Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.ALA_ALAS-2015-565.NASL
HistoryJul 23, 2015 - 12:00 a.m.

Amazon Linux AMI : kernel (ALAS-2015-565)

2015-07-2300:00:00
This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
www.tenable.com
26
JSON

It was found that the Linux kernel’s implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1805)

A flaw was found in the Linux kernels handling of the SCTPs automatic handling of dynamic multi-homed connections. A race condition in the way the Linux kernel handles lists of associations in SCTP sockets using Address Configuration Change messages, leading to list corruption and panics. (CVE-2015-3212)

A flaw was found in the way the Linux kernel’s networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364)

A flaw was found in the way the Linux kernel’s networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5366)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2015-565.
#

include("compat.inc");

if (description)
{
  script_id(84925);
  script_version("2.5");
  script_cvs_date("Date: 2018/04/18 15:09:35");

  script_cve_id("CVE-2015-1805", "CVE-2015-3212", "CVE-2015-5364", "CVE-2015-5366");
  script_xref(name:"ALAS", value:"2015-565");

  script_name(english:"Amazon Linux AMI : kernel (ALAS-2015-565)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was found that the Linux kernel's implementation of vectored pipe
read and write functionality did not take into account the I/O vectors
that were already processed when retrying after a failed atomic access
operation, potentially resulting in memory corruption due to an I/O
vector array overrun. A local, unprivileged user could use this flaw
to crash the system or, potentially, escalate their privileges on the
system. (CVE-2015-1805)

A flaw was found in the Linux kernels handling of the SCTPs automatic
handling of dynamic multi-homed connections. A race condition in the
way the Linux kernel handles lists of associations in SCTP sockets
using Address Configuration Change messages, leading to list
corruption and panics. (CVE-2015-3212)

A flaw was found in the way the Linux kernel's networking
implementation handled UDP packets with incorrect checksum values. A
remote attacker could potentially use this flaw to trigger an infinite
loop in the kernel, resulting in a denial of service on the system, or
cause a denial of service in applications using the edge triggered
epoll functionality. (CVE-2015-5364)

A flaw was found in the way the Linux kernel's networking
implementation handled UDP packets with incorrect checksum values. A
remote attacker could potentially use this flaw to trigger an infinite
loop in the kernel, resulting in a denial of service on the system, or
cause a denial of service in applications using the edge triggered
epoll functionality. (CVE-2015-5366)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2015-565.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Run 'yum clean all' followed by 'yum update kernel' to update your
system. You will need to reboot your system in order for the new
kernel to be running."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/07/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/23");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"kernel-3.14.48-33.39.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-debuginfo-3.14.48-33.39.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"i686", reference:"kernel-debuginfo-common-i686-3.14.48-33.39.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.14.48-33.39.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-devel-3.14.48-33.39.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-doc-3.14.48-33.39.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-headers-3.14.48-33.39.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-3.14.48-33.39.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-debuginfo-3.14.48-33.39.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-devel-3.14.48-33.39.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-3.14.48-33.39.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-debuginfo-3.14.48-33.39.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc");
}
VendorProductVersionCPE
amazonlinuxkernelp-cpe:/a:amazon:linux:kernel
amazonlinuxkernel-debuginfop-cpe:/a:amazon:linux:kernel-debuginfo
amazonlinuxkernel-debuginfo-common-i686p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686
amazonlinuxkernel-debuginfo-common-x86_64p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64
amazonlinuxkernel-develp-cpe:/a:amazon:linux:kernel-devel
amazonlinuxkernel-docp-cpe:/a:amazon:linux:kernel-doc
amazonlinuxkernel-headersp-cpe:/a:amazon:linux:kernel-headers
amazonlinuxkernel-toolsp-cpe:/a:amazon:linux:kernel-tools
amazonlinuxkernel-tools-debuginfop-cpe:/a:amazon:linux:kernel-tools-debuginfo
amazonlinuxkernel-tools-develp-cpe:/a:amazon:linux:kernel-tools-devel
Rows per page:
1-10 of 131

