Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2016-718.NASL
HistoryJun 28, 2016 - 12:00 a.m.

Amazon Linux AMI : kernel (ALAS-2016-718)

2016-06-2800:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
72
JSON

A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitary kernel memory when unloading a kernel module. This action is usually restricted to root-priveledged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS.
(CVE-2016-4997)

An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt(). The function call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw in privileged container environments. (CVE-2016-4998)

A vulnerability was found in the Linux kernel. The pointer to the netlink socket attribute is not checked, which could cause a NULL pointer dereference when parsing the nested attributes in function tipc_nl_publ_dump().

This allows local users to cause a DoS. (CVE-2016-4951)

A double free vulnerability was found in netlink_dump, which could cause a denial of service or possibly other unspecified impact.
(CVE-2016-9806)

(Updated on 2016-07-14: CVE-2016-4998 and CVE-2016-4951 were fixed in this version, but was not previously listed in this errata.)

(Updated on 2017-01-19: CVE-2016-9806 was fixed in this release but was previously not part of this errata.)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2016-718.
#

include("compat.inc");

if (description)
{
  script_id(91858);
  script_version("2.10");
  script_cvs_date("Date: 2019/04/11 17:23:06");

  script_cve_id("CVE-2016-4951", "CVE-2016-4997", "CVE-2016-4998", "CVE-2016-9806");
  script_xref(name:"ALAS", value:"2016-718");

  script_name(english:"Amazon Linux AMI : kernel (ALAS-2016-718)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A flaw was discovered in processing setsockopt for 32 bit processes on
64 bit systems. This flaw will allow attackers to alter arbitary
kernel memory when unloading a kernel module. This action is usually
restricted to root-priveledged users but can also be leveraged if the
kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS.
(CVE-2016-4997)

An out-of-bounds heap memory access leading to a Denial of Service,
heap disclosure, or further impact was found in setsockopt(). The
function call is normally restricted to root, however some processes
with cap_sys_admin may also be able to trigger this flaw in privileged
container environments. (CVE-2016-4998)

A vulnerability was found in the Linux kernel. The pointer to the
netlink socket attribute is not checked, which could cause a NULL
pointer dereference when parsing the nested attributes in function
tipc_nl_publ_dump().

This allows local users to cause a DoS. (CVE-2016-4951)

A double free vulnerability was found in netlink_dump, which could
cause a denial of service or possibly other unspecified impact.
(CVE-2016-9806)

(Updated on 2016-07-14: CVE-2016-4998 and CVE-2016-4951 were fixed in
this version, but was not previously listed in this errata.)

(Updated on 2017-01-19: CVE-2016-9806 was fixed in this release but
was previously not part of this errata.)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2016-718.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update kernel' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/06/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/28");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"kernel-4.4.14-24.50.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-debuginfo-4.4.14-24.50.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"i686", reference:"kernel-debuginfo-common-i686-4.4.14-24.50.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-4.4.14-24.50.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-devel-4.4.14-24.50.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-doc-4.4.14-24.50.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-headers-4.4.14-24.50.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-4.4.14-24.50.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-debuginfo-4.4.14-24.50.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-devel-4.4.14-24.50.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-4.4.14-24.50.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-debuginfo-4.4.14-24.50.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc");
}
VendorProductVersionCPE
amazonlinuxkernelp-cpe:/a:amazon:linux:kernel
amazonlinuxkernel-debuginfop-cpe:/a:amazon:linux:kernel-debuginfo
amazonlinuxkernel-debuginfo-common-i686p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686
amazonlinuxkernel-debuginfo-common-x86_64p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64
amazonlinuxkernel-develp-cpe:/a:amazon:linux:kernel-devel
amazonlinuxkernel-docp-cpe:/a:amazon:linux:kernel-doc
amazonlinuxkernel-headersp-cpe:/a:amazon:linux:kernel-headers
amazonlinuxkernel-toolsp-cpe:/a:amazon:linux:kernel-tools
amazonlinuxkernel-tools-debuginfop-cpe:/a:amazon:linux:kernel-tools-debuginfo
amazonlinuxkernel-tools-develp-cpe:/a:amazon:linux:kernel-tools-devel
Rows per page:
1-10 of 131

Related

amazon 1
openvas 30
oraclelinux 6
suse 33
nessus 65
redhat 4
fedora 6
ubuntu 15
mageia 3
cve 4
prion 4
ubuntucve 4
redhatcve 4
debiancve 4
f5 1
cloudfoundry 1
android 1
centos 2
veracode 3
ibm 1
zdt 2
metasploit 1
packetstorm 2
exploitpack 1
virtuozzo 1
amazon
amazon
Medium: kernel
2016-06-24 22:21:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2016-718)
2016-10-26 00:00:00
SUSE: Security Advisory for kernel (SUSE-SU-2016:1710-1)
2016-07-01 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2016-1048)
2020-01-23 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2016-09-22 00:00:00
Unbreakable Enterprise kernel security update
2016-09-22 00:00:00
Unbreakable Enterprise kernel security update
2016-09-22 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2016-06-30 21:07:43
Security update for the Linux Kernel (important)
2016-06-30 21:09:07
Security update for Linux Kernel Live Patch 18 for SLE 12 (important)
2017-01-27 22:09:30
nessus
nessus
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:1709-1)
2016-08-29 00:00:00
OracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0134)
2016-09-26 00:00:00
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:1710-1)
2016-08-29 00:00:00
redhat
redhat
(RHSA-2016:1883) Important: kernel-rt security and bug fix update
2016-09-14 14:42:27
(RHSA-2016:1875) Important: kernel-rt security and bug fix update
2016-09-14 14:34:58
(RHSA-2016:1847) Important: kernel security, bug fix, and enhancement update
2016-09-14 14:34:54
fedora
fedora
[SECURITY] Fedora 22 Update: kernel-4.4.14-200.fc22
2016-07-19 07:20:52
[SECURITY] Fedora 23 Update: kernel-4.5.6-200.fc23
2016-06-08 22:55:10
[SECURITY] Fedora 24 Update: kernel-4.6.3-300.fc24
2016-06-30 21:30:47
ubuntu
ubuntu
Linux kernel (Vivid HWE) vulnerabilities
2016-06-27 00:00:00
Linux kernel (Raspberry Pi 2) vulnerabilities
2016-06-27 00:00:00
Linux kernel (Xenial HWE) vulnerabilities
2016-06-27 00:00:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2016-08-31 18:32:33
Updated kernel packages fix security vulnerability
2016-07-31 23:39:13
Updated kernel-tmb packages fix security vulnerabilities
2016-08-31 18:32:33
cve
cve
CVE-2016-4951
2016-05-23 10:59:00
CVE-2016-4997
2016-07-03 21:59:00
CVE-2016-4998
2016-07-03 21:59:00
prion
prion
Null pointer dereference
2016-05-23 10:59:00
Out-of-bounds
2016-07-03 21:59:00
Race condition
2016-12-28 07:59:00
ubuntucve
ubuntucve
CVE-2016-4951
2016-05-23 00:00:00
CVE-2016-4998
2016-06-24 00:00:00
CVE-2016-9806
2016-12-28 00:00:00
redhatcve
redhatcve
CVE-2016-4951
2020-04-08 21:47:24
CVE-2016-4998
2016-06-27 06:49:23
CVE-2016-9806
2016-12-05 13:17:37
debiancve
debiancve
CVE-2016-4951
2016-05-23 10:59:00
CVE-2016-4998
2016-07-03 21:59:00
CVE-2016-9806
2016-12-28 07:59:00
f5
f5
K74171196 : Linux kernel vulnerability CVE-2016-4998
2017-02-22 00:00:00
cloudfoundry
cloudfoundry
USN 3020-1 Linux kernel (Vivid HWE) vulnerabilities | Cloud Foundry
2016-07-01 00:00:00
android
android
CVE-2016-9806
2017-03-01 00:00:00
centos
centos
kernel, perf, python security update
2016-09-19 15:43:06
kernel, perf, python security update
2017-01-12 15:47:38
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:14:51
Privilege Escalation
2019-05-02 06:36:12
Denial Of Service (DoS)
2019-05-02 05:49:27
ibm
ibm
Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM
2018-06-18 01:34:02
zdt
zdt
Linux Kernel 4.6.3 Netfilter Privilege Escalation Exploit
2016-11-24 00:00:00
Linux Kernel 4.6.3 Netfilter Privilege Escalation Vulnerability
2016-09-27 00:00:00
metasploit
metasploit
Linux Kernel 4.6.3 Netfilter Privilege Escalation
2016-11-18 18:52:09
packetstorm
packetstorm
Linux Kernel 4.6.3 Netfilter Privilege Escalation
2016-11-23 00:00:00
Linux Kernel 4.6.3 Netfilter Privilege Escalation
2016-09-27 00:00:00
exploitpack
exploitpack
Linux Kernel 4.6.2 (Ubuntu 16.04.1) - IP6T_SO_SET_REPLACE Local Privilege Escalation
2016-10-10 00:00:00
virtuozzo
virtuozzo
Kernel security update: Virtuozzo ReadyKernel patch 11.0 for kernel 3.10.0-327.36.1.vz7.20.18 (Virtuozzo 7.0.3)
2017-02-21 00:00:00
JSON
Related for ALA_ALAS-2016-718.NASL
amazon1openvas30oraclelinux6suse33nessus65redhat4fedora6ubuntu15mageia3cve4prion4ubuntucve4redhatcve4debiancve4f51cloudfoundry1android1centos2veracode3ibm1zdt2metasploit1packetstorm2exploitpack1virtuozzo1