2017-5754: The IBM Z architecture is not affected by the 'Meltdown' attack.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-18T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0113-1) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0113-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106127", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0113-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106127);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/09/10 13:51:46\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0113-1) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various\nsecurity and bugfixes. This update is only provided as a fix update\nfor IBM Z platform.\n\n - CVE-2017-5753 / 'Spectre Attack': IBM Z fixes were\n included but not enabled in the previous update. This\n update enables those fixes.\n\n - CVE-2017-5715 / 'Spectre Attack': IBM Z fixes were\n already included in the previous update. A bugfix for\n the patches has been applied on top.\n\n - CVE-2017-5754: The IBM Z architecture is not affected by\n the 'Meltdown' attack.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5715/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5753/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180113-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?29f26de4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-80=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-80=1\n\nSUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch\nSUSE-SLE-HA-12-SP3-2018-80=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"s390x\") audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-4.4.103-94.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-base-4.4.103-94.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-base-debuginfo-4.4.103-94.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-debuginfo-4.4.103-94.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-debugsource-4.4.103-94.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-devel-4.4.103-94.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.103-94.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-syms-4.4.103-94.6.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:53", "description": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-25T00:00:00", "type": "nessus", "title": "AIX 7.2 TL 1 : spectre_meltdown (IJ03035) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-04-05T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.2"], "id": "AIX_IJ03035.NASL", "href": "https://www.tenable.com/plugins/nessus/106315", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory spectre_meltdown_advisory.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106315);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"AIX 7.2 TL 1 : spectre_meltdown (IJ03035) (Meltdown) (Spectre)\");\n script_summary(english:\"Check for APAR IJ03035\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Systems with microprocessors utilizing speculative execution and indirect\nbranch prediction may allow unauthorized disclosure of information to an\nattacker with local user access via a side-channel analysis.\"\n );\n # http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0ecfba9a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5715\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"former\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.2\", ml:\"01\", sp:\"01\", patch:\"(IJ03035m1a)\", package:\"bos.mp64\", minfilesetver:\"7.2.1.0\", maxfilesetver:\"7.2.1.1\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"01\", sp:\"01\", patch:\"(IJ03035m1b)\", package:\"bos.mp64\", minfilesetver:\"7.2.1.2\", maxfilesetver:\"7.2.1.4\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"01\", sp:\"02\", patch:\"(IJ03035m2a|IJ05820m2a)\", package:\"bos.mp64\", minfilesetver:\"7.2.1.0\", maxfilesetver:\"7.2.1.4\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"01\", sp:\"03\", patch:\"(IJ03035m3a|IJ05820m3a)\", package:\"bos.mp64\", minfilesetver:\"7.2.1.0\", maxfilesetver:\"7.2.1.4\") < 0) flag++;\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:54", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The recent speculative execution CVEs address three potential attacks across a wide variety of architectures and hardware platforms.\n\n - Note: This issue is present in hardware and cannot be fully fixed via software update. The nature of these vulnerabilities and their fixes introduces the possibility of reduced performance on patched systems.\n The performance impact depends on the hardware and the applications in place.\n\n - The first two variants abuse speculative execution to perform bounds-check bypass (CVE-2017-5753), or by utilizing branch target injection (CVE-2017-5715) to cause kernel code at an address under attacker control to execute speculatively. Collectively these are known as 'Spectre'.\n\n - Variant CVE-2017-5715 fixes require CPU microcode to update.And advise to contact hardware vendors to receive the appropriate microcode for your processor.\n\n - The third variant (CVE-2017-5754) relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block.\n Researchers have called this exploit 'Meltdown'.\n\n - Note: Upgrade and performance specifications,please see http://developer.huawei.com/ict/en/performance_update\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debug-devel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1001.NASL", "href": "https://www.tenable.com/plugins/nessus/105618", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105618);\n script_version(\"3.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-5715\",\n \"CVE-2017-5753\",\n \"CVE-2017-5754\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1001)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The recent speculative execution CVEs address three\n potential attacks across a wide variety of\n architectures and hardware platforms.\n\n - Note: This issue is present in hardware and cannot be\n fully fixed via software update. The nature of these\n vulnerabilities and their fixes introduces the\n possibility of reduced performance on patched systems.\n The performance impact depends on the hardware and the\n applications in place.\n\n - The first two variants abuse speculative execution to\n perform bounds-check bypass (CVE-2017-5753), or by\n utilizing branch target injection (CVE-2017-5715) to\n cause kernel code at an address under attacker control\n to execute speculatively. Collectively these are known\n as 'Spectre'.\n\n - Variant CVE-2017-5715 fixes require CPU microcode to\n update.And advise to contact hardware vendors to\n receive the appropriate microcode for your processor.\n\n - The third variant (CVE-2017-5754) relies on the fact\n that, on impacted microprocessors, during speculative\n execution of instruction permission faults, exception\n generation triggered by a faulting access is suppressed\n until the retirement of the whole instruction block.\n Researchers have called this exploit 'Meltdown'.\n\n - Note: Upgrade and performance specifications,please see\n http://developer.huawei.com/ict/en/performance_update\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1001\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ee978ad0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.59.59.46.h44\",\n \"kernel-debug-3.10.0-327.59.59.46.h44\",\n \"kernel-debug-devel-3.10.0-327.59.59.46.h44\",\n \"kernel-debuginfo-3.10.0-327.59.59.46.h44\",\n \"kernel-debuginfo-common-x86_64-3.10.0-327.59.59.46.h44\",\n \"kernel-devel-3.10.0-327.59.59.46.h44\",\n \"kernel-headers-3.10.0-327.59.59.46.h44\",\n \"kernel-tools-3.10.0-327.59.59.46.h44\",\n \"kernel-tools-libs-3.10.0-327.59.59.46.h44\",\n \"perf-3.10.0-327.59.59.46.h44\",\n \"python-perf-3.10.0-327.59.59.46.h44\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:54", "description": "Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures.\n(CVE-2017-5715, CVE-2017-5753)\n\nUSN-3522-1 mitigated CVE-2017-5754 (Meltdown) for the amd64 architecture in Ubuntu 16.04 LTS. This update provides the corresponding mitigations for the ppc64el architecture. Original advisory details :\n\nJann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-23T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux, linux-aws, linux-euclid vulnerabilities (USN-3540-1) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-euclid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-euclid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3540-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106268", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3540-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106268);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"USN\", value:\"3540-1\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux, linux-aws, linux-euclid vulnerabilities (USN-3540-1) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jann Horn discovered that microprocessors utilizing speculative\nexecution and branch prediction may allow unauthorized memory reads\nvia sidechannel attacks. This flaw is known as Spectre. A local\nattacker could use this to expose sensitive information, including\nkernel memory. This update provides mitigations for the i386\n(CVE-2017-5753 only), amd64, ppc64el, and s390x architectures.\n(CVE-2017-5715, CVE-2017-5753)\n\nUSN-3522-1 mitigated CVE-2017-5754 (Meltdown) for the amd64\narchitecture in Ubuntu 16.04 LTS. This update provides the\ncorresponding mitigations for the ppc64el architecture. Original\nadvisory details :\n\nJann Horn discovered that microprocessors utilizing speculative\nexecution and indirect branch prediction may allow unauthorized memory\nreads via sidechannel attacks. This flaw is known as Meltdown. A local\nattacker could use this to expose sensitive information, including\nkernel memory. (CVE-2017-5754).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3540-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-euclid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-euclid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3540-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1049-aws\", pkgver:\"4.4.0-1049.58\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-112-generic\", pkgver:\"4.4.0-112.135\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-112-generic-lpae\", pkgver:\"4.4.0-112.135\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-112-lowlatency\", pkgver:\"4.4.0-112.135\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-9023-euclid\", pkgver:\"4.4.0-9023.24\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1049.51\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-euclid\", pkgver:\"4.4.0.9023.24\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.112.118\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.112.118\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.112.118\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-euclid / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:54", "description": "An update for redhat-virtualization-host is now available for RHEV 4.X, RHEV-H, and Agents for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe ovirt-node-ng packages provide the Red Hat Virtualization Host.\nThese packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-09T00:00:00", "type": "nessus", "title": "RHEL 7 : redhat-virtualization-host (RHSA-2018:0047) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2018-0047.NASL", "href": "https://www.tenable.com/plugins/nessus/105678", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0047. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105678);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"RHSA\", value:\"2018:0047\");\n script_xref(name:\"IAVA\", value:\"2018-A-0017\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"RHEL 7 : redhat-virtualization-host (RHSA-2018:0047) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for redhat-virtualization-host is now available for RHEV\n4.X, RHEV-H, and Agents for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe ovirt-node-ng packages provide the Red Hat Virtualization Host.\nThese packages include redhat-release-virtualization-host, ovirt-node,\nand rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed\nusing a special build of Red Hat Enterprise Linux with only the\npackages required to host virtual machines. RHVH features a Cockpit\nuser interface for monitoring the host's resources and performing\nadministrative tasks.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization). There are three primary\nvariants of the issue which differ in the way the speculative\nexecution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software\nmitigation for this hardware issue at a cost of potential performance\npenalty. Please refer to References section for further information\nabout this issue and the performance impact.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing\na bounds-check bypass. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing\nbranch target injection. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall and\nguest/host boundaries and read privileged memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction\npermission faults, exception generation triggered by a faulting access\nis suppressed until the retirement of the whole instruction block. In\na combination with the fact that memory accesses may populate the\ncache even when the block is being dropped and never committed\n(executed), an unprivileged local attacker could use this flaw to read\nprivileged (kernel space) memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64\nmicroprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these\nissues.\"\n );\n # https://access.redhat.com/security/vulnerabilities/speculativeexecution\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?892ef523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/solutions/3307851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0047\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected redhat-virtualization-host-image-update package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0047\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"redhat-virtualization-host-image-update-4.1-20180102.3.el7_4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"redhat-virtualization-host-image-update\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:50:52", "description": "According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by multiple vulnerabilities.