Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.CENTOS_RHSA-2015-1081.NASL
HistoryJun 11, 2015 - 12:00 a.m.

CentOS 6 : kernel (CESA-2015:1081)

2015-06-1100:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
26
JSON

Updated kernel packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

  • It was found that the Linux kernel’s implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1805, Important)

  • A buffer overflow flaw was found in the way the Linux kernel’s Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AES-GCM mode IPSec security association. (CVE-2015-3331, Important)

  • An information leak flaw was found in the way the Linux kernel changed certain segment registers and thread-local storage (TLS) during a context switch. A local, unprivileged user could use this flaw to leak the user space TLS base address of an arbitrary process.
    (CVE-2014-9419, Low)

  • It was found that the Linux kernel’s ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service. (CVE-2014-9420, Low)

  • An information leak flaw was found in the way the Linux kernel’s Virtual Dynamic Shared Object (vDSO) implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space. (CVE-2014-9585, Low)

Red Hat would like to thank Carl Henrik Lunde for reporting CVE-2014-9420. The security impact of the CVE-2015-1805 issue was discovered by Red Hat.

This update also fixes several bugs and adds various enhancements.
Documentation for these changes is available from the Technical Notes document linked to in the References section.

All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2015:1081 and 
# CentOS Errata and Security Advisory 2015:1081 respectively.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(84091);
  script_version("2.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2014-9419", "CVE-2014-9420", "CVE-2014-9585", "CVE-2015-1805", "CVE-2015-3331");
  script_bugtraq_id(71717, 71794, 71990, 74235, 74951);
  script_xref(name:"RHSA", value:"2015:1081");

  script_name(english:"CentOS 6 : kernel (CESA-2015:1081)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote CentOS host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated kernel packages that fix multiple security issues, several
bugs, and add various enhancements are now available for Red Hat
Enterprise Linux 6.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* It was found that the Linux kernel's implementation of vectored pipe
read and write functionality did not take into account the I/O vectors
that were already processed when retrying after a failed atomic access
operation, potentially resulting in memory corruption due to an I/O
vector array overrun. A local, unprivileged user could use this flaw
to crash the system or, potentially, escalate their privileges on the
system. (CVE-2015-1805, Important)

* A buffer overflow flaw was found in the way the Linux kernel's Intel
AES-NI instructions optimized version of the RFC4106 GCM mode
decryption functionality handled fragmented packets. A remote attacker
could use this flaw to crash, or potentially escalate their privileges
on, a system over a connection with an active AES-GCM mode IPSec
security association. (CVE-2015-3331, Important)

* An information leak flaw was found in the way the Linux kernel
changed certain segment registers and thread-local storage (TLS)
during a context switch. A local, unprivileged user could use this
flaw to leak the user space TLS base address of an arbitrary process.
(CVE-2014-9419, Low)

* It was found that the Linux kernel's ISO file system implementation
did not correctly limit the traversal of Rock Ridge extension
Continuation Entries (CE). An attacker with physical access to the
system could use this flaw to trigger an infinite loop in the kernel,
resulting in a denial of service. (CVE-2014-9420, Low)

* An information leak flaw was found in the way the Linux kernel's
Virtual Dynamic Shared Object (vDSO) implementation performed address
randomization. A local, unprivileged user could use this flaw to leak
kernel memory addresses to user-space. (CVE-2014-9585, Low)

Red Hat would like to thank Carl Henrik Lunde for reporting
CVE-2014-9420. The security impact of the CVE-2015-1805 issue was
discovered by Red Hat.

This update also fixes several bugs and adds various enhancements.
Documentation for these changes is available from the Technical Notes
document linked to in the References section.

All kernel users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues and add these
enhancements. The system must be rebooted for this update to take
effect."
  );
  # https://lists.centos.org/pipermail/centos-announce/2015-June/021165.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?1cf05d0f"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-3331");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/06/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/11");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"CentOS Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver);

if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);


flag = 0;
if (rpm_check(release:"CentOS-6", reference:"kernel-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"kernel-abi-whitelists-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"kernel-debug-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"kernel-debug-devel-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"kernel-devel-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"kernel-doc-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"kernel-firmware-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"kernel-headers-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"perf-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"CentOS-6", reference:"python-perf-2.6.32-504.23.4.el6")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc");
}
VendorProductVersionCPE
centoscentoskernelp-cpe:/a:centos:centos:kernel
centoscentoskernel-abi-whitelistsp-cpe:/a:centos:centos:kernel-abi-whitelists
centoscentoskernel-debugp-cpe:/a:centos:centos:kernel-debug
centoscentoskernel-debug-develp-cpe:/a:centos:centos:kernel-debug-devel
centoscentoskernel-develp-cpe:/a:centos:centos:kernel-devel
centoscentoskernel-docp-cpe:/a:centos:centos:kernel-doc
centoscentoskernel-firmwarep-cpe:/a:centos:centos:kernel-firmware
centoscentoskernel-headersp-cpe:/a:centos:centos:kernel-headers
centoscentosperfp-cpe:/a:centos:centos:perf
centoscentospython-perfp-cpe:/a:centos:centos:python-perf
Rows per page:
1-10 of 111

