This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-2420.NASLDebian DLA-2420-2 : linux regression update
9.3 High
AI Score
Confidence
High
This update corrects a regression in some Xen virtual machine environments. For reference the original advisory text follows.
Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service or information leaks.
CVE-2019-9445
A potential out-of-bounds read was discovered in the F2FS implementation. A user permitted to mount and access arbitrary filesystems could potentially use this to cause a denial of service (crash) or to read sensitive information.
CVE-2019-19073, CVE-2019-19074
Navid Emamdoost discovered potential memory leaks in the ath9k and ath9k_htc drivers. The security impact of these is unclear.
CVE-2019-19448
‘Team bobfuzzer’ reported a bug in Btrfs that could lead to a use-after-free, and could be triggered by crafted filesystem images. A user permitted to mount and access arbitrary filesystems could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.
CVE-2020-12351
Andy Nguyen discovered a flaw in the Bluetooth implementation in the way L2CAP packets with A2MP CID are handled. A remote attacker within a short distance, knowing the victim’s Bluetooth device address, can send a malicious l2cap packet and cause a denial of service or possibly arbitrary code execution with kernel privileges.
CVE-2020-12352
Andy Nguyen discovered a flaw in the Bluetooth implementation. Stack memory is not properly initialised when handling certain AMP packets.
A remote attacker within a short distance, knowing the victim’s Bluetooth device address address, can retrieve kernel stack information.
CVE-2020-12655
Zheng Bin reported that crafted XFS volumes could trigger a system hang. An attacker able to mount such a volume could use this to cause a denial of service.
CVE-2020-12771
Zhiqiang Liu reported a bug in the bcache block driver that could lead to a system hang. The security impact of this is unclear.
CVE-2020-12888
It was discovered that the PCIe Virtual Function I/O (vfio-pci) driver allowed users to disable a device’s memory space while it was still mapped into a process. On some hardware platforms, local users or guest virtual machines permitted to access PCIe Virtual Functions could use this to cause a denial of service (hardware error and crash).
CVE-2020-14305
Vasily Averin of Virtuozzo discovered a potential heap buffer overflow in the netfilter nf_contrack_h323 module. When this module is used to perform connection tracking for TCP/IPv6, a remote attacker could use this to cause a denial of service (crash or memory corruption) or possibly for remote code execution with kernel privilege.
CVE-2020-14314
A bug was discovered in the ext4 filesystem that could lead to an out-of-bound read. A local user permitted to mount and access arbitrary filesystem images could use this to cause a denial of service (crash).
CVE-2020-14331
A bug was discovered in the VGA console driver’s soft-scrollback feature that could lead to a heap buffer overflow. On a system with a custom kernel that has CONFIG_VGACON_SOFT_SCROLLBACK enabled, a local user with access to a console could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.
CVE-2020-14356, CVE-2020-25220
A bug was discovered in the cgroup subsystem’s handling of socket references to cgroups. In some cgroup configurations, this could lead to a use-after-free. A local user might be able to use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.
The original fix for this bug introudced a new security issue, which is also addressed in this update.
CVE-2020-14386
Or Cohen discovered a bug in the packet socket (AF_PACKET) implementation which could lead to a heap buffer overflow. A local user with the CAP_NET_RAW capability (in any user namespace) could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.
CVE-2020-14390
Minh Yuan discovered a bug in the framebuffer console driver’s scrollback feature that could lead to a heap buffer overflow. On a system using framebuffer consoles, a local user with access to a console could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.
The scrollback feature has been disabled for now, as no other fix was available for this issue.
CVE-2020-15393
Kyungtae Kim reported a memory leak in the usbtest driver. The security impact of this is unclear.
CVE-2020-16166
Amit Klein reported that the random number generator used by the network stack might not be re-seeded for long periods of time, making e.g. client port number allocations more predictable. This made it easier for remote attackers to carry out some network- based attacks such as DNS cache poisoning or device tracking.
CVE-2020-24490
Andy Nguyen discovered a flaw in the Bluetooth implementation that can lead to a heap buffer overflow. On systems with a Bluetooth 5 hardware interface, a remote attacker within a short distance can use this to cause a denial of service (crash or memory corruption) or possibly for remote code execution with kernel privilege.
