Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.ARISTA_EOS_SA0034.NASL
HistoryFeb 24, 2020 - 12:00 a.m.

Arista Networks tcpmss_mangle_packet DoS (SA0034)

2020-02-2400:00:00
This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
68
JSON

The version of Arista Networks EOS running on the remote device is affected by a denial of service (DoS) vulnerability.
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allows a remote, unauthenticated attacker to cause a DoS (use-after-free and memory corruption) or possibly have unspecified other impacts by leveraging the presence of xt_TCPMSS in an iptables action.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#TRUSTED 28d8bf50de4500910333209ba977ad75d5c33755ec911893eebae57d9c56009ad60ec732871ea04ccf50de7ff576b5a88eb8bafa628917f69255bc9613324c09114cb8a62a482c41064b689aa61ba0ef01d41685390956c8bd3003fe84d893e479fb909670bfb3b119047ba39c0527984bd280398a7f02a21dadee033fa9dc6f8258e116203e3cf5046566e871d9c21c9887f7d371f861a3556830cb165be41ec544d34e04bd0bb61972a4a2fb51b518ff6f403fff50f08aa3b452fcccc24342116afe9958eb340024c362609aaa11bd53ea2aceb75436c192ad284fa9042185df8c962258504c14c8fa6d5110f6ce9ebb5fb17d913c1edb926d098694ae2a21828befea9cb5b844e504c0c97ba34d1feb3524939dd51f003330fa1a310209353fcf43c3e84b1df162046119e11a53e3aa64ec676756272efb2da81cade700e8cdc7772a11af6854b7f441ee48e8d5c9c10b7c8ecda4c61cb985c123294184e7070f0cdeeb9d441aa4fc05c7039bc0b7f84baa31e1d44c0006a3c2ec94715f1328e63ebb62376d6e0f8b0ea702d43d605549b6997ef5fba24f175a3749aea682723e89c42278047fe8d08b88024dba12924349122059ef9d4e90e2810c8d39eaae07353455c5ed7766e281ad2494f9031244a0153f17044bc4b1be9aefde0af0aaf8d305c9d3edf8bd5b4dc979d33da003a1f5eaa5d0a9833a33583addf4796e
#
# (C) Tenable Network Security, Inc.
#

include('compat.inc');

if (description)
{
  script_id(133865);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/25");

  script_cve_id("CVE-2017-18017");
  script_bugtraq_id(102367);

  script_name(english:"Arista Networks tcpmss_mangle_packet DoS (SA0034)");

  script_set_attribute(attribute:"synopsis", value:
"The version of Arista Networks EOS running on the remote device is affected by a denial of service vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Arista Networks EOS running on the remote device is affected by a denial of service (DoS) vulnerability.
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allows a remote, unauthenticated
attacker to cause a DoS (use-after-free and memory corruption) or possibly have unspecified other impacts by leveraging
the presence of xt_TCPMSS in an iptables action.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://www.arista.com/en/support/advisories-notices/security-advisories/4577-security-advisory-34
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c9d929a0");
  script_set_attribute(attribute:"solution", value:
"Upgrade to an Arista Networks EOS version later than 4.20.1FX-Virtual-Router. Alternatively, apply the patch or
recommended mitigation referenced in the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-18017");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/05/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/24");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:arista:eos");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("arista_eos_detect.nbin");
  script_require_keys("Host/Arista-EOS/Version", "Settings/ParanoidReport");

  exit(0);
}


include('arista_eos_func.inc');
include('audit.inc');

if (report_paranoia < 2) audit(AUDIT_PARANOID);

version = get_kb_item_or_exit('Host/Arista-EOS/Version');

ext='SecurityAdvisory0034Hotfix.rpm 1.0.0/1.fc18';
sha='b708536d77702846079690786c50a65dcaaf39a24f56686bd6e4a90c38483b3e6141ef706ca1b581d0c4438b14f0304dcc366d4cdb5204005b1692ea4a28d2a9';

if(eos_extension_installed(ext:ext, sha:sha))
  exit(0, 'The Arista device is not vulnerable, as a relevant hotfix has been installed.');

vmatrix = make_array();
vmatrix['misc'] = make_list('4.20.1FX-Virtual-Router');
vmatrix['fix'] = 'Apply the vendor supplied patch or mitigation or upgrade to a version later than 4.20.1FX-Virtual-Router';

if (eos_is_affected(vmatrix:vmatrix, version:version))
  security_report_v4(severity:SECURITY_HOLE, port:0, extra:eos_report_get());
else
  audit(AUDIT_INST_VER_NOT_VULN, 'Arista Networks EOS', version);
VendorProductVersionCPE
aristaeoscpe:/o:arista:eos

Related

osv 3
debiancve 1
prion 1
redhatcve 1
nessus 34
ubuntucve 1
f5 1
virtuozzo 4
arista 1
veracode 1
cve 1
redhat 6
ibm 8
oraclelinux 6
openvas 15
photon 1
centos 2
suse 10
symantec 1
ubuntu 2
debian 3
osv
osv
CVE-2017-18017
2018-01-03 06:29:00
linux - security update
2018-04-30 00:00:00
linux - security update
2018-05-01 00:00:00
debiancve
debiancve
CVE-2017-18017
2018-01-03 06:29:00
prion
prion
Memory corruption
2018-01-03 06:29:00
redhatcve
redhatcve
CVE-2017-18017
2018-01-04 16:19:48
nessus
nessus
Virtuozzo 7 : readykernel-patch (VZA-2018-005)
2018-01-16 00:00:00
RHEL 7 : kernel (RHSA-2018:1737) (Spectre)
2018-05-30 00:00:00
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4268)
2018-11-09 00:00:00
ubuntucve
ubuntucve
CVE-2017-18017
2018-01-03 00:00:00
f5
f5
K18352029 : Linux kernel vulnerability CVE-2017-18017
2018-01-16 00:00:00
virtuozzo
virtuozzo
Kernel security update: CVE-2017-18017; Virtuozzo ReadyKernel patch 42.0 for Virtuozzo 7.0.4, 7.0.4 HF3, 7.0.5, 7.0.6, and 7.0.6 HF3
2018-01-12 00:00:00
Kernel security update: CVE-2017-18017 and other; new kernel 2.6.32-042stab128.2 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
2018-03-26 00:00:00
Kernel security update: CVE-2017-18017 and other; new kernel 2.6.32-042stab128.2, Virtuozzo 6.0 Update 12 Hotfix 22 (6.0.12-3701)
2018-03-26 00:00:00
arista
arista
Security Advisory 0034
2018-05-02 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-03-27 04:35:00
cve
cve
CVE-2017-18017
2018-01-03 06:29:00
redhat
redhat
(RHSA-2018:1737) Important: kernel security and bug fix update
2018-05-29 17:59:32
(RHSA-2018:1170) Important: kernel-rt security and bug fix update
2018-04-17 14:55:13
(RHSA-2018:1319) Important: kernel security and bug fix update
2018-05-08 17:59:26
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in the Linux kernel affect the IBM FlashSystem models V840 and V9000
2019-11-11 15:20:37
Security Bulletin: Multiple Vulnerabilities in the Linux kernel affect the IBM FlashSystem 840 and 900
2023-02-18 01:45:50
Security Bulletin: Multiple vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
2023-03-29 01:48:02
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2018-11-08 00:00:00
kernel security and bug fix update
2018-05-08 00:00:00
Unbreakable Enterprise kernel security update
2018-07-10 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1234)
2020-01-23 00:00:00
CentOS Update for kernel CESA-2018:1319 centos6
2018-05-10 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:0660-1)
2021-06-09 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2017-0055
2017-07-25 00:00:00
centos
centos
kernel, perf, python security update
2018-05-10 01:00:09
kernel security update
2018-04-27 05:53:39
suse
suse
Security update for the Linux Kernel (important)
2018-03-12 12:08:22
Security update for the Linux Kernel (important)
2018-02-07 18:08:53
Security update for the Linux Kernel (important)
2018-02-09 15:09:34
symantec
symantec
Linux Kernel Aug 2017 - Sep 2018 Vulnerabilities
2018-11-28 08:01:01
ubuntu
ubuntu
Linux kernel vulnerabilities
2018-02-23 00:00:00
Linux kernel (Trusty HWE) vulnerabilities
2018-02-23 00:00:00
debian
debian
[SECURITY] [DLA 1369-1] linux security update
2018-05-02 20:58:29
[SECURITY] [DSA 4187-1] linux security update
2018-05-01 17:12:02
[SECURITY] [DSA 4187-1] linux security update
2018-05-01 17:12:02
JSON
Related for ARISTA_EOS_SA0034.NASL
osv3debiancve1prion1redhatcve1nessus34ubuntucve1f51virtuozzo4arista1veracode1cve1redhat6ibm8oraclelinux6openvas15photon1centos2suse10symantec1ubuntu2debian3