Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2018-956.NASL
HistoryFeb 22, 2018 - 12:00 a.m.

Amazon Linux AMI : kernel (ALAS-2018-956) (Dirty COW) (Spectre)

2018-02-2200:00:00
This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
128
JSON

Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass

The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel, through 4.14.15, allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.(CVE-2018-5750)

Improper sorting of GIDs in nfsd can lead to incorrect permissions being applied

Linux kernel contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS server must export a filesystem with the ‘rootsquash’ options enabled. This vulnerability appears to have been fixed in after commit 1995266727fa.(CVE-2018-1000028)

Stack-based out-of-bounds read via vmcall instruction

Linux kernel compiled with the KVM virtualization (CONFIG_KVM) support is vulnerable to an out-of-bounds read access issue. It could occur when emulating vmcall instructions invoked by a guest. A guest user/process could use this flaw to disclose kernel memory bytes.(CVE-2017-17741)

The pmd can become dirty without going through a COW cycle

A flaw was found in the patches used to fix the ‘dirtycow’ vulnerability (CVE-2016-5195). An attacker, able to run local code, can exploit a race condition in transparent huge pages to modify usually read-only huge pages.(CVE-2017-1000405)

Speculative execution bounds-check bypass

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor’s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks.(CVE-2017-5753)

drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service

A flaw was found in the Linux kernel’s handling of loopback devices.
An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions. (CVE-2018-5344)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2018-956.
#

include("compat.inc");

if (description)
{
  script_id(106933);
  script_version("3.7");
  script_cvs_date("Date: 2019/04/05 23:25:05");

  script_cve_id("CVE-2017-1000405", "CVE-2017-17741", "CVE-2017-5753", "CVE-2018-1000028", "CVE-2018-5344", "CVE-2018-5750");
  script_xref(name:"ALAS", value:"2018-956");
  script_xref(name:"IAVA", value:"2018-A-0020");

  script_name(english:"Amazon Linux AMI : kernel (ALAS-2018-956) (Dirty COW) (Spectre)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Kernel address information leak in
drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing
KASLR bypass

The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux
kernel, through 4.14.15, allows local users to obtain sensitive
address information by reading dmesg data from an SBS HC printk
call.(CVE-2018-5750)

Improper sorting of GIDs in nfsd can lead to incorrect permissions
being applied

Linux kernel contains a Incorrect Access Control vulnerability in NFS
server (nfsd) that can result in remote users reading or writing files
they should not be able to via NFS. This attack appear to be
exploitable via NFS server must export a filesystem with the
'rootsquash' options enabled. This vulnerability appears to have been
fixed in after commit 1995266727fa.(CVE-2018-1000028)

Stack-based out-of-bounds read via vmcall instruction

Linux kernel compiled with the KVM virtualization (CONFIG_KVM) support
is vulnerable to an out-of-bounds read access issue. It could occur
when emulating vmcall instructions invoked by a guest. A guest
user/process could use this flaw to disclose kernel memory
bytes.(CVE-2017-17741)

The pmd can become dirty without going through a COW cycle

A flaw was found in the patches used to fix the 'dirtycow'
vulnerability (CVE-2016-5195). An attacker, able to run local code,
can exploit a race condition in transparent huge pages to modify
usually read-only huge pages.(CVE-2017-1000405)

Speculative execution bounds-check bypass

An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of instructions (a
commonly used performance optimization). There are three primary
variants of the issue which differ in the way the speculative
execution can be exploited. Variant CVE-2017-5753 triggers the
speculative execution by performing a bounds-check bypass. It relies
on the presence of a precisely-defined instruction sequence in the
privileged code as well as the fact that memory accesses may cause
allocation into the microprocessor's data cache even for speculatively
executed instructions that never actually commit (retire). As a
result, an unprivileged attacker could use this flaw to cross the
syscall boundary and read privileged memory by conducting targeted
cache side-channel attacks.(CVE-2017-5753)

drivers/block/loop.c mishandles lo_release serialization allowing
denial-of-service

