Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2018-1038.NASL
HistoryJun 12, 2018 - 12:00 a.m.

Amazon Linux AMI : kernel (ALAS-2018-1038) (Spectre)

2018-06-1200:00:00
This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
111
JSON

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor’s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3639)

By mmap()ing a FUSE-backed file onto a process’s memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).(CVE-2018-1120)

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor’s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks.(CVE-2018-3693)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2018-1038.
#

include("compat.inc");

if (description)
{
  script_id(110461);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/18");

  script_cve_id("CVE-2018-1120", "CVE-2018-3639", "CVE-2018-3693");
  script_xref(name:"ALAS", value:"2018-1038");
  script_xref(name:"IAVA", value:"2018-A-0174-S");

  script_name(english:"Amazon Linux AMI : kernel (ALAS-2018-1038) (Spectre)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description",
    value:
"An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store
instructions (a commonly used performance optimization). It relies on
the presence of a precisely-defined instruction sequence in the
privileged code as well as the fact that memory read from address to
which a recent memory write has occurred may see an older value and
subsequently cause an update into the microprocessor's data cache even
for speculatively executed instructions that never actually commit
(retire). As a result, an unprivileged attacker could use this flaw to
read privileged memory by conducting targeted cache side-channel
attacks.(CVE-2018-3639)

By mmap()ing a FUSE-backed file onto a process's memory containing
command line arguments (or environment strings), an attacker can cause
utilities from psutils or procps (such as ps, w) or any other program
which makes a read() call to the /proc/<pid>/cmdline (or
/proc/<pid>/environ) files to block indefinitely (denial of service)
or for some controlled time (as a synchronization primitive for other
attacks).(CVE-2018-1120)

An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of instructions past
bounds check. The flaw relies on the presence of a precisely-defined
instruction sequence in the privileged code and the fact that memory
writes occur to an address which depends on the untrusted value. Such
writes cause an update into the microprocessor's data cache even for
speculatively executed instructions that never actually commit
(retire). As a result, an unprivileged attacker could use this flaw to
influence speculative execution and/or read privileged memory by
conducting targeted cache side-channel attacks.(CVE-2018-3693)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2018-1038.html"
  );
  script_set_attribute(
    attribute:"solution",
    value:
"Run 'yum update kernel' then reboot the instance to update your
system."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/06/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/06/12");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"kernel-4.14.47-56.37.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-debuginfo-4.14.47-56.37.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"i686", reference:"kernel-debuginfo-common-i686-4.14.47-56.37.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-4.14.47-56.37.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-devel-4.14.47-56.37.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-headers-4.14.47-56.37.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-4.14.47-56.37.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-debuginfo-4.14.47-56.37.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-devel-4.14.47-56.37.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-4.14.47-56.37.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-debuginfo-4.14.47-56.37.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc");
}
VendorProductVersionCPE
amazonlinuxkernelp-cpe:/a:amazon:linux:kernel
amazonlinuxkernel-debuginfop-cpe:/a:amazon:linux:kernel-debuginfo
amazonlinuxkernel-debuginfo-common-i686p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686
amazonlinuxkernel-debuginfo-common-x86_64p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64
amazonlinuxkernel-develp-cpe:/a:amazon:linux:kernel-devel
amazonlinuxkernel-headersp-cpe:/a:amazon:linux:kernel-headers
amazonlinuxkernel-toolsp-cpe:/a:amazon:linux:kernel-tools
amazonlinuxkernel-tools-debuginfop-cpe:/a:amazon:linux:kernel-tools-debuginfo
amazonlinuxkernel-tools-develp-cpe:/a:amazon:linux:kernel-tools-devel
amazonlinuxperfp-cpe:/a:amazon:linux:perf
Rows per page:
1-10 of 121