\n\nNote that Nessus has checked the changeset versions based on the xen.git change log. Nessus did not check guest hardware configurations or if patches were applied manually to the source code before a recompile and reinstall.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-02-20T00:00:00", "type": "nessus", "title": "Xen Multiple Vulnerabilities (Spectre) (Meltdown) (XSA-254)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-11-08T00:00:00", "cpe": ["cpe:/o:xen:xen"], "id": "XEN_SERVER_XSA-254.NASL", "href": "https://www.tenable.com/plugins/nessus/106902", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106902);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_bugtraq_id(102371, 102376, 102378);\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Xen Multiple Vulnerabilities (Spectre) (Meltdown) (XSA-254)\");\n script_summary(english:\"Checks 'xl info' output for the Xen hypervisor version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Xen hypervisor installation is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the Xen hypervisor\ninstalled on the remote host is affected by multiple vulnerabilities.\n\nNote that Nessus has checked the changeset versions based on the\nxen.git change log. Nessus did not check guest hardware configurations\nor if patches were applied manually to the source code before a\nrecompile and reinstall.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://xenbits.xen.org/xsa/advisory-254.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://xenbits.xen.org/gitweb/?p=xen.git;a=summary\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the vendor advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5754\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/20\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:xen:xen\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"xen_server_detect.nbin\");\n script_require_keys(\"installed_sw/Xen Hypervisor\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\napp_name = \"Xen Hypervisor\";\ninstall = get_single_install(app_name:app_name);\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nversion = install['version'];\ndisplay_version = install['display_version'];\npath = install['path'];\nmanaged_status = install['Managed status'];\nchangeset = install['Changeset'];\n\nif (!empty_or_null(changeset))\n display_version += \" (changeset \" + changeset + \")\";\n\n# Installations that are vendor-managed are handled by OS-specific local package checks\nif (managed_status == \"managed\")\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nfixes['4.6']['fixed_ver'] = '4.6.6';\nfixes['4.6']['fixed_ver_display'] = '4.6.6 (changeset 4d21549)';\nfixes['4.6']['affected_ver_regex'] = '^4\\\\.6\\\\.';\nfixes['4.6']['affected_changesets'] = make_list(\"ff4800c\", \"2613a1b\",\n \"8335c8a\", \"ab20c5c\", \"9089da9\", \"8edfc82\", \"af5b61a\", \"ec05090\",\n \"75263f7\", \"f7e273a\", \"03c7d2c\", \"9ce1a71\", \"a735c7a\", \"44ad7f6\",\n \"91dc902\", \"a065841\", \"c6e9e60\", \"f94c11d\", \"45ddc4e\", \"1ca93b7\",\n \"8c0c36e\", \"6e43623\", \"47d3e73\", \"ea80245\", \"37bb22b\", \"9b0c2a2\",\n \"8d3fe28\", \"be63d66\", \"9454e30\", \"aad5a67\", \"d8b0ebf\", \"f0208a4\",\n \"42b2c82\", \"57318e1\", \"9f22d72\", \"e0353b4\", \"76f1549\", \"9bac910\",\n \"c7a43e3\", \"913d4f8\", \"c5881c5\", \"b0239cd\", \"78fd0c3\", \"9079e0d\",\n \"1658a87\", \"22b6dfa\", \"a8cd231\", \"629eddd\", \"64c03bb\", \"b4660b4\",\n \"1ac8162\", \"747df3c\", \"5ae011e\", \"f974d32\", \"3300ad3\", \"d708b69\");\n\nfixes['4.7']['fixed_ver'] = '4.7.5';\nfixes['4.7']['fixed_ver_display'] = '4.7.5-pre (changeset e9220b4)';\nfixes['4.7']['affected_ver_regex'] = '^4\\\\.7\\\\.';\nfixes['4.7']['affected_changesets'] = make_list(\"f961688\", \"91f7e46\",\n \"f291c01\", \"3cf4e29\", \"8860219\", \"62a2624\", \"c3f8df3\", \"3877c02\",\n \"f0ed5f9\", \"160b53c\", \"e131309\", \"9ede1ac\", \"d0cfbe8\", \"d596e6a\",\n \"f50ea84\", \"de3bdaa\", \"766990b\", \"4ac0229\", \"bafd63f\", \"d5bb425\",\n \"003ec3e\", \"fd884d6\", \"50c68df\", \"1bdcc9f\", \"2914ef5\", \"62b9706\",\n \"624abdc\", \"d7b73ed\", \"112c49c\", \"a5b0fa4\", \"e19d0af\", \"e19517a\",\n \"9b76908\", \"46025e3\", \"0e6c6fc\", \"40c4410\", \"f3b76b6\", \"4c937e2\",\n \"2307798\", \"7089465\", \"375896d\", \"99474d1\", \"f407332\", \"1c58d74\",\n \"d02140f\", \"fae9dd5\", \"caae052\", \"c90b5c1\", \"5b1c9fe\", \"2e6775e\",\n \"f2d19fb\", \"0baeec6\", \"664433a\", \"b3dfadc\", \"8f14027\", \"1967ced\",\n \"c3ddeca\", \"b9c150e\", \"5a99156\", \"4f34d9f\", \"4133de7\", \"b3981ea\",\n \"184f259\", \"67966a9\", \"af3f585\");\n\nfixes['4.8']['fixed_ver'] = '4.8.4';\nfixes['4.8']['fixed_ver_display'] = '4.8.4-pre (changeset 532ccf4)';\nfixes['4.8']['affected_ver_regex'] = '^4\\\\.8\\\\.';\nfixes['4.8']['affected_changesets'] = make_list(\"da49e51\", \"ca9583d\",\n \"479b879\", \"2eefd92\", \"60c50f2\", \"1838e21\", \"5732a8e\", \"987b08d\",\n \"eadcd83\", \"ef2464c\", \"17bfbc8\", \"499391b\", \"87cb0e2\", \"393de92\");\n\nfixes['4.9']['fixed_ver'] = '4.9.2';\nfixes['4.9']['fixed_ver_display'] = '4.9.2-pre (changeset 7648049)';\nfixes['4.9']['affected_ver_regex'] = '^4\\\\.9\\\\.';\nfixes['4.9']['affected_changesets'] = make_list(\"602633e\", \"6fef46d\",\n \"30b9929\", \"447dce8\", \"29df8a5\", \"6403b50\", \"628b6af\", \"237a58b\",\n \"f0f7ce5\", \"d6e9725\", \"9aaa208\", \"40f9ae9\", \"ade9554\", \"a0ed034\",\n \"4d01dbc\", \"22379b6\", \"6e13ad7\", \"0d32237\", \"4ba59bd\", \"2997c5e\",\n \"751c879\", \"a2567d6\", \"9f79e8d\", \"fba48ef\", \"3790833\", \"50450c1\",\n \"2ec7ccb\", \"dc7d465\", \"1e09746\", \"87ea781\", \"96990e2\", \"2213ffe\",\n \"c3774d1\", \"f559d50\", \"f877aab\", \"0c3d524\", \"4d190d7\", \"a4a4abf\",\n \"432f715\", \"389df4f\", \"d6fe186\", \"6a39a56\", \"d9ade82\", \"c09e166\",\n \"df6db6c\", \"986fcb8\", \"da8c866\", \"47a7e3b\", \"57205c4\", \"09d7c30\",\n \"8edff60\", \"fe1147d\", \"78c61ba\", \"c9afe26\", \"4bd6306\", \"a20f838\",\n \"984bb18\", \"1b0029c\", \"32e364c\", \"d3db9e3\", \"c553285\", \"6260c47\",\n \"d1cca07\", \"0a0dcdc\", \"fb51cab\", \"61c13ed\", \"52ad651\");\n\nfixes['4.10']['fixed_ver'] = '4.10.1';\nfixes['4.10']['fixed_ver_display'] = '4.10.1-pre (changeset 65ee6e0)';\nfixes['4.10']['affected_ver_regex'] = '^4\\\\.10\\\\.';\nfixes['4.10']['affected_changesets'] = make_list(\"129880d\", \"c513244\",\n \"0e12c2c\", \"6aaf353\", \"32babfc\", \"47bbcb2\", \"8743fc2\", \"1830b20\",\n \"ab95cb0\", \"d02ef3d\", \"e32f814\", \"c534ab4\", \"be3138b\", \"79012ea\",\n \"bbd093c\", \"a69a8b5\", \"f167ebf\", \"c4c0187\", \"19ad8a7\", \"3caf32c\",\n \"df7be94\", \"f379b70\", \"728fadb\", \"9281129\", \"cae6e15\", \"d1f4283\",\n \"0f7a4fa\", \"b829d42\", \"7cccd6f\", \"234f481\", \"57dc197\", \"7209b8b\",\n \"910dd00\", \"50d24b9\", \"c89c622\", \"3b8d88d\", \"cdb1fb4\", \"a401864\",\n \"a87ec48\", \"9dc5eda\", \"135b67e\", \"682a9d8\", \"19dcd8e\", \"e5364c3\",\n \"e2dc7b5\", \"c8f4f45\", \"4150501\", \"ab7be6c\", \"f3fb667\");\n\nfix = NULL;\nforeach ver_branch (keys(fixes))\n{\n if (version =~ fixes[ver_branch]['affected_ver_regex'])\n {\n ret = ver_compare(ver:version, fix:fixes[ver_branch]['fixed_ver']);\n if (ret < 0)\n fix = fixes[ver_branch]['fixed_ver_display'];\n else if (ret == 0)\n {\n if (empty_or_null(changeset))\n fix = fixes[ver_branch]['fixed_ver_display'];\n else\n foreach affected_changeset (fixes[ver_branch]['affected_changesets'])\n if (changeset == affected_changeset)\n fix = fixes[ver_branch]['fixed_ver_display'];\n }\n }\n}\n\nif (empty_or_null(fix))\n audit(AUDIT_INST_PATH_NOT_VULN, app_name, display_version, path);\n\nitems = make_array(\n \"Installed version\", display_version,\n \"Fixed version\", fix,\n \"Path\", path\n);\n\norder = make_list(\"Path\", \"Installed version\", \"Fixed version\");\nreport = report_items_str(report_items:items, ordered_fields:order) + '\\n';\n\nsecurity_report_v4(port:0, extra:report, severity:SECURITY_WARNING);\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:50:53", "description": "According to the versions of the cpupools / cpupools-features / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.\n\n - CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks.\n\n - CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-02-05T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : cpupools / cpupools-features / etc (VZA-2018-006)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:cpupools", "p-cpe:/a:virtuozzo:virtuozzo:cpupools-features", "p-cpe:/a:virtuozzo:virtuozzo:parallels-kernel-modules", "p-cpe:/a:virtuozzo:virtuozzo:parallels-reconfiguration", "p-cpe:/a:virtuozzo:virtuozzo:parallels-server", "p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bios", "p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release", "p-cpe:/a:virtuozzo:virtuozzo:parallels-server-cli", "p-cpe:/a:virtuozzo:virtuozzo:parallels-server-docs", "p-cpe:/a:virtuozzo:virtuozzo:parallels-server-efi", "p-cpe:/a:virtuozzo:virtuozzo:parallels-server-lib", "p-cpe:/a:virtuozzo:virtuozzo:parallels-server-transporter-agents", "p-cpe:/a:virtuozzo:virtuozzo:parallels-server-vi-cli", "p-cpe:/a:virtuozzo:virtuozzo:parallels-server-vmm", "p-cpe:/a:virtuozzo:virtuozzo:parallels-server-vncserver", "p-cpe:/a:virtuozzo:virtuozzo:parallels-server-vzvncserver", "p-cpe:/a:virtuozzo:virtuozzo:parallels-virtualization-sdk", "p-cpe:/a:virtuozzo:virtuozzo:parallels-virtualization-sdk-devel", "p-cpe:/a:virtuozzo:virtuozzo:parallels-virtualization-sdk-docs", "p-cpe:/a:virtuozzo:virtuozzo:parallels-web", "p-cpe:/a:virtuozzo:virtuozzo:python-parallels-virtualization-sdk", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZA-2018-006.NASL", "href": "https://www.tenable.com/plugins/nessus/106587", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106587);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-5715\",\n \"CVE-2017-5753\",\n \"CVE-2017-5754\"\n );\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Virtuozzo 6 : cpupools / cpupools-features / etc (VZA-2018-006)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the cpupools / cpupools-features / etc\npackages installed, the Virtuozzo installation on the remote host is\naffected by the following vulnerabilities :\n\n - CVE-2017-5715 triggers the speculative execution by\n utilizing branch target injection. It relies on the\n presence of a precisely-defined instruction sequence in\n the privileged code as well as the fact that memory\n accesses may cause allocation into the microprocessor's\n data cache even for speculatively executed instructions\n that never actually commit (retire). As a result, an\n unprivileged attacker could use this flaw to cross the\n syscall and guest/host boundaries and read privileged\n memory by conducting targeted cache side-channel\n attacks.\n\n - CVE-2017-5753 triggers the speculative execution by\n performing a bounds-check bypass. It relies on the\n presence of a precisely-defined instruction sequence in\n the privileged code as well as the fact that memory\n accesses may cause allocation into the microprocessor's\n data cache even for speculatively executed instructions\n that never actually commit (retire). As a result, an\n unprivileged attacker could use this flaw to cross the\n syscall boundary and read privileged memory by\n conducting targeted cache side-channel attacks.\n\n - CVE-2017-5754 relies on the fact that, on impacted\n microprocessors, during speculative execution of\n instruction permission faults, exception generation\n triggered by a faulting access is suppressed until the\n retirement of the whole instruction block. In a\n combination with the fact that memory accesses may\n populate the cache even when the block is being dropped\n and never committed (executed), an unprivileged local\n attacker could use this flaw to read privileged (kernel\n space) memory by conducting targeted cache side-channel\n attacks.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2919912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2018:0008\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cpupools / cpupools-features / etc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:cpupools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:cpupools-features\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-reconfiguration\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bios\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-lib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-transporter-agents\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-vi-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-vmm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-vncserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-vzvncserver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-virtualization-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-virtualization-sdk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-virtualization-sdk-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-web\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:python-parallels-virtualization-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"cpupools-6.0.12-47\",\n \"cpupools-features-6.0.12-47\",\n \"parallels-kernel-modules-6.12.26076.1233086-1.el6\",\n \"parallels-reconfiguration-6.12.26076.1233086-1\",\n \"parallels-server-6.12.26076.1233086-1.el6\",\n \"parallels-server-bios-6.12.26076.1233086-1.el6\",\n \"parallels-server-bm-release-6.0.12-3698\",\n \"parallels-server-cli-6.12.26076.1233086-1.el6\",\n \"parallels-server-docs-6.12.26076.1233086-1.el6.el6\",\n \"parallels-server-efi-6.12.26076.1233086-1.el6\",\n \"parallels-server-lib-6.12.26076.1233086-1.el6\",\n \"parallels-server-transporter-agents-6.12.26076.1233086-1.el6\",\n \"parallels-server-vi-cli-6.12.26076.1233086-1.el6\",\n \"parallels-server-vmm-6.12.26076.1233086-1.el6\",\n \"parallels-server-vncserver-6.12.26076.1233086-1.el6\",\n \"parallels-server-vzvncserver-6.12.26076.1233086-1.el6\",\n \"parallels-virtualization-sdk-6.12.26076.1233086-1.el6\",\n \"parallels-virtualization-sdk-devel-6.12.26076.1233086-1.el6\",\n \"parallels-virtualization-sdk-docs-6.12.26076.1233086-1.el6\",\n \"parallels-web-6.12.26076.1233086-1\",\n \"python-parallels-virtualization-sdk-6.12.26076.1233086-1.el6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cpupools / cpupools-features / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:46:56", "description": "According to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.\n\n - CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks.\n\n - CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-08T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2018-002)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZA-2018-002.NASL", "href": "https://www.tenable.com/plugins/nessus/105619", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105619);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-5715\",\n \"CVE-2017-5753\",\n \"CVE-2017-5754\"\n );\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2018-002)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the parallels-server-bm-release /\nvzkernel / etc packages installed, the Virtuozzo installation on the\nremote host is affected by the following vulnerabilities :\n\n - CVE-2017-5715 triggers the speculative execution by\n utilizing branch target injection. It relies on the\n presence of a precisely-defined instruction sequence in\n the privileged code as well as the fact that memory\n accesses may cause allocation into the microprocessor's\n data cache even for speculatively executed instructions\n that never actually commit (retire). As a result, an\n unprivileged attacker could use this flaw to cross the\n syscall and guest/host boundaries and read privileged\n memory by conducting targeted cache side-channel\n attacks.\n\n - CVE-2017-5753 triggers the speculative execution by\n performing a bounds-check bypass. It relies on the\n presence of a precisely-defined instruction sequence in\n the privileged code as well as the fact that memory\n accesses may cause allocation into the microprocessor's\n data cache even for speculatively executed instructions\n that never actually commit (retire). As a result, an\n unprivileged attacker could use this flaw to cross the\n syscall boundary and read privileged memory by\n conducting targeted cache side-channel attacks.\n\n - CVE-2017-5754 relies on the fact that, on impacted\n microprocessors, during speculative execution of\n instruction permission faults, exception generation\n triggered by a faulting access is suppressed until the\n retirement of the whole instruction block. In a\n combination with the fact that memory accesses may\n populate the cache even when the block is being dropped\n and never committed (executed), an unprivileged local\n attacker could use this flaw to read privileged (kernel\n space) memory by conducting targeted cache side-channel\n attacks.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2914057\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2018:0008\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected parallels-server-bm-release / vzkernel / etc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"parallels-server-bm-release-6.0.12-3690\",\n \"vzkernel-2.6.32-042stab127.2\",\n \"vzkernel-devel-2.6.32-042stab127.2\",\n \"vzkernel-firmware-2.6.32-042stab127.2\",\n \"vzmodules-2.6.32-042stab127.2\",\n \"vzmodules-devel-2.6.32-042stab127.2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"parallels-server-bm-release / vzkernel / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:46:57", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform.\n\n - CVE-2017-5753 / 'Spectre Attack': IBM Z fixes were included but not enabled in the previous update. This update enables those fixes.\n\n - CVE-2017-5715 / 'Spectre Attack': IBM Z fixes were already included in the previous update. A bugfix for the patches has been applied on top.\n\n - CVE-2017-5754: The IBM Z architecture is not affected by the 'Meltdown' attack.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-19T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0131-1) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-0131-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106185", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0131-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106185);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0131-1) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\nsecurity and bugfixes. This update is only provided as a fix update\nfor IBM Z platform.\n\n - CVE-2017-5753 / 'Spectre Attack': IBM Z fixes were\n included but not enabled in the previous update. This\n update enables those fixes.\n\n - CVE-2017-5715 / 'Spectre Attack': IBM Z fixes were\n already included in the previous update. A bugfix for\n the patches has been applied on top.\n\n - CVE-2017-5754: The IBM Z architecture is not affected by\n the 'Meltdown' attack.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5715/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5753/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180131-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d747b36d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-kernel-20180111-13421=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-kernel-20180111-13421=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch\nslexsp3-kernel-20180111-13421=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-kernel-20180111-13421=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"s390x\") audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-3.0.101-108.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-base-3.0.101-108.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-devel-3.0.101-108.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-108.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-source-3.0.101-108.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-syms-3.0.101-108.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-trace-3.0.101-108.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-trace-base-3.0.101-108.24.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-trace-devel-3.0.101-108.24.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:47:10", "description": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-25T00:00:00", "type": "nessus", "title": "AIX 5.3 TL 12 : spectre_meltdown (IJ03029) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-04-05T00:00:00", "cpe": ["cpe:/o:ibm:aix:5.3"], "id": "AIX_IJ03029.NASL", "href": "https://www.tenable.com/plugins/nessus/106310", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory spectre_meltdown_advisory.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106310);\n script_version(\"3.12\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"AIX 5.3 TL 12 : spectre_meltdown (IJ03029) (Meltdown) (Spectre)\");\n script_summary(english:\"Check for APAR IJ03029\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Systems with microprocessors utilizing speculative execution and indirect\nbranch prediction may allow unauthorized disclosure of information to an\nattacker with local user access via a side-channel analysis.\"\n );\n # http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0ecfba9a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5715\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:5.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"former\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"5.3\", ml:\"12\", sp:\"09\", patch:\"IJ03029m9c\", package:\"bos.mp\", minfilesetver:\"5.3.12.0\", maxfilesetver:\"5.3.12.9\") < 0) flag++;\nif (aix_check_ifix(release:\"5.3\", ml:\"12\", sp:\"09\", patch:\"(IJ03029m9a|IJ05826m9b)\", package:\"bos.mp64\", minfilesetver:\"5.3.12.0\", maxfilesetver:\"5.3.12.9\") < 0) flag++;\nif (aix_check_ifix(release:\"5.3\", ml:\"12\", sp:\"09\", patch:\"(IJ03029m9b|IJ05826m9b)\", package:\"bos.mp64\", minfilesetver:\"5.3.12.10\", maxfilesetver:\"5.3.12.10\") < 0) flag++;\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:22", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 23rd January 2019] The text has been updated to correct the list of architectures addressed by the CVE-2017-5753 mitigation. No changes have been made to the packages.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update, mitigations for x86 (CVE-2017-5753) and x86-64 (CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754) architectures are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-05T00:00:00", "type": "nessus", "title": "CentOS 6 : kernel (CESA-2018:0008) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-firmware", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2018-0008.NASL", "href": "https://www.tenable.com/plugins/nessus/105589", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0008 and \n# CentOS Errata and Security Advisory 2018:0008 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105589);\n script_version(\"3.15\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"RHSA\", value:\"2018:0008\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"CentOS 6 : kernel (CESA-2018:0008) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 23rd January 2019] The text has been updated to correct the\nlist of architectures addressed by the CVE-2017-5753 mitigation. No\nchanges have been made to the packages.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization). There are three primary\nvariants of the issue which differ in the way the speculative\nexecution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software\nmitigation for this hardware issue at a cost of potential performance\npenalty. Please refer to References section for further information\nabout this issue and the performance impact.\n\nIn this update, mitigations for x86 (CVE-2017-5753) and x86-64\n(CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754) architectures are\nprovided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing\na bounds-check bypass. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing\nbranch target injection. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall and\nguest/host boundaries and read privileged memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction\npermission faults, exception generation triggered by a faulting access\nis suppressed until the retirement of the whole instruction block. In\na combination with the fact that memory accesses may populate the\ncache even when the block is being dropped and never committed\n(executed), an unprivileged local attacker could use this flaw to read\nprivileged (kernel space) memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64\nmicroprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these\nissues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2018-January/022701.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fb3faecb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5715\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/05\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-abi-whitelists-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-devel-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-devel-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-doc-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-firmware-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-headers-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perf-2.6.32-696.18.7.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-perf-2.6.32-696.18.7.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:22", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.3 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-04T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2018:0009) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7.3"], "id": "REDHAT-RHSA-2018-0009.NASL", "href": "https://www.tenable.com/plugins/nessus/105525", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0009. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105525);\n script_version(\"3.18\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"RHSA\", value:\"2018:0009\");\n script_xref(name:\"IAVA\", value:\"2018-A-0017\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2018:0009) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.3\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization). There are three primary\nvariants of the issue which differ in the way the speculative\nexecution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software\nmitigation for this hardware issue at a cost of potential performance\npenalty. Please refer to References section for further information\nabout this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing\na bounds-check bypass. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing\nbranch target injection. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall and\nguest/host boundaries and read privileged memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction\npermission faults, exception generation triggered by a faulting access\nis suppressed until the retirement of the whole instruction block. In\na combination with the fact that memory accesses may populate the\ncache even when the block is being dropped and never committed\n(executed), an unprivileged local attacker could use this flaw to read\nprivileged (kernel space) memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64\nmicroprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these\nissues.\"\n );\n # https://access.redhat.com/security/vulnerabilities/speculativeexecution\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?892ef523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0009\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.3\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:0009\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0009\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", reference:\"kernel-abi-whitelists-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", reference:\"kernel-doc-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"perf-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"python-perf-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-514.36.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-514.36.5.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:23", "description": "An update for kernel-rt is now available for Red Hat Enterprise MRG 2.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-09T00:00:00", "type": "nessus", "title": "RHEL 6 : MRG (RHSA-2018:0021) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-0021.NASL", "href": "https://www.tenable.com/plugins/nessus/105672", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0021. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105672);\n script_version(\"3.16\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"RHSA\", value:\"2018:0021\");\n script_xref(name:\"IAVA\", value:\"2018-A-0017\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"RHEL 6 : MRG (RHSA-2018:0021) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise MRG 2.