A flaw was found in the Linux kernel's handling of loopback devices.
An attacker, who has permissions to setup loopback disks, may create a
denial of service or other unspecified actions. (CVE-2018-5344)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2018-956.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update kernel' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/02/20");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/02/22");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"kernel-4.9.81-35.56.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-debuginfo-4.9.81-35.56.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"i686", reference:"kernel-debuginfo-common-i686-4.9.81-35.56.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-4.9.81-35.56.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-devel-4.9.81-35.56.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-doc-4.9.81-35.56.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-headers-4.9.81-35.56.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-4.9.81-35.56.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-debuginfo-4.9.81-35.56.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-devel-4.9.81-35.56.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-4.9.81-35.56.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-debuginfo-4.9.81-35.56.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc");
}
VendorProductVersionCPE
amazonlinuxkernelp-cpe:/a:amazon:linux:kernel
amazonlinuxkernel-debuginfop-cpe:/a:amazon:linux:kernel-debuginfo
amazonlinuxkernel-debuginfo-common-i686p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686
amazonlinuxkernel-debuginfo-common-x86_64p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64
amazonlinuxkernel-develp-cpe:/a:amazon:linux:kernel-devel
amazonlinuxkernel-docp-cpe:/a:amazon:linux:kernel-doc
amazonlinuxkernel-headersp-cpe:/a:amazon:linux:kernel-headers
amazonlinuxkernel-toolsp-cpe:/a:amazon:linux:kernel-tools
amazonlinuxkernel-tools-debuginfop-cpe:/a:amazon:linux:kernel-tools-debuginfo
amazonlinuxkernel-tools-develp-cpe:/a:amazon:linux:kernel-tools-devel
Rows per page:
1-10 of 131

