Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2014-455.NASL
HistoryDec 05, 2014 - 12:00 a.m.

Amazon Linux AMI : kernel (ALAS-2014-455)

2014-12-0500:00:00
This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27
JSON

The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.
(CVE-2014-7841)

The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call. (CVE-2014-7970)

The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel through 3.17.4 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite.
(CVE-2014-9090)

A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.
(CVE-2014-9322)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2014-455.
#

include("compat.inc");

if (description)
{
  script_id(79725);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/08/18");

  script_cve_id("CVE-2014-7841", "CVE-2014-7970", "CVE-2014-9090", "CVE-2014-9322");
  script_xref(name:"ALAS", value:"2014-455");

  script_name(english:"Amazon Linux AMI : kernel (ALAS-2014-455)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description",
    value:
"The sctp_process_param function in net/sctp/sm_make_chunk.c in the
SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is
used, allows remote attackers to cause a denial of service (NULL
pointer dereference and system crash) via a malformed INIT chunk.
(CVE-2014-7841)

The pivot_root implementation in fs/namespace.c in the Linux kernel
through 3.17 does not properly interact with certain locations of a
chroot directory, which allows local users to cause a denial of
service (mount-tree loop) via . (dot) values in both arguments to the
pivot_root system call. (CVE-2014-7970)

The do_double_fault function in arch/x86/kernel/traps.c in the Linux
kernel through 3.17.4 does not properly handle faults associated with
the Stack Segment (SS) segment register, which allows local users to
cause a denial of service (panic) via a modify_ldt system call, as
demonstrated by sigreturn_32 in the linux-clock-tests test suite.
(CVE-2014-9090)

A flaw was found in the way the Linux kernel handled GS segment
register base switching when recovering from a #SS (stack segment)
fault on an erroneous return to user space. A local, unprivileged user
could use this flaw to escalate their privileges on the system.
(CVE-2014-9322)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2014-455.html"
  );
  script_set_attribute(
    attribute:"solution",
    value:
"Run 'yum clean all' followed by 'yum update kernel' to update your
system. You will need to reboot your system in order for the new
kernel to be running."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/12/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/05");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"kernel-3.14.26-24.46.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-debuginfo-3.14.26-24.46.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"i686", reference:"kernel-debuginfo-common-i686-3.14.26-24.46.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.14.26-24.46.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-devel-3.14.26-24.46.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-doc-3.14.26-24.46.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-headers-3.14.26-24.46.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-3.14.26-24.46.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-debuginfo-3.14.26-24.46.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-devel-3.14.26-24.46.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-3.14.26-24.46.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-debuginfo-3.14.26-24.46.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc");
}
VendorProductVersionCPE
amazonlinuxkernelp-cpe:/a:amazon:linux:kernel
amazonlinuxkernel-debuginfop-cpe:/a:amazon:linux:kernel-debuginfo
amazonlinuxkernel-debuginfo-common-i686p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686
amazonlinuxkernel-debuginfo-common-x86_64p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64
amazonlinuxkernel-develp-cpe:/a:amazon:linux:kernel-devel
amazonlinuxkernel-docp-cpe:/a:amazon:linux:kernel-doc
amazonlinuxkernel-headersp-cpe:/a:amazon:linux:kernel-headers
amazonlinuxkernel-toolsp-cpe:/a:amazon:linux:kernel-tools
amazonlinuxkernel-tools-debuginfop-cpe:/a:amazon:linux:kernel-tools-debuginfo
amazonlinuxkernel-tools-develp-cpe:/a:amazon:linux:kernel-tools-devel
Rows per page:
1-10 of 131