Related

nessus 88
amazon 5
f5 4
openvas 20
mageia 2
threatpost 2
veracode 2
cve 2
prion 2
redhatcve 2
debiancve 3
redhat 26
ubuntucve 1
osv 2
virtuozzo 5
fedora 5
citrix 1
oraclelinux 8
suse 4
ibm 5
debian 1
centos 5
photon 1
kaspersky 1
zdt 1
almalinux 1
nessus
nessus
Amazon Linux 2 : kernel (ALAS-2018-1038) (Spectre)
2018-06-12 00:00:00
Fedora 27 : kernel (2018-93c2e74446) (Spectre)
2018-05-29 00:00:00
F5 Networks BIG-IP : Side-channel processor vulnerability (K54252492)
2019-05-29 00:00:00
amazon
amazon
Important: kernel
2018-06-08 18:08:00
Important: kernel
2018-06-08 18:33:00
Important: java-1.7.0-openjdk
2018-06-08 18:05:00
f5
f5
K58304450 : Multiple Intel Processor vulnerabilities: Spectre-NG
2018-05-30 00:00:00
K54252492 : Side-channel processor vulnerability CVE-2018-3693
2018-08-22 00:00:00
K42202505 : Linux kernel vulnerability CVE-2018-1120
2020-12-09 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2018-0263)
2022-01-28 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1510)
2020-01-23 00:00:00
Fedora Update for kernel FEDORA-2018-db0d3e157e
2018-05-25 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2018-05-31 23:34:08
Updated libvirt packages fix security vulnerability
2018-05-31 23:34:08
threatpost
threatpost
Fresh Spectre Variants Come to Light
2018-07-11 17:48:27
Intel’s ‘Virtual Fences’ Spectre Fix Won’t Protect Against Variant 4
2018-05-24 15:18:03
veracode
veracode
Privilege Escalation
2019-05-16 03:11:25
Denial Of Service (DoS)
2019-05-16 03:18:36
cve
cve
CVE-2018-3693
2018-07-10 21:29:00
CVE-2018-1120
2018-06-20 13:29:00
prion
prion
Buffer overflow
2018-07-10 21:29:00
Design/Logic Flaw
2018-06-20 13:29:00
redhatcve
redhatcve
CVE-2018-3693
2020-04-05 10:54:29
CVE-2018-1120
2020-01-07 21:28:06
debiancve
debiancve
CVE-2018-3693
2018-07-10 21:29:00
CVE-2018-1120
2018-06-20 13:29:00
CVE-2018-3639
2018-05-22 12:29:00
redhat
redhat
(RHSA-2020:3810) Moderate: kernel-rt security and bug fix update
2020-09-22 14:41:35
(RHSA-2020:3804) Moderate: kernel security and bug fix update
2020-09-22 11:00:02
(RHSA-2018:2171) Important: kernel security update
2018-07-11 15:14:50
ubuntucve
ubuntucve
CVE-2018-1120
2018-05-17 00:00:00
osv
osv
CVE-2018-1120
2018-06-20 13:29:00
xen - security update
2018-05-25 00:00:00
virtuozzo
virtuozzo
Kernel security update: Virtuozzo ReadyKernel patch 54.0 for Virtuozzo 7.0.7 HF2 and 7.0.7 HF3
2018-07-13 00:00:00
Kernel security update: Virtuozzo ReadyKernel patch 54.0 for Virtuozzo 7.0.4 to 7.0.7 (excl. hotfixes)
2018-07-13 00:00:00
Important kernel security update: CVE-2018-3639 (x86 AMD) and other issues; new kernel 2.6.32-042stab132.1; Virtuozzo 6.0 Update 12 Hotfix 29 (6.0.12-3710)
2018-07-16 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: kernel-4.16.11-300.fc28
2018-05-24 14:00:06
[SECURITY] Fedora 29 Update: java-1.8.0-openjdk-1.8.0.201.b09-2.fc29
2019-02-11 01:57:50
[SECURITY] Fedora 28 Update: java-1.8.0-openjdk-1.8.0.201.b09-2.fc28
2019-02-25 01:34:09
citrix
citrix
CVE-2018-3639 - Citrix XenServer Security Update
2018-05-22 04:00:00
oraclelinux
oraclelinux
qemu-kvm security update
2018-05-22 00:00:00
libvirt security update
2018-05-22 00:00:00
libvirt security and bug fix update
2018-06-27 00:00:00
suse
suse
Security update for libvirt (moderate)
2018-08-13 12:07:25
Security update for libvirt (important)
2018-06-09 15:07:56
Security update for qemu (important)
2018-05-23 15:07:21
ibm
ibm
Security Bulletin: IBM Netezza Host Management is affected by the vulnerability known as Variant 4 or SpectreNG.
2019-10-18 03:36:34
Security Bulletin: IBM has released the following fixes for AIX and VIOS in response to Speculative Store Bypass (SSB), also known as Variant 4.
2018-08-17 23:06:03
Security Bulletin: IBM Cloud Manager is affected by the vulnerabilities known as SpectreNG (CVE-2018-3639)
2018-08-08 04:13:55
debian
debian
[SECURITY] [DSA 4210-1] xen security update
2018-05-25 05:00:47
centos
centos
qemu security update
2018-07-03 18:54:02
java security update
2018-05-22 15:30:51
java security update
2018-05-22 15:32:03
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0151
2018-06-22 00:00:00
kaspersky
kaspersky
KLA11893 Microsoft Advisory for Microsoft Products (ESU)
2018-05-21 00:00:00
zdt
zdt
AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass Exploit
2018-05-23 00:00:00
almalinux
almalinux
java-1.8.0-openjdk bug fix and enhancement update
2021-01-21 10:00:00
JSON
Related for ALA_ALAS-2018-1038.NASL
nessus88amazon5f54openvas20mageia2threatpost2veracode2cve2prion2redhatcve2debiancve3redhat26ubuntucve1osv2virtuozzo5fedora5citrix1oraclelinux8suse4ibm5debian1centos5photon1kaspersky1zdt1almalinux1