Related

amazon 2
nessus 51
threatpost 2
redhatcve 5
redhat 9
prion 6
virtuozzo 4
openvas 25
f5 3
ubuntucve 6
cve 6
debiancve 6
fedora 5
exploitpack 1
altlinux 2
veracode 3
osv 2
mageia 3
cisa 1
suse 5
saint 3
ibm 6
canvas 1
packetstorm 1
archlinux 2
ubuntu 8
photon 1
android 2
oraclelinux 5
thn 2
securelist 1
zdt 5
chrome 1
paloalto 1
seebug 2
centos 2
huawei 1
myhack58 1
attackerkb 1
arista 1
cert 1
cisco 1
slackware 1
debian 1
fortinet 1
amazon
amazon
Important: kernel
2018-02-20 21:23:00
Important: kernel
2018-02-20 21:20:00
nessus
nessus
Amazon Linux 2 : kernel (ALAS-2018-956) (Dirty COW) (Spectre)
2018-04-18 00:00:00
EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1055)
2018-03-20 00:00:00
Virtuozzo 7 : readykernel-patch (VZA-2017-109)
2017-12-12 00:00:00
threatpost
threatpost
Flaw Found In Dirty COW Patch
2017-12-01 11:43:06
Serious Dirty Cow Linux Vulnerability Under Attack
2016-10-21 11:21:36
redhatcve
redhatcve
CVE-2017-1000405
2017-11-30 07:49:34
CVE-2018-1000028
2018-01-31 05:20:36
CVE-2017-17741
2017-12-18 15:20:25
redhat
redhat
(RHSA-2018:0180) Important: kernel-alt security and bug fix update
2018-01-25 10:47:54
(RHSA-2016:2132) Important: kernel security and bug fix update
2016-11-01 10:16:02
(RHSA-2016:2126) Important: kernel security update
2016-10-31 00:00:00
prion
prion
Improper access control
2018-02-09 23:29:00
Design/Logic Flaw
2018-01-26 19:29:00
Stack overflow
2017-12-18 08:29:00
virtuozzo
virtuozzo
Important kernel update: CVE-2017-8824 and other; Virtuozzo ReadyKernel patch 39.2 for Virtuozzo 7.0.4 and 7.0.4 HF3
2017-12-11 00:00:00
Important kernel update: CVE-2017-8824 and other; Virtuozzo ReadyKernel patch 39.1 for Virtuozzo 7.0.6
2017-12-11 00:00:00
Important kernel update: CVE-2017-8824 and other; Virtuozzo ReadyKernel patch 39.1 for Virtuozzo 7.0.5
2017-12-11 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1055)
2020-01-23 00:00:00
Fedora Update for kernel FEDORA-2017-1ebb87e7c0
2017-12-25 00:00:00
Fedora Update for kernel FEDORA-2017-9ea11e444d
2017-12-05 00:00:00
f5
f5
K05087544 : Linux kernel vulnerability CVE-2018-1000028
2018-02-20 00:00:00
SOL10558632 - Linux privilege-escalation vulnerability (Dirty COW) CVE-2016-5195
2016-10-21 00:00:00
K10558632 : Linux privilege-escalation vulnerability CVE-2016-5195
2016-10-21 00:00:00
ubuntucve
ubuntucve
CVE-2018-1000028
2018-02-09 00:00:00
CVE-2017-17741
2017-12-18 00:00:00
CVE-2017-1000405
2017-11-30 00:00:00
cve
cve
CVE-2018-1000028
2018-02-09 23:29:00
CVE-2017-17741
2017-12-18 08:29:00
CVE-2018-5750
2018-01-26 19:29:00
debiancve
debiancve
CVE-2018-1000028
2018-02-09 23:29:00
CVE-2018-5750
2018-01-26 19:29:00
CVE-2017-1000405
2017-11-30 22:29:00
fedora
fedora
[SECURITY] Fedora 26 Update: kernel-4.13.16-202.fc26
2017-12-04 20:15:47
[SECURITY] Fedora 27 Update: kernel-4.13.16-302.fc27
2017-12-04 19:05:31
[SECURITY] Fedora 27 Update: kernel-4.14.8-300.fc27
2017-12-24 21:18:53
exploitpack
exploitpack
Linux Kernel - The Huge Dirty Cow Overwriting The Huge Zero Page (1)
2017-11-30 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package kernel-image-un-def version 1:4.1.46-alt0.M70P.1.1
2017-12-05 00:00:00
Security fix for the ALT Linux 7 package kernel-image-std-def version 1:3.14.79-alt0.M70P.2
2016-10-25 00:00:00
veracode
veracode
Information Disclosure
2019-05-16 02:50:39
Denial Of Service (DoS)
2019-05-16 03:18:37
Arbitrary Code Execution
2019-01-15 09:14:05
osv
osv
CVE-2018-5750
2018-01-26 19:29:00
CVE-2018-5344
2018-01-12 09:29:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2018-01-13 17:28:36
Updated kernel-tmb packages fix security vulnerabilities
2018-01-13 17:28:36
Updated kernel-linus packages fix security vulnerabilities
2018-02-16 00:17:42
cisa
cisa
Linux Kernel Vulnerability
