Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.ALA_ALAS-2016-726.NASL
HistoryAug 02, 2016 - 12:00 a.m.

Amazon Linux AMI : kernel (ALAS-2016-726)

2016-08-0200:00:00
This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
www.tenable.com
26
JSON

It was found that nfsd is missing permissions check when setting ACL on files, this may allow a local users to gain access to any file by setting a crafted ACL. (CVE-2016-1237)

A flaw was found in the Linux kernel’s keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470)

A leak of information was possible when issuing a netlink command of the stack memory area leading up to this function call. An attacker could use this to determine stack information for use in a later exploit. (CVE-2016-5243)

A vulnerability was found in the Linux kernel in function rds_inc_info_copy of file net/rds/recv.c. The last field ‘flags’ of object ‘minfo’ is not initialized. This can leak data previously at the flags location to userspace. (CVE-2016-5244)

A flaw was found in the implementation of the Linux kernel’s handling of networking challenge ack where an attacker is able to determine the shared counter which could be used to determine sequence numbers for TCP stream injection. (CVE-2016-5696)

(Updated on 2016-08-17: CVE-2016-5696 was fixed in this release but was not previously part of this errata)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2016-726.
#

include("compat.inc");

if (description)
{
  script_id(92661);
  script_version("2.5");
  script_cvs_date("Date: 2018/04/18 15:09:36");

  script_cve_id("CVE-2016-1237", "CVE-2016-4470", "CVE-2016-5243", "CVE-2016-5244", "CVE-2016-5696");
  script_xref(name:"ALAS", value:"2016-726");

  script_name(english:"Amazon Linux AMI : kernel (ALAS-2016-726)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"It was found that nfsd is missing permissions check when setting ACL
on files, this may allow a local users to gain access to any file by
setting a crafted ACL. (CVE-2016-1237)

A flaw was found in the Linux kernel's keyring handling code, where in
key_reject_and_link() an uninitialised variable would eventually lead
to arbitrary free address which could allow attacker to use a
use-after-free style attack. (CVE-2016-4470)

A leak of information was possible when issuing a netlink command of
the stack memory area leading up to this function call. An attacker
could use this to determine stack information for use in a later
exploit. (CVE-2016-5243)

A vulnerability was found in the Linux kernel in function
rds_inc_info_copy of file net/rds/recv.c. The last field 'flags' of
object 'minfo' is not initialized. This can leak data previously at
the flags location to userspace. (CVE-2016-5244)

A flaw was found in the implementation of the Linux kernel's handling
of networking challenge ack where an attacker is able to determine the
shared counter which could be used to determine sequence numbers for
TCP stream injection. (CVE-2016-5696)

(Updated on 2016-08-17: CVE-2016-5696 was fixed in this release but
was not previously part of this errata)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2016-726.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update kernel' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/08/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/02");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"kernel-4.4.15-25.57.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-debuginfo-4.4.15-25.57.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"i686", reference:"kernel-debuginfo-common-i686-4.4.15-25.57.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-4.4.15-25.57.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-devel-4.4.15-25.57.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-doc-4.4.15-25.57.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-headers-4.4.15-25.57.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-4.4.15-25.57.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-debuginfo-4.4.15-25.57.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-devel-4.4.15-25.57.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-4.4.15-25.57.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-debuginfo-4.4.15-25.57.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc");
}
VendorProductVersionCPE
amazonlinuxkernelp-cpe:/a:amazon:linux:kernel
amazonlinuxkernel-debuginfop-cpe:/a:amazon:linux:kernel-debuginfo
amazonlinuxkernel-debuginfo-common-i686p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686
amazonlinuxkernel-debuginfo-common-x86_64p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64
amazonlinuxkernel-develp-cpe:/a:amazon:linux:kernel-devel
amazonlinuxkernel-docp-cpe:/a:amazon:linux:kernel-doc
amazonlinuxkernel-headersp-cpe:/a:amazon:linux:kernel-headers
amazonlinuxkernel-toolsp-cpe:/a:amazon:linux:kernel-tools
amazonlinuxkernel-tools-debuginfop-cpe:/a:amazon:linux:kernel-tools-debuginfo
amazonlinuxkernel-tools-develp-cpe:/a:amazon:linux:kernel-tools-devel
Rows per page:
1-10 of 131

