Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2014-368.NASL
HistoryOct 12, 2014 - 12:00 a.m.

Amazon Linux AMI : kernel (ALAS-2014-368)

2014-10-1200:00:00
This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
52
JSON

arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000.

Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value.

The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.

DISPUTED Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says ‘the Linux kernel is
not affected; media hype.’

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2014-368.
#

include("compat.inc");

if (description)
{
  script_id(78311);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/08/18");

  script_cve_id("CVE-2014-0206", "CVE-2014-4014", "CVE-2014-4508", "CVE-2014-4608");
  script_xref(name:"ALAS", value:"2014-368");

  script_name(english:"Amazon Linux AMI : kernel (ALAS-2014-368)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description",
    value:
"arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on
32-bit x86 platforms, when syscall auditing is enabled and the sep CPU
feature flag is set, allows local users to cause a denial of service
(OOPS and system crash) via an invalid syscall number, as demonstrated
by number 1000.

Array index error in the aio_read_events_ring function in fs/aio.c in
the Linux kernel through 3.15.1 allows local users to obtain sensitive
information from kernel memory via a large head value.

The capabilities implementation in the Linux kernel before 3.14.8 does
not properly consider that namespaces are inapplicable to inodes,
which allows local users to bypass intended chmod restrictions by
first creating a user namespace, as demonstrated by setting the setgid
bit on a file with group ownership of root.

** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe
function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in
the Linux kernel before 3.15.2 allow context-dependent attackers to
cause a denial of service (memory corruption) via a crafted Literal
Run. NOTE: the author of the LZO algorithms says 'the Linux kernel is
*not* affected; media hype.'"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2014-368.html"
  );
  script_set_attribute(
    attribute:"solution",
    value:
"Run 'yum update kernel' to update your system. You will need to reboot
your system in order for the new kernel to be running."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/09/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"kernel-3.10.48-55.140.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-debuginfo-3.10.48-55.140.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"i686", reference:"kernel-debuginfo-common-i686-3.10.48-55.140.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.48-55.140.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-devel-3.10.48-55.140.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-doc-3.10.48-55.140.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-headers-3.10.48-55.140.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-3.10.48-55.140.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-debuginfo-3.10.48-55.140.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc");
}
VendorProductVersionCPE
amazonlinuxkernelp-cpe:/a:amazon:linux:kernel
amazonlinuxkernel-debuginfop-cpe:/a:amazon:linux:kernel-debuginfo
amazonlinuxkernel-debuginfo-common-i686p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686
amazonlinuxkernel-debuginfo-common-x86_64p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64
amazonlinuxkernel-develp-cpe:/a:amazon:linux:kernel-devel
amazonlinuxkernel-docp-cpe:/a:amazon:linux:kernel-doc
amazonlinuxkernel-headersp-cpe:/a:amazon:linux:kernel-headers
amazonlinuxperfp-cpe:/a:amazon:linux:perf
amazonlinuxperf-debuginfop-cpe:/a:amazon:linux:perf-debuginfo
amazonlinuxcpe:/o:amazon:linux