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization). There are three primary\nvariants of the issue which differ in the way the speculative\nexecution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software\nmitigation for this hardware issue at a cost of potential performance\npenalty. Please refer to References section for further information\nabout this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing\na bounds-check bypass. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing\nbranch target injection. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall and\nguest/host boundaries and read privileged memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction\npermission faults, exception generation triggered by a faulting access\nis suppressed until the retirement of the whole instruction block. In\na combination with the fact that memory accesses may populate the\ncache even when the block is being dropped and never committed\n(executed), an unprivileged local attacker could use this flaw to read\nprivileged (kernel space) memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64\nmicroprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these\nissues.\"\n );\n # https://access.redhat.com/security/vulnerabilities/speculativeexecution\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?892ef523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0021\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:0021\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0021\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n\n if (! (rpm_exists(release:\"RHEL6\", rpm:\"mrg-release\"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, \"MRG\");\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-693.11.1.rt56.606.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-693.11.1.rt56.606.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-693.11.1.rt56.606.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-693.11.1.rt56.606.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-693.11.1.rt56.606.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-693.11.1.rt56.606.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-693.11.1.rt56.606.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-doc-3.10.0-693.11.1.rt56.606.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-rt-firmware-3.10.0-693.11.1.rt56.606.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-693.11.1.rt56.606.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-693.11.1.rt56.606.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-693.11.1.rt56.606.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-3.10.0-693.11.1.rt56.606.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-debuginfo-3.10.0-693.11.1.rt56.606.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-rt-vanilla-devel-3.10.0-693.11.1.rt56.606.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:24", "description": "An update for rhev-hypervisor7 is now available for RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 6 and RHEV 3.X Hypervisor and Agents for Red Hat Enterprise Linux 7 ELS.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe rhev-hypervisor7 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-09T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : rhev-hypervisor7 (RHSA-2018:0046) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor7", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2018-0046.NASL", "href": "https://www.tenable.com/plugins/nessus/105677", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0046. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105677);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"RHSA\", value:\"2018:0046\");\n script_xref(name:\"IAVA\", value:\"2018-A-0017\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"RHEL 6 / 7 : rhev-hypervisor7 (RHSA-2018:0046) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for rhev-hypervisor7 is now available for RHEV 3.X\nHypervisor and Agents for Red Hat Enterprise Linux 6 and RHEV 3.X\nHypervisor and Agents for Red Hat Enterprise Linux 7 ELS.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe rhev-hypervisor7 package provides a Red Hat Enterprise\nVirtualization Hypervisor ISO disk image. The Red Hat Enterprise\nVirtualization Hypervisor is a dedicated Kernel-based Virtual Machine\n(KVM) hypervisor. It includes everything necessary to run and manage\nvirtual machines: A subset of the Red Hat Enterprise Linux operating\nenvironment and the Red Hat Enterprise Virtualization Agent.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization). There are three primary\nvariants of the issue which differ in the way the speculative\nexecution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software\nmitigation for this hardware issue at a cost of potential performance\npenalty. Please refer to References section for further information\nabout this issue and the performance impact.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing\na bounds-check bypass. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing\nbranch target injection. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall and\nguest/host boundaries and read privileged memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction\npermission faults, exception generation triggered by a faulting access\nis suppressed until the retirement of the whole instruction block. In\na combination with the fact that memory accesses may populate the\ncache even when the block is being dropped and never committed\n(executed), an unprivileged local attacker could use this flaw to read\nprivileged (kernel space) memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64\nmicroprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these\nissues.\"\n );\n # https://access.redhat.com/security/vulnerabilities/speculativeexecution\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?892ef523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/solutions/3307851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0046\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rhev-hypervisor7 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0046\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"rhev-hypervisor7-7.3-20180102.1.el6\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"rhev-hypervisor7-7.3-20180102.1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhev-hypervisor7\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:24", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The recent speculative execution CVEs address three potential attacks across a wide variety of architectures and hardware platforms.\n\n - Note: This issue is present in hardware and cannot be fully fixed via software update. The nature of these vulnerabilities and their fixes introduces the possibility of reduced performance on patched systems.\n The performance impact depends on the hardware and the applications in place.\n\n - The first two variants abuse speculative execution to perform bounds-check bypass (CVE-2017-5753), or by utilizing branch target injection (CVE-2017-5715) to cause kernel code at an address under attacker control to execute speculatively. Collectively these are known as 'Spectre'.\n\n - Variant CVE-2017-5715 fixes require CPU microcode to update.And advise to contact hardware vendors to receive the appropriate microcode for your processor.\n\n - The third variant (CVE-2017-5754) relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block.\n Researchers have called this exploit 'Meltdown'.\n\n - Note: Upgrade and performance specifications,please see http://developer.huawei.com/ict/en/performance_update_2 .1\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : kernel (EulerOS-SA-2018-1002)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1002.NASL", "href": "https://www.tenable.com/plugins/nessus/105655", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105655);\n script_version(\"3.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-5715\",\n \"CVE-2017-5753\",\n \"CVE-2017-5754\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2018-1002)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The recent speculative execution CVEs address three\n potential attacks across a wide variety of\n architectures and hardware platforms.\n\n - Note: This issue is present in hardware and cannot be\n fully fixed via software update. The nature of these\n vulnerabilities and their fixes introduces the\n possibility of reduced performance on patched systems.\n The performance impact depends on the hardware and the\n applications in place.\n\n - The first two variants abuse speculative execution to\n perform bounds-check bypass (CVE-2017-5753), or by\n utilizing branch target injection (CVE-2017-5715) to\n cause kernel code at an address under attacker control\n to execute speculatively. Collectively these are known\n as 'Spectre'.\n\n - Variant CVE-2017-5715 fixes require CPU microcode to\n update.And advise to contact hardware vendors to\n receive the appropriate microcode for your processor.\n\n - The third variant (CVE-2017-5754) relies on the fact\n that, on impacted microprocessors, during speculative\n execution of instruction permission faults, exception\n generation triggered by a faulting access is suppressed\n until the retirement of the whole instruction block.\n Researchers have called this exploit 'Meltdown'.\n\n - Note: Upgrade and performance specifications,please see\n http://developer.huawei.com/ict/en/performance_update_2\n .1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1002\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cc2522fe\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-229.49.1.170\",\n \"kernel-debug-3.10.0-229.49.1.170\",\n \"kernel-debuginfo-3.10.0-229.49.1.170\",\n \"kernel-debuginfo-common-x86_64-3.10.0-229.49.1.170\",\n \"kernel-devel-3.10.0-229.49.1.170\",\n \"kernel-headers-3.10.0-229.49.1.170\",\n \"kernel-tools-3.10.0-229.49.1.170\",\n \"kernel-tools-libs-3.10.0-229.49.1.170\",\n \"perf-3.10.0-229.49.1.170\",\n \"python-perf-3.10.0-229.49.1.170\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:46:51", "description": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-25T00:00:00", "type": "nessus", "title": "AIX 7.1 TL 5 : spectre_meltdown (IJ03033) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-04-05T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IJ03033.NASL", "href": "https://www.tenable.com/plugins/nessus/106313", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory spectre_meltdown_advisory.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106313);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n\n script_name(english:\"AIX 7.1 TL 5 : spectre_meltdown (IJ03033) (Meltdown) (Spectre)\");\n script_summary(english:\"Check for APAR IJ03033\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n \"Systems with microprocessors utilizing speculative execution and indirect\n branch prediction may allow unauthorized disclosure of information to an\n attacker with local user access via a side-channel analysis.\"\n );\n # http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0ecfba9a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5715\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"former\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"05\", sp:\"01\", patch:\"(IJ03033m1a|IJ05822m1a)\", package:\"bos.mp64\", minfilesetver:\"7.1.5.0\", maxfilesetver:\"7.1.5.0\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"05\", sp:\"00\", patch:\"(IJ03033m1a|IJ05822m1a)\", package:\"bos.mp64\", minfilesetver:\"7.1.5.0\", maxfilesetver:\"7.1.5.0\") < 0) flag++;\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_extra);\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:46:52", "description": "The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform.\n\n - CVE-2017-5753 / 'Spectre Attack': IBM Z fixes were included but not enabled in the previous update. This update enables those fixes.\n\n - CVE-2017-5715 / 'Spectre Attack': IBM Z fixes were already included in the previous update. A bugfix for the patches has been applied on top.\n\n - CVE-2017-5754: The IBM Z architecture is not affected by the 'Meltdown' attack.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-17T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0114-1) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0114-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106094", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0114-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106094);\n script_version(\"3.9\");\n script_cvs_date(\"Date: 2019/09/10 13:51:46\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0114-1) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive\nvarious security and bugfixes. This update is only provided as a fix\nupdate for IBM Z platform.\n\n - CVE-2017-5753 / 'Spectre Attack': IBM Z fixes were\n included but not enabled in the previous update. This\n update enables those fixes.\n\n - CVE-2017-5715 / 'Spectre Attack': IBM Z fixes were\n already included in the previous update. A bugfix for\n the patches has been applied on top.\n\n - CVE-2017-5754: The IBM Z architecture is not affected by\n the 'Meltdown' attack.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5715/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5753/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180114-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fbc58914\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-81=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/17\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"s390x\") audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-3.12.74-60.64.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-base-3.12.74-60.64.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-base-debuginfo-3.12.74-60.64.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-debuginfo-3.12.74-60.64.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-debugsource-3.12.74-60.64.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-devel-3.12.74-60.64.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.74-60.64.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-syms-3.12.74-60.64.72.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:46:52", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.3 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update initial mitigations for IBM Power (PowerPC) and IBM zSeries (S390) architectures are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important, PowerPC, S390)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important, S390)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important, PowerPC)\n\nRed Hat would like to thank Google Project Zero for reporting these issues.\n\nBug Fix(es) :\n\n* When attempting to reread parent blocks in btree traversal, the xfs code which deletes extended attributes from an inode assumed that the parent blocks were still on the cache. Under memory pressure and memory reclaim, such parent blocks were sometimes removed from the cache. Consequently, attempts to reread previously cached parent blocks caused the file system to read invalid memory. This update fixes xfs to reinitialize the pointer to the parent block buffers after the block has been reread. As a result, pointers to btree blocks now point to valid memory, and the kernel no longer crashes due to an invalid memory access. (BZ#1512811)\n\n* The write access check for huge pages did not function correctly on IBM z Systems. Consequently, if asynchronous I/O reads were used, buffers sometimes contained zeroes rather than data from a file, even when the io_getevents() system call reported that the associated read had finished successfully. This update fixes the write access check in the gup_huge_pmd () function in memory management, and read data is stored in asynchronous I /O buffers properly. (BZ#1513315)\n\n* With this update, the rule for iptables reloading has been optimized to complete faster. (BZ#1514040)", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-25T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2018:0182) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7.3"], "id": "REDHAT-RHSA-2018-0182.NASL", "href": "https://www.tenable.com/plugins/nessus/106335", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0182. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106335);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"RHSA\", value:\"2018:0182\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2018:0182) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.3\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization). There are three primary\nvariants of the issue which differ in the way the speculative\nexecution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software\nmitigation for this hardware issue at a cost of potential performance\npenalty. Please refer to References section for further information\nabout this issue and the performance impact.\n\nIn this update initial mitigations for IBM Power (PowerPC) and IBM\nzSeries (S390) architectures are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing\na bounds-check bypass. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5753, Important, PowerPC, S390)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing\nbranch target injection. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall and\nguest/host boundaries and read privileged memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5715, Important, S390)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction\npermission faults, exception generation triggered by a faulting access\nis suppressed until the retirement of the whole instruction block. In\na combination with the fact that memory accesses may populate the\ncache even when the block is being dropped and never committed\n(executed), an unprivileged local attacker could use this flaw to read\nprivileged (kernel space) memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5754, Important, PowerPC)\n\nRed Hat would like to thank Google Project Zero for reporting these\nissues.\n\nBug Fix(es) :\n\n* When attempting to reread parent blocks in btree traversal, the xfs\ncode which deletes extended attributes from an inode assumed that the\nparent blocks were still on the cache. Under memory pressure and\nmemory reclaim, such parent blocks were sometimes removed from the\ncache. Consequently, attempts to reread previously cached parent\nblocks caused the file system to read invalid memory. This update\nfixes xfs to reinitialize the pointer to the parent block buffers\nafter the block has been reread. As a result, pointers to btree blocks\nnow point to valid memory, and the kernel no longer crashes due to an\ninvalid memory access. (BZ#1512811)\n\n* The write access check for huge pages did not function correctly on\nIBM z Systems. Consequently, if asynchronous I/O reads were used,\nbuffers sometimes contained zeroes rather than data from a file, even\nwhen the io_getevents() system call reported that the associated read\nhad finished successfully. This update fixes the write access check in\nthe gup_huge_pmd () function in memory management, and read data is\nstored in asynchronous I /O buffers properly. (BZ#1513315)\n\n* With this update, the rule for iptables reloading has been optimized\nto complete faster. (BZ#1514040)\"\n );\n # https://access.redhat.com/security/vulnerabilities/speculativeexecution\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?892ef523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0182\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.3\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:0182\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0182\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", reference:\"kernel-abi-whitelists-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", reference:\"kernel-doc-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"perf-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"python-perf-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-514.41.1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"3\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-514.41.1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:46:53", "description": "An update for rhvm-appliance is now available for RHEV 4.X, RHEV-H, and Agents for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-09T00:00:00", "type": "nessus", "title": "RHEL 7 : rhvm-appliance (RHSA-2018:0045) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rhvm-appliance", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2018-0045.NASL", "href": "https://www.tenable.com/plugins/nessus/105676", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0045. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105676);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"RHSA\", value:\"2018:0045\");\n script_xref(name:\"IAVA\", value:\"2018-A-0017\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"RHEL 7 : rhvm-appliance (RHSA-2018:0045) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for rhvm-appliance is now available for RHEV 4.X, RHEV-H,\nand Agents for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe RHV-M Virtual Appliance automates the process of installing and\nconfiguring the Red Hat Virtualization Manager. The appliance is\navailable to download as an OVA file from the Customer Portal.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization). There are three primary\nvariants of the issue which differ in the way the speculative\nexecution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software\nmitigation for this hardware issue at a cost of potential performance\npenalty. Please refer to References section for further information\nabout this issue and the performance impact.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing\na bounds-check bypass. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing\nbranch target injection. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall and\nguest/host boundaries and read privileged memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction\npermission faults, exception generation triggered by a faulting access\nis suppressed until the retirement of the whole instruction block. In\na combination with the fact that memory accesses may populate the\ncache even when the block is being dropped and never committed\n(executed), an unprivileged local attacker could use this flaw to read\nprivileged (kernel space) memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64\nmicroprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these\nissues.\"\n );\n # https://access.redhat.com/security/vulnerabilities/speculativeexecution\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?892ef523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/solutions/3307851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0045\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rhvm-appliance package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rhvm-appliance\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0045\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"rhvm-appliance-4.1.20180103.0-1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rhvm-appliance\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:46:53", "description": "Jann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. This update provides mitigations for the i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures.\n(CVE-2017-5715, CVE-2017-5753)\n\nUSN-3523-1 mitigated CVE-2017-5754 (Meltdown) for the amd64 architecture in Ubuntu 17.10. This update provides the corresponding mitigations for the ppc64el architecture. \n\nJann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-23T00:00:00", "type": "nessus", "title": "Ubuntu 17.10 : linux vulnerabilities (USN-3541-1) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3541-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106270", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3541-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106270);\n script_version(\"3.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"USN\", value:\"3541-1\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Ubuntu 17.10 : linux vulnerabilities (USN-3541-1) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jann Horn discovered that microprocessors utilizing speculative\nexecution and branch prediction may allow unauthorized memory reads\nvia sidechannel attacks. This flaw is known as Spectre. A local\nattacker could use this to expose sensitive information, including\nkernel memory. This update provides mitigations for the i386\n(CVE-2017-5753 only), amd64, ppc64el, and s390x architectures.\n(CVE-2017-5715, CVE-2017-5753)\n\nUSN-3523-1 mitigated CVE-2017-5754 (Meltdown) for the amd64\narchitecture in Ubuntu 17.10. This update provides the corresponding\nmitigations for the ppc64el architecture. \n\nJann Horn discovered that microprocessors utilizing speculative\nexecution and indirect branch prediction may allow unauthorized memory\nreads via sidechannel attacks. This flaw is known as Meltdown. A local\nattacker could use this to expose sensitive information, including\nkernel memory. (CVE-2017-5754).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3541-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3541-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-4.13.0-31-generic\", pkgver:\"4.13.0-31.34\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-4.13.0-31-lowlatency\", pkgver:\"4.13.0-31.34\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-generic\", pkgver:\"4.13.0.31.33\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.13.0.31.33\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.13-generic / linux-image-4.13-lowlatency / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:46:54", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-04T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2018:0010) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7.2"], "id": "REDHAT-RHSA-2018-0010.NASL", "href": "https://www.tenable.com/plugins/nessus/105526", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0010. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105526);\n script_version(\"3.18\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"RHSA\", value:\"2018:0010\");\n script_xref(name:\"IAVA\", value:\"2018-A-0017\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2018:0010) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.2\nAdvanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended\nUpdate Support, and Red Hat Enterprise Linux 7.2 Update Services for\nSAP Solutions.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization). There are three primary\nvariants of the issue which differ in the way the speculative\nexecution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software\nmitigation for this hardware issue at a cost of potential performance\npenalty. Please refer to References section for further information\nabout this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing\na bounds-check bypass. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing\nbranch target injection. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall and\nguest/host boundaries and read privileged memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction\npermission faults, exception generation triggered by a faulting access\nis suppressed until the retirement of the whole instruction block. In\na combination with the fact that memory accesses may populate the\ncache even when the block is being dropped and never committed\n(executed), an unprivileged local attacker could use this flaw to read\nprivileged (kernel space) memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64\nmicroprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these\nissues.\"\n );\n # https://access.redhat.com/security/vulnerabilities/speculativeexecution\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?892ef523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0010\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7\\.2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.2\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:0010\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0010\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-3.10.0-327.62.4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", reference:\"kernel-abi-whitelists-3.10.0-327.62.4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-327.62.4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-327.62.4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-327.62.4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-327.62.4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-327.62.4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-327.62.4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", reference:\"kernel-doc-3.10.0-327.62.4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-327.62.4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-327.62.4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-327.62.4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-327.62.4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-327.62.4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"perf-3.10.0-327.62.4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-327.62.4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-327.62.4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", sp:\"2\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-327.62.4.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:49:33", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-04T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2018:0022) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6.5"], "id": "REDHAT-RHSA-2018-0022.NASL", "href": "https://www.tenable.com/plugins/nessus/105563", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0022. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105563);\n script_version(\"3.17\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"RHSA\", value:\"2018:0022\");\n script_xref(name:\"IAVA\", value:\"2018-A-0017\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2018:0022) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.5\nAdvanced Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization). There are three primary\nvariants of the issue which differ in the way the speculative\nexecution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software\nmitigation for this hardware issue at a cost of potential performance\npenalty. Please refer to References section for further information\nabout this issue and the performance impact.\n\nIn this update mitigations for x86-64 architecture are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing\na bounds-check bypass. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing\nbranch target injection. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall and\nguest/host boundaries and read privileged memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction\npermission faults, exception generation triggered by a faulting access\nis suppressed until the retirement of the whole instruction block. In\na combination with the fact that memory accesses may populate the\ncache even when the block is being dropped and never committed\n(executed), an unprivileged local attacker could use this flaw to read\nprivileged (kernel space) memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64\nmicroprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these\nissues.\"\n );\n # https://access.redhat.com/security/vulnerabilities/speculativeexecution\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?892ef523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0022\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6\\.5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.5\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:0022\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0022\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-2.6.32-431.85.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"kernel-abi-whitelists-2.6.32-431.85.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-431.85.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-431.85.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-431.85.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-431.85.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-431.85.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-431.85.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"kernel-doc-2.6.32-431.85.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", reference:\"kernel-firmware-2.6.32-431.85.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-431.85.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"perf-2.6.32-431.85.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-431.85.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-431.85.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"5\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-431.85.2.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:49:35", "description": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-25T00:00:00", "type": "nessus", "title": "AIX 7.2 TL 0 : spectre_meltdown (IJ03034) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-04-05T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.2"], "id": "AIX_IJ03034.NASL", "href": "https://www.tenable.com/plugins/nessus/106314", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory spectre_meltdown_advisory.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106314);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"AIX 7.2 TL 0 : spectre_meltdown (IJ03034) (Meltdown) (Spectre)\");\n script_summary(english:\"Check for APAR IJ03034\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Systems with microprocessors utilizing speculative execution and indirect\nbranch prediction may allow unauthorized disclosure of information to an\nattacker with local user access via a side-channel analysis.\"\n );\n # http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0ecfba9a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5715\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"former\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.2\", ml:\"00\", sp:\"03\", patch:\"IJ03034m3a\", package:\"bos.mp64\", minfilesetver:\"7.2.0.0\", maxfilesetver:\"7.2.0.5\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"00\", sp:\"04\", patch:\"(IJ03034m4a|IJ05821m4a)\", package:\"bos.mp64\", minfilesetver:\"7.2.0.0\", maxfilesetver:\"7.2.0.5\") < 0) flag++;\nif (aix_check_ifix(release:\"7.2\", ml:\"00\", sp:\"05\", patch:\"(IJ03034m5a|IJ05821m5a)\", package:\"bos.mp64\", minfilesetver:\"7.2.0.0\", maxfilesetver:\"7.2.0.5\") < 0) flag++;\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:50:23", "description": "An update for kernel is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update mitigations for IBM zSeries (S390) and x86-64 architectures are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important, S390 and x86-64)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important, S390)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important, x86-64)\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-02-28T00:00:00", "type": "nessus", "title": "RHEL 5 : kernel (RHSA-2018:0292) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-xen", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel", "cpe:/o:redhat:enterprise_linux:5"], "id": "REDHAT-RHSA-2018-0292.NASL", "href": "https://www.tenable.com/plugins/nessus/107058", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0292. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107058);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"RHSA\", value:\"2018:0292\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"RHEL 5 : kernel (RHSA-2018:0292) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 5\nExtended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es):\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization). There are three primary\nvariants of the issue which differ in the way the speculative\nexecution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software\nmitigation for this hardware issue at a cost of potential performance\npenalty. Please refer to References section for further information\nabout this issue and the performance impact.\n\nIn this update mitigations for IBM zSeries (S390) and x86-64\narchitectures are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing\na bounds-check bypass. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5753, Important, S390 and x86-64)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing\nbranch target injection. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall and\nguest/host boundaries and read privileged memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5715, Important, S390)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction\npermission faults, exception generation triggered by a faulting access\nis suppressed until the retirement of the whole instruction block. In\na combination with the fact that memory accesses may populate the\ncache even when the block is being dropped and never committed\n(executed), an unprivileged local attacker could use this flaw to read\nprivileged (kernel space) memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5754, Important, x86-64)\n\nRed Hat would like to thank Google Project Zero for reporting these\nissues.\");\n # https://access.redhat.com/security/vulnerabilities/speculativeexecution\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?892ef523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-5753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-5715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2017-5754\");\n script_set_attribute(attribute:\"see_also\", value:\"http://rhn.redhat.com/errata/RHSA-2018-0292.html\");\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/09\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/28\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo))\n{\n rhsa = \"RHSA-2018:0292\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report\n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", reference:\"kernel-doc-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"kernel-xen-devel-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-debuginfo-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-PAE-devel-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-debuginfo-common-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-devel-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"kernel-headers-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i686\", reference:\"kernel-xen-devel-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-devel-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-headers-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.18-426.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.18-426.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debug / kernel-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:49:29", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-0007 advisory.\n\n - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5715)\n\n - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5753)\n\n - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache. (CVE-2017-5754)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-05T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2018-0007)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2018-0007.NASL", "href": "https://www.tenable.com/plugins/nessus/105598", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-0007.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105598);\n script_version(\"3.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"RHSA\", value:\"2018:0007\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2018-0007)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2018-0007 advisory.\n\n - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow\n unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5715)\n\n - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized\n disclosure of information to an attacker with local user access via a side-channel analysis.\n (CVE-2017-5753)\n\n - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow\n unauthorized disclosure of information to an attacker with local user access via a side-channel analysis\n of the data cache. (CVE-2017-5754)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2018-0007.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5754\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-693.11.6.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2018-0007');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-3.10.0-693.11.6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-693.11.6.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-693.11.6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-693.11.6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-693.11.6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-693.11.6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-693.11.6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-693.11.6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-693.11.6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-693.11.6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-693.11.6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:49:30", "description": "The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. This update is only provided as a fix update for IBM Z platform.\n\n - CVE-2017-5753 / 'Spectre Attack': IBM Z fixes were included but not enabled in the previous update. This update enables those fixes.\n\n - CVE-2017-5715 / 'Spectre Attack': IBM Z fixes were already included in the previous update. A bugfix for the patches has been applied on top.\n\n - CVE-2017-5754: The IBM Z architecture is not affected by the 'Meltdown' attack.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-23T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0171-1) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-0171-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106260", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0171-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(106260);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0171-1) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive\nvarious security and bugfixes. This update is only provided as a fix\nupdate for IBM Z platform.\n\n - CVE-2017-5753 / 'Spectre Attack': IBM Z fixes were\n included but not enabled in the previous update. This\n update enables those fixes.\n\n - CVE-2017-5715 / 'Spectre Attack': IBM Z fixes were\n already included in the previous update. A bugfix for\n the patches has been applied on top.\n\n - CVE-2017-5754: The IBM Z architecture is not affected by\n the 'Meltdown' attack.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5715/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5753/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180171-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e916790e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-kernel-20180111-13427=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch\nslexsp3-kernel-20180111-13427=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-kernel-20180111-13427=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"s390x\") audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-3.0.101-0.47.106.