CVE-2020-25211
A flaw was discovered in netfilter subsystem. A local attacker able to inject conntrack Netlink configuration can cause a denial of service.
CVE-2020-25212
A bug was discovered in the NFSv4 client implementation that could lead to a heap buffer overflow. A malicious NFS server could use this to cause a denial of service (crash or memory corruption) or possibly to execute arbitrary code on the client.
CVE-2020-25284
It was discovered that the Rados block device (rbd) driver allowed tasks running as uid 0 to add and remove rbd devices, even if they dropped capabilities. On a system with the rbd driver loaded, this might allow privilege escalation from a container with a task running as root.
CVE-2020-25285
A race condition was discovered in the hugetlb filesystem’s sysctl handlers, that could lead to stack corruption. A local user permitted to write to hugepages sysctls could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation. By default only the root user can do this.
CVE-2020-25641
The syzbot tool found a bug in the block layer that could lead to an infinite loop. A local user with access to a raw block device could use this to cause a denial of service (unbounded CPU use and possible system hang).
CVE-2020-25643
ChenNan Of Chaitin Security Research Lab discovered a flaw in the hdlc_ppp module. Improper input validation in the ppp_cp_parse_cr() function may lead to memory corruption and information disclosure.
CVE-2020-26088
It was discovered that the NFC (Near Field Communication) socket implementation allowed any user to create raw sockets. On a system with an NFC interface, this allowed local users to evade local network security policy.
For Debian 9 stretch, these problems have been fixed in version 4.9.240-1. This update additionally includes many more bug fixes from stable updates 4.9.229-4.9.240 inclusive.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-2420-2. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('compat.inc');
if (description)
{
script_id(142176);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/13");
script_cve_id(
"CVE-2019-19073",
"CVE-2019-19074",
"CVE-2019-19448",
"CVE-2019-9445",
"CVE-2020-12351",
"CVE-2020-12352",
"CVE-2020-12655",
"CVE-2020-12771",
"CVE-2020-12888",
"CVE-2020-14305",
"CVE-2020-14314",
"CVE-2020-14331",
"CVE-2020-14356",
"CVE-2020-14386",
"CVE-2020-14390",
"CVE-2020-15393",
"CVE-2020-16166",
"CVE-2020-24490",
"CVE-2020-25211",
"CVE-2020-25212",
"CVE-2020-25220",
"CVE-2020-25284",
"CVE-2020-25285",
"CVE-2020-25641",
"CVE-2020-25643",
"CVE-2020-26088"
);
script_name(english:"Debian DLA-2420-2 : linux regression update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security update.");
script_set_attribute(attribute:"description", value:
"This update corrects a regression in some Xen virtual machine
environments. For reference the original advisory text follows.
Several vulnerabilities have been discovered in the Linux kernel that
may lead to the execution of arbitrary code, privilege escalation,
denial of service or information leaks.
CVE-2019-9445
A potential out-of-bounds read was discovered in the F2FS
implementation. A user permitted to mount and access arbitrary
filesystems could potentially use this to cause a denial of service
(crash) or to read sensitive information.
CVE-2019-19073, CVE-2019-19074
Navid Emamdoost discovered potential memory leaks in the ath9k and
ath9k_htc drivers. The security impact of these is unclear.
CVE-2019-19448
'Team bobfuzzer' reported a bug in Btrfs that could lead to a
use-after-free, and could be triggered by crafted filesystem images. A
user permitted to mount and access arbitrary filesystems could use
this to cause a denial of service (crash or memory corruption) or
possibly for privilege escalation.
CVE-2020-12351
Andy Nguyen discovered a flaw in the Bluetooth implementation in the
way L2CAP packets with A2MP CID are handled. A remote attacker within
a short distance, knowing the victim's Bluetooth device address, can
send a malicious l2cap packet and cause a denial of service or
possibly arbitrary code execution with kernel privileges.
CVE-2020-12352
Andy Nguyen discovered a flaw in the Bluetooth implementation. Stack
memory is not properly initialised when handling certain AMP packets.
A remote attacker within a short distance, knowing the victim's
Bluetooth device address address, can retrieve kernel stack
information.
CVE-2020-12655
Zheng Bin reported that crafted XFS volumes could trigger a system
hang. An attacker able to mount such a volume could use this to cause
a denial of service.