Related

redhat 15
nessus 57
centos 5
openvas 39
oraclelinux 9
securityvulns 1
suse 5
prion 6
f5 11
debiancve 6
veracode 9
ubuntucve 6
cve 6
threatpost 3
android 2
androidsecurity 1
mageia 1
debian 1
osv 1
ubuntu 10
amazon 1
thn 1
fedora 2
ibm 1
redhat
redhat
(RHSA-2015:1081) Important: kernel security, bug fix, and enhancement update
2015-06-09 00:00:00
(RHSA-2015:1199) Important: kernel security and bug fix update
2015-06-30 00:00:00
(RHSA-2015:0989) Important: kernel-rt security, bug fix, and enhancement update
2015-05-12 00:00:00
nessus
nessus
Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20150609)
2015-06-10 00:00:00
RHEL 6 : kernel (RHSA-2015:1081)
2015-06-10 00:00:00
Oracle Linux 6 : kernel (ELSA-2015-1081)
2015-06-10 00:00:00
centos
centos
kernel, perf, python security update
2015-06-10 09:06:44
kernel, perf, python security update
2015-05-13 16:57:56
kernel security update
2015-06-03 01:55:17
openvas
openvas
RedHat Update for kernel RHSA-2015:1081-01
2015-06-10 00:00:00
CentOS Update for kernel CESA-2015:1081 centos6
2015-06-11 00:00:00
Oracle: Security Advisory (ELSA-2015-1081)
2015-10-06 00:00:00
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2015-06-09 00:00:00
Unbreakable Enterprise kernel security update
2015-06-10 00:00:00
Unbreakable Enterprise kernel security update
2015-06-10 00:00:00
securityvulns
securityvulns
Linux kernel multiple security vulnerabilities
2015-01-18 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2015-01-30 11:04:56
Security update for the Linux Kernel (important)
2015-04-13 14:17:21
Security update for Linux Kernel (important)
2015-04-13 14:04:48
prion
prion
Design/Logic Flaw
2014-12-26 00:59:00
Design/Logic Flaw
2014-12-26 00:59:00
Memory corruption
2015-01-09 21:59:00
f5
f5
SOL17543 - Linux kernel vulnerability CVE-2014-9420
2015-11-04 00:00:00
K17241 : Linux kernel vulnerability CVE-2014-9585
2015-09-08 00:00:00
SOL17241 - Linux kernel vulnerability CVE-2014-9585
2015-09-08 00:00:00
debiancve
debiancve
CVE-2014-9420
2014-12-26 00:59:00
CVE-2014-9585
2015-01-09 21:59:00
CVE-2014-9419
2014-12-26 00:59:00
veracode
veracode
Denial Of Service
2019-01-15 09:06:12
ASLR Bypass
2019-01-15 09:07:42
Denial Of Service (DoS)
2019-01-15 09:05:52
ubuntucve
ubuntucve
CVE-2014-9420
2014-12-25 00:00:00
CVE-2014-9419
2014-12-25 00:00:00
CVE-2014-9585
2015-01-09 00:00:00
cve
cve
CVE-2014-9419
2014-12-26 00:59:00
CVE-2014-9420
2014-12-26 00:59:00
CVE-2014-9585
2015-01-09 21:59:00
threatpost
threatpost
Android Rooting Application Emergency Patch
2016-03-23 07:00:46
April 2016 Google Android Nexus Security Bulletin
2016-04-04 14:00:22
Google Detects and Boots Tizi Spyware Off Google Play
2017-11-28 12:40:09
android
android
CVE-2015-1805
2016-04-02 00:00:00
pipe inatomic
2015-06-06 00:00:00
androidsecurity
androidsecurity
Android Security Advisory&hairsp;—&hairsp;2016-03-18
2016-03-18 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2015-01-07 18:14:58
debian
debian
[SECURITY] [DLA 155-1] linux-2.6 security update
2015-02-18 23:22:13
osv
osv
linux-2.6 - security update
2015-02-18 00:00:00
ubuntu
ubuntu
Linux kernel vulnerability regression
2015-02-28 00:00:00
Linux kernel vulnerabilities regression
2015-03-04 00:00:00
Linux kernel (Trusty HWE) vulnerabilities regression
2015-03-04 00:00:00
amazon
amazon
Medium: kernel
2015-05-14 14:27:00
thn
thn
First Android Malware Found Exploiting Dirty COW Linux Flaw to Gain Root Privileges
2017-09-26 02:52:00
fedora
fedora
[SECURITY] Fedora 21 Update: kernel-3.17.8-300.fc21
2015-01-11 02:58:06
[SECURITY] Fedora 21 Update: kernel-3.18.3-201.fc21
2015-01-26 02:31:22
ibm
ibm
Security Bulletin: PowerKVM is affected by Linux Kernel vulnerabilities (multiple CVEs)
2018-06-18 01:28:49
JSON
Related for CENTOS_RHSA-2015-1081.NASL
redhat15nessus57centos5openvas39oraclelinux9securityvulns1suse5prion6f511debiancve6veracode9ubuntucve6cve6threatpost3android2androidsecurity1mageia1debian1osv1ubuntu10amazon1thn1fedora2ibm1