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-base-3.0.101-0.47.106.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-devel-3.0.101-0.47.106.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-0.47.106.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-source-3.0.101-0.47.106.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-syms-3.0.101-0.47.106.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-trace-3.0.101-0.47.106.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-trace-base-3.0.101-0.47.106.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-trace-devel-3.0.101-0.47.106.14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:56", "description": "According to the versions of the crit / criu / criu-devel / ksm-vz / libcompel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.\n\n - CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks.\n\n - CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-09T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : crit / criu / criu-devel / ksm-vz / libcompel / etc (VZA-2018-003)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:crit", "p-cpe:/a:virtuozzo:virtuozzo:criu", "p-cpe:/a:virtuozzo:virtuozzo:criu-devel", "p-cpe:/a:virtuozzo:virtuozzo:ksm-vz", "p-cpe:/a:virtuozzo:virtuozzo:libcompel", "p-cpe:/a:virtuozzo:virtuozzo:libcompel-devel", "p-cpe:/a:virtuozzo:virtuozzo:libvirt", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-admin", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-client", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-config-network", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-config-nwfilter", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-interface", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-lxc", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-network", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-nodedev", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-nwfilter", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-qemu", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-secret", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-storage", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-storage-core", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-storage-disk", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-storage-gluster", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-storage-iscsi", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-storage-logical", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-storage-mpath", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-storage-rbd", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-storage-scsi", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-vz", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-kvm", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-lxc", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-vz", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-devel", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-docs", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-libs", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-lock-sanlock", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-login-shell", "p-cpe:/a:virtuozzo:virtuozzo:libvirt-nss", "p-cpe:/a:virtuozzo:virtuozzo:libvzctl", "p-cpe:/a:virtuozzo:virtuozzo:libvzctl-devel", "p-cpe:/a:virtuozzo:virtuozzo:python-criu", "p-cpe:/a:virtuozzo:virtuozzo:qemu-img-vz", "p-cpe:/a:virtuozzo:virtuozzo:qemu-kvm-common-vz", "p-cpe:/a:virtuozzo:virtuozzo:qemu-kvm-tools-vz", "p-cpe:/a:virtuozzo:virtuozzo:qemu-kvm-vz", "p-cpe:/a:virtuozzo:virtuozzo:vz-guest-tools-win", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-debug", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-debug-devel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-headers", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2018-003.NASL", "href": "https://www.tenable.com/plugins/nessus/105657", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(105657);\n script_version(\"3.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-5715\",\n \"CVE-2017-5753\",\n \"CVE-2017-5754\"\n );\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Virtuozzo 7 : crit / criu / criu-devel / ksm-vz / libcompel / etc (VZA-2018-003)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the crit / criu / criu-devel / ksm-vz /\nlibcompel / etc packages installed, the Virtuozzo installation on the\nremote host is affected by the following vulnerabilities :\n\n - CVE-2017-5715 triggers the speculative execution by\n utilizing branch target injection. It relies on the\n presence of a precisely-defined instruction sequence in\n the privileged code as well as the fact that memory\n accesses may cause allocation into the microprocessor's\n data cache even for speculatively executed instructions\n that never actually commit (retire). As a result, an\n unprivileged attacker could use this flaw to cross the\n syscall and guest/host boundaries and read privileged\n memory by conducting targeted cache side-channel\n attacks.\n\n - CVE-2017-5753 triggers the speculative execution by\n performing a bounds-check bypass. It relies on the\n presence of a precisely-defined instruction sequence in\n the privileged code as well as the fact that memory\n accesses may cause allocation into the microprocessor's\n data cache even for speculatively executed instructions\n that never actually commit (retire). As a result, an\n unprivileged attacker could use this flaw to cross the\n syscall boundary and read privileged memory by\n conducting targeted cache side-channel attacks.\n\n - CVE-2017-5754 relies on the fact that, on impacted\n microprocessors, during speculative execution of\n instruction permission faults, exception generation\n triggered by a faulting access is suppressed until the\n retirement of the whole instruction block. In a\n combination with the fact that memory accesses may\n populate the cache even when the block is being dropped\n and never committed (executed), an unprivileged local\n attacker could use this flaw to read privileged (kernel\n space) memory by conducting targeted cache side-channel\n attacks.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2914297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2018:0007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2018:0023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2018:0029\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected crit / criu / criu-devel / ksm-vz / libcompel / etc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:crit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:criu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:criu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:ksm-vz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libcompel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libcompel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-admin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-config-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-config-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-interface\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-network\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-nodedev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-nwfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-qemu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-secret\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-storage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-storage-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-storage-disk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-storage-gluster\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-storage-iscsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-storage-logical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-storage-mpath\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-storage-rbd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-storage-scsi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-driver-vz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-lxc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-daemon-vz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-lock-sanlock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-login-shell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvirt-nss\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvzctl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:libvzctl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:python-criu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:qemu-img-vz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:qemu-kvm-common-vz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:qemu-kvm-tools-vz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:qemu-kvm-vz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vz-guest-tools-win\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"crit-3.4.0.25.51-1.vz7\",\n \"criu-3.4.0.25.51-1.vz7\",\n \"criu-devel-3.4.0.25.51-1.vz7\",\n \"ksm-vz-2.9.0-16.3.vz7.36.3\",\n \"libcompel-3.4.0.25.51-1.vz7\",\n \"libcompel-devel-3.4.0.25.51-1.vz7\",\n \"libvirt-3.6.0-1.vz7.17.2\",\n \"libvirt-admin-3.6.0-1.vz7.17.2\",\n \"libvirt-client-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-config-network-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-config-nwfilter-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-driver-interface-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-driver-lxc-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-driver-network-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-driver-nodedev-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-driver-nwfilter-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-driver-qemu-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-driver-secret-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-driver-storage-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-driver-storage-core-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-driver-storage-disk-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-driver-storage-gluster-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-driver-storage-iscsi-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-driver-storage-logical-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-driver-storage-mpath-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-driver-storage-rbd-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-driver-storage-scsi-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-driver-vz-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-kvm-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-lxc-3.6.0-1.vz7.17.2\",\n \"libvirt-daemon-vz-3.6.0-1.vz7.17.2\",\n \"libvirt-devel-3.6.0-1.vz7.17.2\",\n \"libvirt-docs-3.6.0-1.vz7.17.2\",\n \"libvirt-libs-3.6.0-1.vz7.17.2\",\n \"libvirt-lock-sanlock-3.6.0-1.vz7.17.2\",\n \"libvirt-login-shell-3.6.0-1.vz7.17.2\",\n \"libvirt-nss-3.6.0-1.vz7.17.2\",\n \"libvzctl-7.0.442.9-1.vz7\",\n \"libvzctl-devel-7.0.442.9-1.vz7\",\n \"python-criu-3.4.0.25.51-1.vz7\",\n \"qemu-img-vz-2.9.0-16.3.vz7.36.3\",\n \"qemu-kvm-common-vz-2.9.0-16.3.vz7.36.3\",\n \"qemu-kvm-tools-vz-2.9.0-16.3.vz7.36.3\",\n \"qemu-kvm-vz-2.9.0-16.3.vz7.36.3\",\n \"vz-guest-tools-win-7.6-9.vz7\",\n \"vzkernel-3.10.0-693.11.6.vz7.40.4\",\n \"vzkernel-debug-3.10.0-693.11.6.vz7.40.4\",\n \"vzkernel-debug-devel-3.10.0-693.11.6.vz7.40.4\",\n \"vzkernel-devel-3.10.0-693.11.6.vz7.40.4\",\n \"vzkernel-headers-3.10.0-693.11.6.vz7.40.4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"crit / criu / criu-devel / ksm-vz / libcompel / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:48:55", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\n[Updated 23rd January 2019] The text has been updated to correct the list of architectures addressed by the CVE-2017-5753 mitigation. No changes have been made to the packages.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.\n\nIn this update, mitigations for x86 (CVE-2017-5753) and x86-64 (CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754) architectures are provided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-04T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2018:0008) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-0008.NASL", "href": "https://www.tenable.com/plugins/nessus/105524", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0008. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105524);\n script_version(\"3.19\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"RHSA\", value:\"2018:0008\");\n script_xref(name:\"IAVA\", value:\"2018-A-0017\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2018:0008) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n[Updated 23rd January 2019] The text has been updated to correct the\nlist of architectures addressed by the CVE-2017-5753 mitigation. No\nchanges have been made to the packages.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\nAn industry-wide issue was found in the way many modern microprocessor\ndesigns have implemented speculative execution of instructions (a\ncommonly used performance optimization). There are three primary\nvariants of the issue which differ in the way the speculative\nexecution can be exploited.\n\nNote: This issue is present in hardware and cannot be fully fixed via\nsoftware update. The updated kernel packages provide software\nmitigation for this hardware issue at a cost of potential performance\npenalty. Please refer to References section for further information\nabout this issue and the performance impact.\n\nIn this update, mitigations for x86 (CVE-2017-5753) and x86-64\n(CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754) architectures are\nprovided.\n\nVariant CVE-2017-5753 triggers the speculative execution by performing\na bounds-check bypass. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall\nboundary and read privileged memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5753, Important)\n\nVariant CVE-2017-5715 triggers the speculative execution by utilizing\nbranch target injection. It relies on the presence of a\nprecisely-defined instruction sequence in the privileged code as well\nas the fact that memory accesses may cause allocation into the\nmicroprocessor's data cache even for speculatively executed\ninstructions that never actually commit (retire). As a result, an\nunprivileged attacker could use this flaw to cross the syscall and\nguest/host boundaries and read privileged memory by conducting\ntargeted cache side-channel attacks. (CVE-2017-5715, Important)\n\nVariant CVE-2017-5754 relies on the fact that, on impacted\nmicroprocessors, during speculative execution of instruction\npermission faults, exception generation triggered by a faulting access\nis suppressed until the retirement of the whole instruction block. In\na combination with the fact that memory accesses may populate the\ncache even when the block is being dropped and never committed\n(executed), an unprivileged local attacker could use this flaw to read\nprivileged (kernel space) memory by conducting targeted cache\nside-channel attacks. (CVE-2017-5754, Important)\n\nNote: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64\nmicroprocessors are not affected by this issue.\n\nRed Hat would like to thank Google Project Zero for reporting these\nissues.\"\n );\n # https://access.redhat.com/security/vulnerabilities/speculativeexecution\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?892ef523\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5754\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0008\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:0008\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0008\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-abi-whitelists-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-696.18.7.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-696.18.7.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:49:31", "description": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-01-25T00:00:00", "type": "nessus", "title": "AIX 7.1 TL 4 : spectre_meltdown (IJ03032) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-04-05T00:00:00", "cpe": ["cpe:/o:ibm:aix:7.1"], "id": "AIX_IJ03032.NASL", "href": "https://www.tenable.com/plugins/nessus/106312", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text in the description was extracted from AIX Security\n# Advisory spectre_meltdown_advisory.asc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106312);\n script_version(\"3.12\");\n script_cvs_date(\"Date: 2019/04/05 23:25:05\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"AIX 7.1 TL 4 : spectre_meltdown (IJ03032) (Meltdown) (Spectre)\");\n script_summary(english:\"Check for APAR IJ03032\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote AIX host is missing a security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Systems with microprocessors utilizing speculative execution and indirect\nbranch prediction may allow unauthorized disclosure of information to an\nattacker with local user access via a side-channel analysis.\"\n );\n # http://aix.software.ibm.com/aix/efixes/security/spectre_meltdown_advisory.asc\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0ecfba9a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install the appropriate interim fix.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5715\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:ibm:aix:7.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"former\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"AIX Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/AIX/lslpp\", \"Host/local_checks_enabled\", \"Host/AIX/version\");\n\n exit(0);\n}\n\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"aix.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif ( ! get_kb_item(\"Host/AIX/version\") ) audit(AUDIT_OS_NOT, \"AIX\");\nif ( ! get_kb_item(\"Host/AIX/lslpp\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif ( get_kb_item(\"Host/AIX/emgr_failure\" ) ) exit(0, \"This iFix check is disabled because : \"+get_kb_item(\"Host/AIX/emgr_failure\") );\n\nflag = 0;\n\nif (aix_check_ifix(release:\"7.1\", ml:\"04\", sp:\"03\", patch:\"IJ03032m3a\", package:\"bos.mp64\", minfilesetver:\"7.1.4.0\", maxfilesetver:\"7.1.4.30\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"04\", sp:\"03\", patch:\"IJ03032m3b\", package:\"bos.mp64\", minfilesetver:\"7.1.4.31\", maxfilesetver:\"7.1.4.33\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"04\", sp:\"04\", patch:\"(IJ03032m4a|IJ05823m4a)\", package:\"bos.mp64\", minfilesetver:\"7.1.4.0\", maxfilesetver:\"7.1.4.33\") < 0) flag++;\nif (aix_check_ifix(release:\"7.1\", ml:\"04\", sp:\"05\", patch:\"(IJ03032m5a|IJ05823m5a)\", package:\"bos.mp64\", minfilesetver:\"7.1.4.0\", maxfilesetver:\"7.1.4.33\") < 0) flag++;\n\nif (flag)\n{\n aix_report_extra = ereg_replace(string:aix_report_get(), pattern:\"[()]\", replace:\"\");\n aix_report_extra = ereg_replace(string:aix_report_extra, pattern:\"[|]\", replace:\" or \");\n if (report_verbosity > 0) security_warning(port:0, extra:aix_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:54:10", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.7 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* hw: cpu: speculative execution branch target injection (s390-only) (CVE-2017-5715, Important)\n\n* hw: cpu: speculative execution bounds-check bypass (s390 and powerpc) (CVE-2017-5753, Important)\n\n* hw: cpu: speculative execution permission faults handling (powerpc-only) (CVE-2017-5754)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* If an NFSv3 client mounted a subdirectory of an exported file system, a directory entry to the mount hosting the export was incorrectly held even after clearing the cache. Consequently, attempts to unmount the subdirectory with the umount command failed with the EBUSY error. With this update, the underlying source code has been fixed, and the unmount operation now succeeds as expected in the described situation. (BZ#1538587)\n\n* The Return Trampoline (Retpoline) mechanism mitigates the branch target injection, also known as the Spectre variant 2 vulnerability.\nWith this update, Retpoline has been implemented into the Red Hat Enterprise Linux kernel. (BZ#1543023)", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-03-14T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2018:0496) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6.7"], "id": "REDHAT-RHSA-2018-0496.NASL", "href": "https://www.tenable.com/plugins/nessus/108326", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0496. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108326);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"RHSA\", value:\"2018:0496\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2018:0496) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.7\nExtended Update Support.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* hw: cpu: speculative execution branch target injection (s390-only)\n(CVE-2017-5715, Important)\n\n* hw: cpu: speculative execution bounds-check bypass (s390 and\npowerpc) (CVE-2017-5753, Important)\n\n* hw: cpu: speculative execution permission faults handling\n(powerpc-only) (CVE-2017-5754)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* If an NFSv3 client mounted a subdirectory of an exported file\nsystem, a directory entry to the mount hosting the export was\nincorrectly held even after clearing the cache. Consequently, attempts\nto unmount the subdirectory with the umount command failed with the\nEBUSY error. With this update, the underlying source code has been\nfixed, and the unmount operation now succeeds as expected in the\ndescribed situation. (BZ#1538587)\n\n* The Return Trampoline (Retpoline) mechanism mitigates the branch\ntarget injection, also known as the Spectre variant 2 vulnerability.\nWith this update, Retpoline has been implemented into the Red Hat\nEnterprise Linux kernel. (BZ#1543023)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-5754\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6\\.7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.7\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:0496\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0496\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"kernel-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"kernel-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", reference:\"kernel-abi-whitelists-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", reference:\"kernel-doc-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", reference:\"kernel-firmware-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"perf-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"perf-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"perf-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"python-perf-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"python-perf-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-573.53.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", sp:\"7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-573.53.1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:54:11", "description": "USNS 3541-1 and 3523-1 provided mitigations for Spectre and Meltdown (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) for the i386, amd64, and ppc64el architectures in Ubuntu 17.10. This update provides the corresponding mitigations for the arm64 architecture. Original advisory details :\n\nJann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754)\n\nJann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715, CVE-2017-5753).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-03-15T00:00:00", "type": "nessus", "title": "Ubuntu 17.10 : Linux kernel vulnerabilities (USN-3597-1) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3597-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108371", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3597-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108371);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"USN\", value:\"3597-1\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Ubuntu 17.10 : Linux kernel vulnerabilities (USN-3597-1) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USNS 3541-1 and 3523-1 provided mitigations for Spectre and Meltdown\n(CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) for the i386, amd64, and\nppc64el architectures in Ubuntu 17.10. This update provides the\ncorresponding mitigations for the arm64 architecture. Original\nadvisory details :\n\nJann Horn discovered that microprocessors utilizing speculative\nexecution and indirect branch prediction may allow unauthorized memory\nreads via sidechannel attacks. This flaw is known as Meltdown. A local\nattacker could use this to expose sensitive information, including\nkernel memory. (CVE-2017-5754)\n\nJann Horn discovered that microprocessors utilizing speculative\nexecution and branch prediction may allow unauthorized memory reads\nvia sidechannel attacks. This flaw is known as Spectre. A local\nattacker could use this to expose sensitive information, including\nkernel memory. (CVE-2017-5715, CVE-2017-5753).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3597-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(17\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3597-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-4.13.0-1015-raspi2\", pkgver:\"4.13.0-1015.16\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-4.13.0-37-generic\", pkgver:\"4.13.0-37.42\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-4.13.0-37-generic-lpae\", pkgver:\"4.13.0-37.42\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-4.13.0-37-lowlatency\", pkgver:\"4.13.0-37.42\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-generic\", pkgver:\"4.13.0.37.40\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.13.0.37.40\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.13.0.37.40\")) flag++;\nif (ubuntu_check(osver:\"17.10\", pkgname:\"linux-image-raspi2\", pkgver:\"4.13.0.1015.13\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.13-generic / linux-image-4.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 4.7, "vector": "AV:L/AC:M/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-04-08T14:54:12", "description": "USN-3597-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10.\nThis update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.\n\nUSNS 3541-2 and 3523-2 provided mitigations for Spectre and Meltdown (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) for the i386, amd64, and ppc64el architectures for Ubuntu 16.04 LTS. This update provides the corresponding mitigations for the arm64 architecture. Original advisory details :\n\nJann Horn discovered that microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Meltdown. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5754)\n\nJann Horn discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2017-5715, CVE-2017-5753).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.6, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}, "published": "2018-03-15T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3597-2) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3597-2.NASL", "href": "https://www.tenable.com/plugins/nessus/108372", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3597-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108372);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n script_xref(name:\"USN\", value:\"3597-2\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3597-2) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3597-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10.\nThis update provides the corresponding updates for the Linux Hardware\nEnablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.\n\nUSNS 3541-2 and 3523-2 provided mitigations for Spectre and Meltdown\n(CVE-2017-5715, CVE-2017-5753, CVE-2017-5754) for the i386, amd64, and\nppc64el architectures for Ubuntu 16.04 LTS. This update provides the\ncorresponding mitigations for the arm64 architecture. Original\nadvisory details :\n\nJann Horn discovered that microprocessors utilizing speculative\nexecution and indirect branch prediction may allow unauthorized memory\nreads via sidechannel attacks. This flaw is known as Meltdown. A local\nattacker could use this to expose sensitive information, including\nkernel memory. (CVE-2017-5754)\n\nJann Horn discovered that microprocessors utilizing speculative\nexecution and branch prediction may allow unauthorized memory reads\nvia sidechannel attacks. This flaw is known as Spectre. A local\nattacker could use this to expose sensitive information, including\nkernel memory. (CVE-2017-5715, CVE-2017-5753).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3597-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/15\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2017-5754\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \&quo
