This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2017-846.NASLAmazon Linux AMI : kernel (ALAS-2017-846)
Module reference leak due to improper shut down of callback channel on umount :
The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a ‘module reference and kernel daemon’ leak.
(CVE-2017-9059)
Incorrect overwrite check in __ip6_append_data() :
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.
(CVE-2017-9242)
Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c :
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash.
Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-8890)
net: tcp_v6_syn_recv_sock function mishandles inheritance :
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 . An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9077)
net: IPv6 DCCP implementation mishandles inheritance
The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 . An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9076)
net: sctp_v6_create_accept_sk function mishandles inheritance :
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 . An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-9075)
net: IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option :
The IPv6 fragmentation implementation in the Linux kernel does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9074)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2017-846.
#
include("compat.inc");
if (description)
{
script_id(100999);
script_version("3.5");
script_cvs_date("Date: 2019/07/10 16:04:12");
script_cve_id("CVE-2017-8890", "CVE-2017-9059", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9242");
script_xref(name:"ALAS", value:"2017-846");
script_name(english:"Amazon Linux AMI : kernel (ALAS-2017-846)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Amazon Linux AMI host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Module reference leak due to improper shut down of callback channel on
umount :
The NFSv4 implementation in the Linux kernel through 4.11.1 allows
local users to cause a denial of service (resource consumption) by
leveraging improper channel callback shutdown when unmounting an NFSv4
filesystem, aka a 'module reference and kernel daemon' leak.
(CVE-2017-9059)
Incorrect overwrite check in __ip6_append_data() :
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux
kernel through 4.11.3 is too late in checking whether an overwrite of
an skb data structure may occur, which allows local users to cause a
denial of service (system crash) via crafted system calls.
(CVE-2017-9242)
Double free in the inet_csk_clone_lock function in
net/ipv4/inet_connection_sock.c :
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in
the Linux kernel allows attackers to cause a denial of service (double
free) or possibly have unspecified other impact by leveraging use of
the accept system call. An unprivileged local user could use this flaw
to induce kernel memory corruption on the system, leading to a crash.
Due to the nature of the flaw, privilege escalation cannot be fully
ruled out, although we believe it is unlikely. (CVE-2017-8890)
net: tcp_v6_syn_recv_sock function mishandles inheritance :
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux
kernel mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890 . An
unprivileged local user could use this flaw to induce kernel memory
corruption on the system, leading to a crash. Due to the nature of the
flaw, privilege escalation cannot be fully ruled out, although we
believe it is unlikely. (CVE-2017-9077)
net: IPv6 DCCP implementation mishandles inheritance
The IPv6 DCCP implementation in the Linux kernel mishandles
inheritance, which allows local users to cause a denial of service or
possibly have unspecified other impact via crafted system calls, a
related issue to CVE-2017-8890 . An unprivileged local user could use
this flaw to induce kernel memory corruption on the system, leading to
a crash. Due to the nature of the flaw, privilege escalation cannot be
fully ruled out, although we believe it is unlikely. (CVE-2017-9076)
net: sctp_v6_create_accept_sk function mishandles inheritance :
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux
kernel mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890 . An
unprivileged local user could use this flaw to induce kernel memory
corruption on the system, leading to a crash. Due to the nature of the
flaw, privilege escalation cannot be fully ruled out, although we
believe it is unlikely.(CVE-2017-9075)
net: IPv6 fragmentation implementation of nexthdr field may be
associated with an invalid option :
The IPv6 fragmentation implementation in the Linux kernel does not
consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service
(out-of-bounds read and BUG) or possibly have unspecified other impact
via crafted socket and send system calls. Due to the nature of the
flaw, privilege escalation cannot be fully ruled out, although we
believe it is unlikely. (CVE-2017-9074)"
);
script_set_attribute(
attribute:"see_also",
value:"https://alas.aws.amazon.com/ALAS-2017-846.html"
);
script_set_attribute(
attribute:"solution",
value:"Run 'yum update kernel' to update your system."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/10");
script_set_attribute(attribute:"patch_publication_date", value:"2017/06/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/23");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Amazon Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"ALA", reference:"kernel-4.9.32-15.41.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-debuginfo-4.9.32-15.41.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"i686", reference:"kernel-debuginfo-common-i686-4.9.32-15.41.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-4.9.32-15.41.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-devel-4.9.32-15.41.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-doc-4.9.32-15.41.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-headers-4.9.32-15.41.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-4.9.32-15.41.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-debuginfo-4.9.32-15.41.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-devel-4.9.32-15.41.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-4.9.32-15.41.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-debuginfo-4.9.32-15.41.amzn1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon | linux | kernel | p-cpe:/a:amazon:linux:kernel |
| amazon | linux | kernel-debuginfo | p-cpe:/a:amazon:linux:kernel-debuginfo |
| amazon | linux | kernel-debuginfo-common-i686 | p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686 |
| amazon | linux | kernel-debuginfo-common-x86_64 | p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64 |
| amazon | linux | kernel-devel | p-cpe:/a:amazon:linux:kernel-devel |
| amazon | linux | kernel-doc | p-cpe:/a:amazon:linux:kernel-doc |
| amazon | linux | kernel-headers | p-cpe:/a:amazon:linux:kernel-headers |
| amazon | linux | kernel-tools | p-cpe:/a:amazon:linux:kernel-tools |
| amazon | linux | kernel-tools-debuginfo | p-cpe:/a:amazon:linux:kernel-tools-debuginfo |
| amazon | linux | kernel-tools-devel | p-cpe:/a:amazon:linux:kernel-tools-devel |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9059
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
alas.aws.amazon.com/ALAS-2017-846.html
Related