2016-10-21 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2016-10-24 17:08:24
Security update for Linux Kernel Live Patch 15 for SLE 12 (important)
2016-10-27 01:06:19
Security update for the Linux Kernel (important)
2016-10-21 19:14:25
saint
saint
Linux Dirty COW Local File Overwrite
2016-10-27 00:00:00
Linux Dirty COW Local File Overwrite
2016-10-27 00:00:00
Linux Dirty COW Local File Overwrite
2016-10-27 00:00:00
ibm
ibm
Security Bulletin: Dirty COW Vulnerability (CVE-2016-5195)
2018-12-08 04:55:34
Security Bulletin: Vulnerability in Linux Kernel affects ProtecTIER: Dirty COW vulnerability (CVE-2016-5195)
2022-02-16 22:09:18
Security Bulletin: IBM Security Access Manager appliances may be affected by a kernel vulnerability known as the Dirty COW bug (CVE-2016-5195)
2018-06-16 21:50:05
canvas
canvas
Immunity Canvas: LINUX_FOLL_WRITE_COW
2016-11-10 21:59:00
packetstorm
packetstorm
Linux Kernel Dirty COW PTRACE_POKEDATA Privilege Escalation
2016-11-28 00:00:00
archlinux
archlinux
[ASA-201610-11] linux-lts: privilege escalation
2016-10-21 00:00:00
[ASA-201610-14] linux: privilege escalation
2016-10-22 00:00:00
ubuntu
ubuntu
Linux kernel (Raspberry Pi 2) vulnerability
2016-10-20 00:00:00
Linux kernel vulnerability
2016-10-20 00:00:00
Linux kernel vulnerability
2016-10-20 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0107
2018-02-13 00:00:00
android
android
CVE-2016-5195
2016-11-01 00:00:00
dirtyc0w
2016-10-13 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2016-10-21 00:00:00
kernel security update
2016-10-24 00:00:00
Unbreakable Enterprise kernel security update
2016-10-21 00:00:00
thn
thn
Dirty COW — Critical Linux Kernel Flaw Being Exploited in the Wild
2016-10-20 23:02:00
'Exodus' Surveillance Malware Found Targeting Apple iOS Users
2019-04-09 07:19:00
securelist
securelist
Mobile malware evolution 2019
2020-02-25 10:00:43
zdt
zdt
DirtyCow Linux Kernel Race Condition Exploit
2016-10-22 00:00:00
Linux Kernel 2.6.22 < 3.9 - Dirty COW PTRACE_POKEDATA Race Condition Privilege Escalation (/etc/p
2016-11-29 00:00:00
Linux Kernel 2.6.22 < 3.9 - Dirty COW /proc/self/mem Race Condition Privilege Escalation (/etc/pa
2016-11-29 00:00:00
chrome
chrome
Stable Channel Update for Chrome OS
2016-10-26 00:00:00
paloalto
paloalto
Kernel Vulnerability
2017-02-21 19:30:00
seebug
seebug
Linux kernel 2.6.22 < 3.9 elevation of privilege vulnerability (Dirty COW)
2016-10-22 00:00:00
"Huge Dirty COW" (CVE-2017–1000405)
2017-11-30 00:00:00
centos
centos
kernel, perf, python security update
2016-10-25 11:17:10
kernel, perf, python security update
2016-10-26 07:33:13
huawei
huawei
Security Advisory - Dirty COW Vulnerability in Huawei Products
2016-12-07 00:00:00
myhack58
myhack58
CVE-2 0 1 6-5 1 9 5 dirty cattle vulnerability: the Linux kernel through kill to mention the right vulnerability-vulnerability warning-the black bar safety net
2016-10-21 00:00:00
attackerkb
attackerkb
CVE-2016-5195
2016-11-10 00:00:00
arista
arista
Security Advisory 0026
2016-10-21 00:00:00
cert
cert
Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability
2016-10-21 00:00:00
cisco
cisco
Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
2016-10-26 15:00:00
slackware
slackware
[slackware-security] kernel
2016-11-01 03:40:05
debian
debian
[SECURITY] [DSA 4120-1] linux security update
2018-02-22 15:58:05
fortinet
fortinet
Linux Kernel Dirty Cow Vulnerability
2016-11-09 00:00:00
JSON
Related for ALA_ALAS-2018-956.NASL
amazon2nessus51threatpost2redhatcve5redhat9prion6virtuozzo4openvas25f53ubuntucve6cve6debiancve6fedora5exploitpack1altlinux2veracode3osv2mageia3cisa1suse5saint3ibm6canvas1packetstorm1archlinux2ubuntu8photon1android2oraclelinux5thn2securelist1zdt5chrome1paloalto1seebug2centos2huawei1myhack581attackerkb1arista1cert1cisco1slackware1debian1fortinet1