Related

amazon 1
openvas 53
nessus 43
mageia 9
securityvulns 6
f5 4
cve 4
prion 4
ubuntucve 4
freebsd 1
debiancve 4
exploitpack 1
seebug 1
zdt 1
redhat 5
oraclelinux 6
ubuntu 16
exploitdb 1
cisa 1
thn 1
suse 9
fedora 7
ibm 1
veracode 10
centos 1
virtuozzo 1
cloudlinux 2
osv 1
kitploit 1
amazon
amazon
Medium: kernel
2014-07-09 16:29:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-368)
2015-09-08 00:00:00
Mageia: Security Advisory (MGASA-2014-0316)
2022-01-28 00:00:00
Mageia: Security Advisory (MGASA-2014-0331)
2022-01-28 00:00:00
nessus
nessus
Fedora 20 : kernel-3.14.9-200.fc20 (2014-7863)
2014-07-01 00:00:00
Fedora 19 : kernel-3.14.13-100.fc19 (2014-8487)
2014-07-26 00:00:00
FreeBSD : LZO -- potential buffer overrun when processing malicious input data (d1f5e12a-fd5a-11e3-a108-080027ef73ec)
2014-06-27 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2014-08-06 00:08:48
Updated kernel-tmb package fixes security vulnerabilities
2014-08-18 13:14:56
Updated kernel-vserver package fixes security vulnerabilities
2014-08-18 13:14:56
securityvulns
securityvulns
[oss-security] LMS-2014-06-16-2: Linux Kernel LZO
2014-06-28 00:00:00
[oss-security] CVE-2014-4014: Linux kernel user namespace bug
2014-06-17 00:00:00
Linux kernel multiple security vulnerabilities
2014-07-21 00:00:00
f5
f5
K15512 : LZO decompressor vulnerability CVE-2014-4608
2014-08-18 00:00:00
SOL15512 - LZO decompressor vulnerability CVE-2014-4608
2014-08-18 00:00:00
SOL15677 - Linux kernel vulnerability CVE-2014-4014
2014-10-09 00:00:00
cve
cve
CVE-2014-4608
2014-07-03 04:22:00
CVE-2014-4014
2014-06-23 11:21:00
CVE-2014-4508
2014-06-23 11:21:00
prion
prion
Integer overflow
2014-07-03 04:22:00
Design/Logic Flaw
2014-06-23 11:21:00
Design/Logic Flaw
2014-06-25 11:19:00
ubuntucve
ubuntucve
CVE-2014-4608
2014-07-03 00:00:00
CVE-2014-4014
2014-06-23 00:00:00
CVE-2014-4508
2014-06-23 00:00:00
freebsd
freebsd
LZO -- potential buffer overrun when processing malicious input data
2014-06-25 00:00:00
debiancve
debiancve
CVE-2014-4014
2014-06-23 11:21:00
CVE-2014-4608
2014-07-03 04:22:00
CVE-2014-4508
2014-06-23 11:21:00
exploitpack
exploitpack
Linux Kernel 3.13 - SGID Privilege Escalation
2014-06-21 00:00:00
seebug
seebug
Linux Kernel <= 3.13 - Local Privilege Escalation PoC (gid)
2014-07-01 00:00:00
zdt
zdt
Linux Kernel <= 3.13 - Local Privilege Escalation PoC (gid)
2014-06-22 00:00:00
redhat
redhat
(RHSA-2021:0181) Moderate: kernel security update
2021-01-19 09:01:02
(RHSA-2015:0062) Important: kernel security, bug fix, and enhancement update
2015-01-20 00:00:00
(RHSA-2014:0786) Important: kernel security, bug fix, and enhancement update
2014-06-24 00:00:00
oraclelinux
oraclelinux
kernel security update
2020-11-18 00:00:00
Unbreakable Enterprise kernel security update
2020-11-16 00:00:00
kernel security, bug fix, and enhancement update
2014-07-23 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2014-07-17 00:00:00
Linux kernel (EC2) vulnerabilities
2014-11-25 00:00:00
Linux kernel vulnerability
2014-11-25 00:00:00
exploitdb
exploitdb
Linux Kernel 3.13 - SGID Privilege Escalation
2014-06-21 00:00:00
cisa
cisa
Vulnerabilities in LZO and LZ4 compression libraries
2014-07-21 00:00:00
thn
thn
20-Year Old Vulnerability in LZO Compression Algorithm Went to Planet Mars
2014-06-27 05:43:00
suse
suse
kernel: security and bugfix update (important)
2014-08-11 12:04:19
kernel: security and bugfix update (important)
2014-08-01 15:04:21
Security update for Linux kernel (important)
2014-12-23 19:06:22
fedora
fedora
[SECURITY] Fedora 20 Update: kernel-3.14.9-200.fc20
2014-06-30 10:29:23
[SECURITY] Fedora 20 Update: kernel-3.15.4-200.fc20
2014-07-11 02:02:48
[SECURITY] Fedora 20 Update: kernel-3.15.6-200.fc20
2014-07-20 03:26:08
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSL affect IBM Flex System Manager (FSM) SMIA Configuration Tool. (CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2014-0205, CVE-2014-0206)
2019-01-31 01:55:01
veracode
veracode
Information Disclosure
2019-05-02 05:03:36
Privilege Escalation
2019-05-02 05:03:36
Information Disclosure
2019-05-02 05:03:36
centos
centos
kernel, perf, python security update
2014-10-20 18:09:23
virtuozzo
virtuozzo
[Important] [Security] New kernel 2.6.32-042stab146.1; Virtuozzo 6.0 Update 12 Hotfix 54 (6.0.12-3761)
2021-08-03 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-34693, CVE-2021-20292, CVE-2021-28972, CVE-2021-20265, CVE-2021-32399, CVE-2014-4508, CVE-2021-3612, CVE-2021-3178, CVE-2021-37159, CVE-2021-38205, CVE-2021-3573, CVE-2021-38160
2021-09-21 22:11:09
Fix of CVE: CVE-2021-38160, CVE-2021-3573, CVE-2021-38205, CVE-2021-3178, CVE-2021-20265, CVE-2021-3612, CVE-2021-32399, CVE-2021-37159, CVE-2014-4508, CVE-2021-28972, CVE-2021-34693, CVE-2021-20292
2021-09-21 22:11:36
osv
osv
linux-2.6 - security update
2014-12-09 00:00:00
kitploit
kitploit
Kernelpop - Kernel Privilege Escalation Enumeration And Exploitation Framework
2017-11-04 13:30:00
JSON
Related for ALA_ALAS-2014-368.NASL
amazon1openvas53nessus43mageia9securityvulns6f54cve4prion4ubuntucve4freebsd1debiancve4exploitpack1seebug1zdt1redhat5oraclelinux6ubuntu16exploitdb1cisa1thn1suse9fedora7ibm1veracode10centos1virtuozzo1cloudlinux2osv1kitploit1