Related

openvas 37
amazon 1
ubuntu 17
nessus 59
fedora 5
cloudfoundry 1
redhat 15
oraclelinux 7
mageia 5
cve 6
debiancve 5
redhatcve 5
f5 4
ibm 1
ubuntucve 5
paloalto 1
veracode 2
centos 3
archlinux 4
fortinet 1
arista 1
thn 2
huawei 1
symantec 1
prion 6
suse 2
android 1
threatpost 1
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2016-726)
2016-10-26 00:00:00
Ubuntu: Security Advisory (USN-3053-1)
2016-08-11 00:00:00
Fedora Update for kernel FEDORA-2016-80edb9d511
2016-06-18 00:00:00
amazon
amazon
Medium: kernel
2016-08-01 13:30:00
ubuntu
ubuntu
Linux kernel (Vivid HWE) vulnerabilities
2016-08-10 00:00:00
Linux kernel vulnerabilities
2016-08-10 00:00:00
Linux kernel (Trusty HWE) vulnerabilities
2016-08-10 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : Linux kernel (Vivid HWE) vulnerabilities (USN-3053-1)
2016-08-11 00:00:00
Fedora 22 : kernel (2016-3daf782dfa)
2016-07-14 00:00:00
Fedora 24 : kernel (2016-e0f3fcd7df)
2016-07-14 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: kernel-4.5.7-300.fc24
2016-06-18 19:17:13
[SECURITY] Fedora 22 Update: kernel-4.4.13-200.fc22
2016-06-17 15:51:19
[SECURITY] Fedora 23 Update: kernel-4.5.7-200.fc23
2016-06-17 16:03:24
cloudfoundry
cloudfoundry
USN-3053-1/USN-3037-1 Linux kernel (Vivid HWE) vulnerability | Cloud Foundry
2016-08-25 00:00:00
redhat
redhat
(RHSA-2016:1657) Important: kernel security update
2016-08-23 07:48:14
(RHSA-2016:1631) Important: realtime-kernel security and bug fix update
2016-08-18 15:32:31
(RHSA-2016:1632) Important: kernel-rt security and bug fix update
2016-08-18 15:33:21
oraclelinux
oraclelinux
kernel security and bug fix update
2016-10-04 00:00:00
kernel security and bug fix update
2016-08-18 00:00:00
Unbreakable Enterprise kernel security update
2016-08-15 00:00:00
mageia
mageia
Updated kernel packages fixes security vulnerablilities
2016-10-18 21:43:39
Updated kernel-tmb packages fix security vulnerabilities
2016-08-31 18:32:33
Updated kernel packages fix security vulnerability
2016-07-31 23:39:13
cve
cve
CVE-2016-5243
2016-06-27 10:59:00
CVE-2016-5244
2016-06-27 10:59:00
CVE-2016-5696
2016-08-06 20:59:00
debiancve
debiancve
CVE-2016-5243
2016-06-27 10:59:00
CVE-2016-5696
2016-08-06 20:59:00
CVE-2016-5244
2016-06-27 10:59:00
redhatcve
redhatcve
CVE-2016-5696
2016-07-12 08:48:22
CVE-2016-5243
2016-06-07 07:48:41
CVE-2016-5244
2016-06-07 08:18:45
f5
f5
K46514822 : Linux TCP stack vulnerability CVE-2016-5696
2016-08-26 00:00:00
SOL46514822 - Linux TCP stack vulnerability CVE-2016-5696
2016-08-26 00:00:00
SOL55672042 - Linux kernel vulnerability CVE-2016-4470
2016-10-22 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in Linux Kernel affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2016-5696)
2023-03-29 01:48:02
ubuntucve
ubuntucve
CVE-2016-5696
2016-08-06 00:00:00
CVE-2016-5244
2016-06-27 00:00:00
CVE-2016-5243
2016-06-27 00:00:00
paloalto
paloalto
Kernel Vulnerability
2017-05-23 03:00:00
veracode
veracode
TCP Session Hijack
2019-01-15 09:12:58
Use-After-Free
2019-05-02 06:01:56
centos
centos
kernel, perf, python security update
2016-08-20 02:00:21
kernel, perf, python security update
2016-08-23 20:59:58
kernel, perf, python security update
2016-10-05 14:03:13
archlinux
archlinux
linux-zen: information disclosure
2016-08-17 00:00:00
linux: information disclosure
2016-08-14 00:00:00
linux-grsec: information disclosure
2016-08-14 00:00:00
fortinet
fortinet
Linux kernel - challenge ack information leak
2017-04-04 00:00:00
arista
arista
Security Advisory 0023
2016-08-15 00:00:00
thn
thn
Linux TCP Flaw allows Hackers to Hijack Internet Traffic and Inject Malware Remotely
2016-08-10 23:18:00
Internet Traffic Hijacking Linux Flaw Affects 80% of Android Devices
2016-08-16 01:31:00
huawei
huawei
Security Advisory - TCP Connection Hijack Vulnerability
2016-09-07 00:00:00
symantec
symantec
SA131 : TCP Session Hijacking in Operating Systems Supporting RFC 5961
2016-09-14 08:00:00
prion
prion
Design/Logic Flaw
2016-06-27 10:59:00
Design/Logic Flaw
2016-08-06 20:59:00
Design/Logic Flaw
2016-06-27 10:59:00
suse
suse
Security update for Linux Kernel Live Patch 14 for SLE 12 (important)
2016-08-09 17:18:11
Security update for Linux Kernel Live Patch 15 for SLE 12 (important)
2016-08-09 17:17:48
android
android
CVE-2016-4470
2016-09-01 00:00:00
threatpost
threatpost
Serious TCP Bug in Linux Systems Allows Traffic Hijacking
2016-08-10 12:55:01
JSON
Related for ALA_ALAS-2016-726.NASL
openvas37amazon1ubuntu17nessus59fedora5cloudfoundry1redhat15oraclelinux7mageia5cve6debiancve5redhatcve5f54ibm1ubuntucve5paloalto1veracode2centos3archlinux4fortinet1arista1thn2huawei1symantec1prion6suse2android1threatpost1