CVE-2020-12771
Zhiqiang Liu reported a bug in the bcache block driver that could lead
to a system hang. The security impact of this is unclear.
CVE-2020-12888
It was discovered that the PCIe Virtual Function I/O (vfio-pci) driver
allowed users to disable a device's memory space while it was still
mapped into a process. On some hardware platforms, local users or
guest virtual machines permitted to access PCIe Virtual Functions
could use this to cause a denial of service (hardware error and
crash).
CVE-2020-14305
Vasily Averin of Virtuozzo discovered a potential heap buffer overflow
in the netfilter nf_contrack_h323 module. When this module is used to
perform connection tracking for TCP/IPv6, a remote attacker could use
this to cause a denial of service (crash or memory corruption) or
possibly for remote code execution with kernel privilege.
CVE-2020-14314
A bug was discovered in the ext4 filesystem that could lead to an
out-of-bound read. A local user permitted to mount and access
arbitrary filesystem images could use this to cause a denial of
service (crash).
CVE-2020-14331
A bug was discovered in the VGA console driver's soft-scrollback
feature that could lead to a heap buffer overflow. On a system with a
custom kernel that has CONFIG_VGACON_SOFT_SCROLLBACK enabled, a local
user with access to a console could use this to cause a denial of
service (crash or memory corruption) or possibly for privilege
escalation.
CVE-2020-14356, CVE-2020-25220
A bug was discovered in the cgroup subsystem's handling of socket
references to cgroups. In some cgroup configurations, this could lead
to a use-after-free. A local user might be able to use this to cause a
denial of service (crash or memory corruption) or possibly for
privilege escalation.
The original fix for this bug introudced a new security
issue, which is also addressed in this update.
CVE-2020-14386
Or Cohen discovered a bug in the packet socket (AF_PACKET)
implementation which could lead to a heap buffer overflow. A local
user with the CAP_NET_RAW capability (in any user namespace) could use
this to cause a denial of service (crash or memory corruption) or
possibly for privilege escalation.
CVE-2020-14390
Minh Yuan discovered a bug in the framebuffer console driver's
scrollback feature that could lead to a heap buffer overflow. On a
system using framebuffer consoles, a local user with access to a
console could use this to cause a denial of service (crash or memory
corruption) or possibly for privilege escalation.
The scrollback feature has been disabled for now, as no
other fix was available for this issue.
CVE-2020-15393
Kyungtae Kim reported a memory leak in the usbtest driver. The
security impact of this is unclear.
CVE-2020-16166
Amit Klein reported that the random number generator used by the
network stack might not be re-seeded for long periods of time, making
e.g. client port number allocations more predictable. This made it
easier for remote attackers to carry out some network- based attacks
such as DNS cache poisoning or device tracking.
CVE-2020-24490
Andy Nguyen discovered a flaw in the Bluetooth implementation that can
lead to a heap buffer overflow. On systems with a Bluetooth 5 hardware
interface, a remote attacker within a short distance can use this to
cause a denial of service (crash or memory corruption) or possibly for
remote code execution with kernel privilege.
CVE-2020-25211
A flaw was discovered in netfilter subsystem. A local attacker able to
inject conntrack Netlink configuration can cause a denial of service.
CVE-2020-25212
A bug was discovered in the NFSv4 client implementation that could
lead to a heap buffer overflow. A malicious NFS server could use this
to cause a denial of service (crash or memory corruption) or possibly
to execute arbitrary code on the client.
CVE-2020-25284
It was discovered that the Rados block device (rbd) driver allowed
tasks running as uid 0 to add and remove rbd devices, even if they
dropped capabilities. On a system with the rbd driver loaded, this
might allow privilege escalation from a container with a task running
as root.
CVE-2020-25285
A race condition was discovered in the hugetlb filesystem's sysctl
handlers, that could lead to stack corruption. A local user permitted
to write to hugepages sysctls could use this to cause a denial of
service (crash or memory corruption) or possibly for privilege
escalation. By default only the root user can do this.
CVE-2020-25641
The syzbot tool found a bug in the block layer that could lead to an
infinite loop. A local user with access to a raw block device could
use this to cause a denial of service (unbounded CPU use and possible
system hang).
CVE-2020-25643
ChenNan Of Chaitin Security Research Lab discovered a flaw in the
hdlc_ppp module. Improper input validation in the ppp_cp_parse_cr()
function may lead to memory corruption and information disclosure.
CVE-2020-26088
It was discovered that the NFC (Near Field Communication) socket
implementation allowed any user to create raw sockets. On a system
with an NFC interface, this allowed local users to evade local network
security policy.
For Debian 9 stretch, these problems have been fixed in version
4.9.240-1. This update additionally includes many more bug fixes from
stable updates 4.9.229-4.9.240 inclusive.
We recommend that you upgrade your linux packages.
For the detailed security status of linux please refer to its security
tracker page at: https://security-tracker.debian.org/tracker/linux
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2020/10/msg00034.html");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/stretch/linux");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/linux");
script_set_attribute(attribute:"solution", value:
"Upgrade the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-14305");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-12351");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/06");
script_set_attribute(attribute:"patch_publication_date", value:"2020/10/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/11/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:hyperv-daemons");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcpupower-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcpupower1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libusbip-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-cpupower");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-doc-4.9");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-libc-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-manual-4.9");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-perf-4.9");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-source-4.9");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:usbip");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"9.0", prefix:"hyperv-daemons", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"libcpupower-dev", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"libcpupower1", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"libusbip-dev", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-compiler-gcc-6-arm", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-compiler-gcc-6-s390", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-compiler-gcc-6-x86", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-cpupower", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-doc-4.9", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-4kc-malta", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-5kc-malta", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-686", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-686-pae", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-amd64", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-arm64", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-armel", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-armhf", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-i386", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-mips", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-mips64el", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-mipsel", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-ppc64el", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-all-s390x", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-amd64", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-arm64", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-armmp", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-armmp-lpae", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-common", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-common-rt", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-loongson-3", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-marvell", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-octeon", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-powerpc64le", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-rt-686-pae", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-rt-amd64", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-headers-4.9.0-9-s390x", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-4kc-malta", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-4kc-malta-dbg", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-5kc-malta", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-5kc-malta-dbg", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-686", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-686-dbg", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-686-pae", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-686-pae-dbg", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-amd64", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-amd64-dbg", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-arm64", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-arm64-dbg", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-armmp", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-armmp-dbg", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-armmp-lpae", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-armmp-lpae-dbg", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-loongson-3", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-loongson-3-dbg", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-marvell", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-marvell-dbg", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-octeon", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-octeon-dbg", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-powerpc64le", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-powerpc64le-dbg", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-rt-686-pae", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-rt-686-pae-dbg", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-rt-amd64", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-rt-amd64-dbg", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-s390x", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-image-4.9.0-9-s390x-dbg", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-kbuild-4.9", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-libc-dev", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-manual-4.9", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-perf-4.9", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-source-4.9", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"linux-support-4.9.0-9", reference:"4.9.240-2")) flag++;
if (deb_check(release:"9.0", prefix:"usbip", reference:"4.9.240-2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | linux-image-4.9.0-9-octeon | p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon |
| debian | debian_linux | linux-image-4.9.0-9-octeon-dbg | p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg |
| debian | debian_linux | linux-image-4.9.0-9-powerpc64le | p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le |
| debian | debian_linux | linux-image-4.9.0-9-powerpc64le-dbg | p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg |
| debian | debian_linux | linux-image-4.9.0-9-rt-686-pae | p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae |
| debian | debian_linux | linux-image-4.9.0-9-rt-686-pae-dbg | p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg |
| debian | debian_linux | linux-image-4.9.0-9-rt-amd64 | p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64 |
| debian | debian_linux | linux-image-4.9.0-9-rt-amd64-dbg | p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg |
| debian | debian_linux | linux-image-4.9.0-9-s390x | p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x |
| debian | debian_linux | linux-image-4.9.0-9-s390x-dbg | p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19073
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19074
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19448
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9445
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12351
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12352
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12655
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12771
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12888
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14305
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14314
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14331
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14356
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14386
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14390
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15393
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16166
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24490
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25211
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25212
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25220
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25284
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25285
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25641
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25643
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26088
lists.debian.org/debian-lts-announce/2020/10/msg00034.html
packages.debian.org/source/stretch/linux
security-tracker.debian.org/tracker/source-package/linux
Related