Related

amazon 1
openvas 49
nessus 53
suse 4
oraclelinux 12
ubuntu 18
osv 1
debian 2
securityvulns 4
redhat 11
f5 5
securelist 1
debiancve 4
exploitpack 2
centos 3
prion 4
fedora 3
zdt 2
cve 4
ubuntucve 4
android 1
veracode 2
mageia 6
exploitdb 2
avleonov 1
amazon
amazon
Medium: kernel
2014-12-03 22:27:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2014-455)
2015-09-08 00:00:00
SUSE: Security Advisory for Linux (SUSE-SU-2014:1698-1)
2015-10-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1698-1)
2021-06-09 00:00:00
nessus
nessus
SUSE SLES11 Security Update : kernel (SUSE-SU-2014:1698-1)
2015-05-20 00:00:00
Debian DSA-3093-1 : linux - security update
2014-12-09 00:00:00
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3107)
2014-12-22 00:00:00
suse
suse
kernel update for Evergreen 11.4 (important)
2014-12-31 11:06:28
Security update for Linux kernel (important)
2014-12-24 08:05:54
Security update for Linux Kernel (important)
2014-12-21 13:12:48
oraclelinux
oraclelinux
kernel security and bug fix update
2015-01-28 00:00:00
Unbreakable Enterprise kernel security update
2014-12-19 00:00:00
Unbreakable Enterprise kernel security update
2014-12-19 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2014-12-12 00:00:00
Linux kernel (OMAP4) vulnerabilities
2015-01-13 00:00:00
Linux kernel vulnerabilities
2014-12-12 00:00:00
osv
osv
linux - security update
2014-12-08 00:00:00
debian
debian
[SECURITY] [DSA 3093-1] linux security update
2014-12-08 21:09:15
[SECURITY] [DSA 3093-1] linux security update
2014-12-08 21:09:15
securityvulns
securityvulns
[SECURITY] [DSA 3093-1] linux security update
2014-12-11 00:00:00
Linux kernel multiple security vulnerabilities
2014-12-21 00:00:00
[USN-2441-1] Linux kernel vulnerabilities
2014-12-21 00:00:00
redhat
redhat
(RHSA-2014:2008) Important: kernel security update
2014-12-17 00:00:00
(RHSA-2014:2030) Important: kernel security update
2014-12-22 00:00:00
(RHSA-2015:0285) Important: kernel security and bug fix update
2015-03-03 00:00:00
f5
f5
SOL16122 - Linux kernel vulnerability CVE-2014-9322
2015-02-12 00:00:00
K16016 : Linux kernel SCTP vulnerability CVE-2014-7841
2015-09-16 00:00:00
K16122 : Linux kernel vulnerability CVE-2014-9322
2015-09-16 00:00:00
securelist
securelist
Hacking microcontroller firmware through a USB
2019-03-21 16:00:02
debiancve
debiancve
CVE-2014-9322
2014-12-17 11:59:00
CVE-2014-9090
2014-11-30 01:59:00
CVE-2014-7841
2014-11-30 01:59:00
exploitpack
exploitpack
Linux Kernel 3.17.5 - IRET Instruction #SS Fault Handling Crash (PoC)
2015-03-04 00:00:00
Linux Kernel - BadIRET Local Privilege Escalation
2017-07-24 00:00:00
centos
centos
kernel, perf, python security update
2014-12-18 17:17:29
kernel security update
2014-12-18 13:03:54
kernel, perf, python security update
2015-01-28 22:43:51
prion
prion
Default credentials
2014-11-30 01:59:00
Design/Logic Flaw
2014-12-17 11:59:00
Code injection
2014-10-13 10:55:00
fedora
fedora
[SECURITY] Fedora 21 Update: kernel-3.17.4-302.fc21
2014-12-12 04:06:43
[SECURITY] Fedora 21 Update: kernel-3.17.1-300.fc21
2014-11-01 16:33:19
[SECURITY] Fedora 21 Update: kernel-3.17.7-300.fc21
2014-12-22 02:32:48
zdt
zdt
Linux Kernel - BadIRET Local Privilege Escalation Exploit
2018-03-01 00:00:00
Linux Kernel IRET Instruction #SS Fault Handling - Crash PoC
2015-03-05 00:00:00
cve
cve
CVE-2014-9322
2014-12-17 11:59:00
CVE-2014-7841
2014-11-30 01:59:00
CVE-2014-9090
2014-11-30 01:59:00
ubuntucve
ubuntucve
CVE-2014-9090
2014-11-29 00:00:00
CVE-2014-9322
2014-12-17 00:00:00
CVE-2014-7970
2014-10-13 00:00:00
android
android
CVE-2014-9322
2016-04-02 00:00:00
veracode
veracode
Privilege Escalation
2019-01-15 09:03:32
Denial Of Service (DoS)
2019-01-15 09:19:07
mageia
mageia
Updated kernel packages fix security vulnerabilities
2015-01-07 18:14:58
Updated kernel-tmb packages fix security vulnerabilities
2014-11-15 21:47:21
Updated kernel packages fix security vulnerabilities
2014-11-15 21:31:46
exploitdb
exploitdb
Linux Kernel - 'BadIRET' Local Privilege Escalation
2017-07-24 00:00:00
Linux Kernel 3.17.5 - IRET Instruction #SS Fault Handling Crash (PoC)
2015-03-04 00:00:00
avleonov
avleonov
Vulners NASL Plugin Feeds for OpenVAS 9
2017-10-04 17:57:22
JSON
Related for ALA_ALAS-2014-455.NASL
amazon1openvas49nessus53suse4oraclelinux12ubuntu18osv1debian2securityvulns4redhat11f55securelist1debiancve4exploitpack2centos3prion4fedora3zdt2cve4ubuntucve4android1veracode2mageia6exploitdb2avleonov1