Related

amazon 1
nessus 61
ubuntu 14
openvas 42
suse 6
oraclelinux 11
f5 7
redhat 14
centos 4
paloalto 1
cve 5
ubuntucve 5
debiancve 4
prion 5
securityvulns 2
veracode 4
osv 3
debian 5
threatpost 2
androidsecurity 1
android 2
amazon
amazon
Medium: kernel
2015-07-22 10:00:00
nessus
nessus
Ubuntu 12.04 LTS : linux vulnerabilities (USN-2713-1)
2015-08-18 00:00:00
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3072)
2015-08-17 00:00:00
Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20150813)
2015-08-14 00:00:00
ubuntu
ubuntu
Linux kernel (OMAP4) vulnerabilities
2015-08-18 00:00:00
Linux kernel vulnerabilities
2015-08-18 00:00:00
Linux kernel vulnerabilities
2015-07-24 00:00:00
openvas
openvas
Ubuntu Update for linux USN-2713-1
2015-08-18 00:00:00
Ubuntu Update for linux-ti-omap4 USN-2714-1
2015-08-18 00:00:00
Oracle Linux Local Check: ELSA-2016-0045-1
2016-01-21 00:00:00
suse
suse
Live patch for the Linux Kernel (important)
2015-09-04 12:15:30
Security update for the SUSE Linux Enterprise 12 kernel (important)
2015-07-31 10:08:48
Live patch for the Linux Kernel (important)
2015-09-04 12:09:23
oraclelinux
oraclelinux
kernel security and bug fix update
2015-08-13 00:00:00
Unbreakable Enterprise kernel security update
2015-08-14 00:00:00
kernel security update
2016-01-20 00:00:00
f5
f5
SOL17309 - Linux kernel vulnerability CVE-2015-5366
2015-09-24 00:00:00
K17309 : Linux kernel vulnerability CVE-2015-5366
2015-09-24 00:00:00
SOL17307 - Linux kernel vulnerability CVE-2015-5364
2015-09-24 00:00:00
redhat
redhat
(RHSA-2015:1623) Important: kernel security and bug fix update
2015-08-13 16:26:53
(RHSA-2016:1096) Important: kernel security and bug fix update
2016-05-23 12:29:30
(RHSA-2016:1225) Important: kernel security and bug fix update
2016-06-14 11:12:39
centos
centos
kernel security update
2016-01-19 20:05:12
kernel, perf, python security update
2015-08-14 00:41:19
kernel, perf, python security update
2015-09-16 12:54:26
paloalto
paloalto
Kernel Vulnerabilities
2016-10-03 00:00:00
cve
cve
CVE-2015-5366
2015-08-31 10:59:00
CVE-2015-5364
2015-08-31 10:59:00
CVE-2015-1805
2015-08-08 10:59:00
ubuntucve
ubuntucve
CVE-2015-5366
2015-07-06 00:00:00
CVE-2015-5364
2015-07-02 00:00:00
CVE-2015-3212
2015-06-30 00:00:00
debiancve
debiancve
CVE-2015-5366
2015-08-31 10:59:00
CVE-2015-5364
2015-08-31 10:59:00
CVE-2015-1805
2015-08-08 10:59:00
prion
prion
Design/Logic Flaw
2015-08-31 10:59:00
Code injection
2015-08-31 10:59:00
Design/Logic Flaw
2015-08-08 10:59:00
securityvulns
securityvulns
[USN-2685-1] Linux kernel vulnerabilities
2015-07-26 00:00:00
[SECURITY] [DSA 3313-1] linux security update
2015-07-26 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:09:53
Denial Of Service (DoS)
2019-05-02 05:18:24
Denial Of Service (DoS)
2019-01-15 09:06:06
osv
osv
linux - security update
2015-08-07 00:00:00
linux - security update
2015-07-23 00:00:00
linux-2.6 - security update
2015-09-21 00:00:00
debian
debian
[SECURITY] [DSA 3329-1] linux security update
2015-08-07 07:18:37
[SECURITY] [DSA 3329-1] linux security update
2015-08-07 07:18:37
[SECURITY] [DSA 3313-1] linux security update
2015-07-23 06:49:38
threatpost
threatpost
Android Rooting Application Emergency Patch
2016-03-23 07:00:46
April 2016 Google Android Nexus Security Bulletin
2016-04-04 14:00:22
androidsecurity
androidsecurity
Android Security Advisory — 2016-03-18
2016-03-18 00:00:00
android
android
pipe inatomic
2015-06-06 00:00:00
CVE-2015-1805
2016-04-02 00:00:00
JSON
Related for ALA_ALAS-2015-565.NASL
amazon1nessus61ubuntu14openvas42suse6oraclelinux11f57redhat14centos4paloalto1cve5ubuntucve5debiancve4prion5securityvulns2veracode4osv3debian5threatpost2androidsecurity1android2