An update for kernel in Red Hat Enterprise Linux 7 addresses important security and bug fixes, including heap overflows and buffer overflows
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
![]() | CentOS 7 : kernel (CESA-2020:0375) (deprecated) | 6 Feb 202000:00 | – | nessus |
![]() | RHEL 7 : kernel-rt (RHSA-2020:0375) | 5 Feb 202000:00 | – | nessus |
![]() | RHEL 7 : kernel (RHSA-2020:0374) | 5 Feb 202000:00 | – | nessus |
![]() | Scientific Linux Security Update : kernel on SL7.x x86_64 (20200205) | 7 Feb 202000:00 | – | nessus |
![]() | NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2020-0010) | 8 Mar 202000:00 | – | nessus |
![]() | Oracle Linux 7 : kernel (ELSA-2020-0374) | 6 Feb 202000:00 | – | nessus |
![]() | NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0014) | 21 Apr 202000:00 | – | nessus |
![]() | RHEL 7 : kernel (RHSA-2020:0653) | 6 Mar 202000:00 | – | nessus |
![]() | RHEL 7 : kernel (RHSA-2020:0664) | 6 Mar 202000:00 | – | nessus |
![]() | Oracle Linux 8 : kernel (ELSA-2020-0339) | 10 Feb 202000:00 | – | nessus |
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2020:0374 and
# CentOS Errata and Security Advisory 2020:0374 respectively.
#
include('compat.inc');
if (description)
{
script_id(134087);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/10/09");
script_cve_id(
"CVE-2019-14816",
"CVE-2019-14895",
"CVE-2019-14898",
"CVE-2019-14901",
"CVE-2019-17133"
);
script_xref(name:"RHSA", value:"2020:0374");
script_name(english:"CentOS 7 : kernel (RHSA-2020:0374)");
script_set_attribute(attribute:"synopsis", value:
"The remote CentOS Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the
RHSA-2020:0374 advisory.
- There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip
driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly
execute arbitrary code. (CVE-2019-14816)
- A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before
4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection
negotiation during the handling of the remote devices country settings. This could allow the remote device
to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895)
- The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could
use this flaw to obtain sensitive information, cause a denial of service, or possibly have other
unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.
(CVE-2019-14898)
- A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell
WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a
denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the
availability of the system. If code execution occurs, the code will run with the permissions of root. This
will affect both confidentiality and integrity of files on the system. (CVE-2019-14901)
- In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a
long SSID IE, leading to a Buffer Overflow. (CVE-2019-17133)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:0374");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14901");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-17133");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_severity", value:"Important");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/20");
script_set_attribute(attribute:"patch_publication_date", value:"2020/02/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:bpftool");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-abi-whitelists");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-bootwrapper");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-kdump");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-kdump-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kernel-tools-libs-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:python-perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CentOS Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/CentOS/release');
if (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');
var os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);
if (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);
var pkgs = [
{'reference':'bpftool-3.10.0-1062.12.1.el7', 'cpu':'ppc64le', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'bpftool-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-3.10.0-1062.12.1.el7', 'cpu':'ppc64le', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-abi-whitelists-3.10.0-1062.12.1.el7', 'cpu':'ppc64le', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-abi-whitelists-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-bootwrapper-3.10.0-1062.12.1.el7', 'cpu':'ppc64le', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-bootwrapper-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-3.10.0-1062.12.1.el7', 'cpu':'ppc64le', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-3.10.0-1062.12.1.el7', 'cpu':'ppc64le', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-debug-devel-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-3.10.0-1062.12.1.el7', 'cpu':'ppc64le', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-devel-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-headers-3.10.0-1062.12.1.el7', 'cpu':'ppc64le', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-headers-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-kdump-3.10.0-1062.12.1.el7', 'cpu':'ppc64le', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-kdump-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-kdump-devel-3.10.0-1062.12.1.el7', 'cpu':'ppc64le', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-kdump-devel-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-3.10.0-1062.12.1.el7', 'cpu':'ppc64le', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-3.10.0-1062.12.1.el7', 'cpu':'ppc64le', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-devel-3.10.0-1062.12.1.el7', 'cpu':'ppc64le', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-tools-libs-devel-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perf-3.10.0-1062.12.1.el7', 'cpu':'ppc64le', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'perf-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-perf-3.10.0-1062.12.1.el7', 'cpu':'ppc64le', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-perf-3.10.0-1062.12.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && _release) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo