CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
62.2%
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, unauthorised information disclosure or unauthorised information modification.
CVE-2015-2925 Jann Horn discovered that when a subdirectory of a filesystem was bind-mounted into a chroot or mount namespace, a user that should be confined to that chroot or namespace could access the whole of that filesystem if they had write permission on an ancestor of the subdirectory. This is not a common configuration for wheezy, and the issue has previously been fixed for jessie.
CVE-2015-5257 Moein Ghasemzadeh of Istuary Innovation Labs reported that a USB device could cause a denial of service (crash) by imitating a Whiteheat USB serial device but presenting a smaller number of endpoints.
CVE-2015-5283 Marcelo Ricardo Leitner discovered that creating multiple SCTP sockets at the same time could cause a denial of service (crash) if the sctp module had not previously been loaded. This issue only affects jessie.
CVE-2015-7613 Dmitry Vyukov discovered that System V IPC objects (message queues and shared memory segments) were made accessible before their ownership and other attributes were fully initialised. If a local user can race against another user or service creating a new IPC object, this may result in unauthorised information disclosure, unauthorised information modification, denial of service and/or privilege escalation.
A similar issue existed with System V semaphore arrays, but was less severe because they were always cleared before being fully initialised.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-3372. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(86375);
script_version("2.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2015-2925", "CVE-2015-5257", "CVE-2015-5283", "CVE-2015-7613");
script_xref(name:"DSA", value:"3372");
script_name(english:"Debian DSA-3372-1 : linux - security update");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service, unauthorised
information disclosure or unauthorised information modification.
- CVE-2015-2925
Jann Horn discovered that when a subdirectory of a
filesystem was bind-mounted into a chroot or mount
namespace, a user that should be confined to that chroot
or namespace could access the whole of that filesystem
if they had write permission on an ancestor of the
subdirectory. This is not a common configuration for
wheezy, and the issue has previously been fixed for
jessie.
- CVE-2015-5257
Moein Ghasemzadeh of Istuary Innovation Labs reported
that a USB device could cause a denial of service
(crash) by imitating a Whiteheat USB serial device but
presenting a smaller number of endpoints.
- CVE-2015-5283
Marcelo Ricardo Leitner discovered that creating
multiple SCTP sockets at the same time could cause a
denial of service (crash) if the sctp module had not
previously been loaded. This issue only affects jessie.
- CVE-2015-7613
Dmitry Vyukov discovered that System V IPC objects
(message queues and shared memory segments) were made
accessible before their ownership and other attributes
were fully initialised. If a local user can race against
another user or service creating a new IPC object, this
may result in unauthorised information disclosure,
unauthorised information modification, denial of service
and/or privilege escalation.
A similar issue existed with System V semaphore arrays, but was less
severe because they were always cleared before being fully
initialised."
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2015-2925"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2015-5257"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2015-5283"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2015-7613"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/jessie/linux"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2015/dsa-3372"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the linux packages.
For the oldstable distribution (wheezy), these problems have been
fixed in version 3.2.68-1+deb7u5.
For the stable distribution (jessie), these problems have been fixed
in version 3.16.7-ckt11-1+deb8u5."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/19");
script_set_attribute(attribute:"patch_publication_date", value:"2015/10/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/14");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"7.0", prefix:"linux", reference:"3.2.68-1+deb7u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-compiler-gcc-4.8-arm", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-compiler-gcc-4.8-x86", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-compiler-gcc-4.9-x86", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-doc-3.16", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-586", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-686-pae", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-all", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-all-amd64", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-all-armel", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-all-armhf", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-all-i386", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-amd64", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-armmp", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-armmp-lpae", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-common", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-ixp4xx", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-kirkwood", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-orion5x", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-headers-3.16.0-9-versatile", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-586", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-686-pae", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-686-pae-dbg", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-amd64", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-amd64-dbg", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-armmp", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-armmp-lpae", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-ixp4xx", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-kirkwood", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-orion5x", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-image-3.16.0-9-versatile", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-libc-dev", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-manual-3.16", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-source-3.16", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"linux-support-3.16.0-9", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"xen-linux-system-3.16.0-9-amd64", reference:"3.16.7-ckt11-1+deb8u5")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Vendor | Product | Version | CPE |
---|---|---|---|
debian | debian_linux | linux | p-cpe:/a:debian:debian_linux:linux |
debian | debian_linux | 7.0 | cpe:/o:debian:debian_linux:7.0 |
debian | debian_linux | 8.0 | cpe:/o:debian:debian_linux:8.0 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2925
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5257
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5283
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7613
packages.debian.org/source/jessie/linux
security-tracker.debian.org/tracker/CVE-2015-2925
security-tracker.debian.org/tracker/CVE-2015-5257
security-tracker.debian.org/tracker/CVE-2015-5283
security-tracker.debian.org/tracker/CVE-2015-7613
www.debian.org/security/2015/dsa-3372