EulerOS 2.0 SP1 kernel vulnerabilities affecting local user
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
OpenVAS | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2016-1089) | 23 Jan 202000:00 | ā | openvas |
OpenVAS | Ubuntu: Security Advisory (USN-3206-1) | 22 Feb 201700:00 | ā | openvas |
OpenVAS | Ubuntu: Security Advisory (USN-3207-1) | 22 Feb 201700:00 | ā | openvas |
OpenVAS | Ubuntu: Security Advisory (USN-3207-2) | 22 Feb 201700:00 | ā | openvas |
OpenVAS | openSUSE: Security Advisory for kernel (openSUSE-SU-2016:3061-1) | 9 Dec 201600:00 | ā | openvas |
OpenVAS | Ubuntu: Security Advisory (USN-3159-2) | 21 Dec 201600:00 | ā | openvas |
OpenVAS | Ubuntu: Security Advisory (USN-3159-1) | 21 Dec 201600:00 | ā | openvas |
OpenVAS | Ubuntu: Security Advisory (USN-3160-1) | 21 Dec 201600:00 | ā | openvas |
OpenVAS | Ubuntu: Security Advisory (USN-3160-2) | 21 Dec 201600:00 | ā | openvas |
OpenVAS | RedHat Update for kernel RHSA-2017:0892-01 | 12 Apr 201700:00 | ā | openvas |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(99846);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id(
"CVE-2016-3841",
"CVE-2016-7910",
"CVE-2016-7911",
"CVE-2016-7914",
"CVE-2016-7916"
);
script_name(english:"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1089)");
script_summary(english:"Checks the rpm output for the updated packages.");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- Use-after-free vulnerability in the disk_seqf_stop
function in block/genhd.c in the Linux kernel before
4.7.1 allows local users to gain privileges by
leveraging the execution of a certain stop operation
even if the corresponding start operation had
failed.(CVE-2016-7910)
- Race condition in the get_task_ioprio function in
block/ioprio.c in the Linux kernel before 4.6.6 allows
local users to gain privileges or cause a denial of
service (use-after-free) via a crafted ioprio_get
system call.(CVE-2016-7911)
- The assoc_array_insert_into_terminal_node function in
lib/assoc_array.c in the Linux kernel before 4.5.3 does
not check whether a slot is a leaf, which allows local
users to obtain sensitive information from kernel
memory or cause a denial of service (invalid pointer
dereference and out-of-bounds read) via an application
that uses associative-array data structures, as
demonstrated by the keyutils test suite.(CVE-2016-7914)
- The IPv6 stack in the Linux kernel before 4.3.3
mishandles options data, which allows local users to
gain privileges or cause a denial of service
(use-after-free and system crash) via a crafted sendmsg
system call.(CVE-2016-3841)
- Race condition in the environ_read function in
fs/proc/base.c in the Linux kernel before 4.5.4 allows
local users to obtain sensitive information from kernel
memory by reading a /proc/*/environ file during a
process-setup time interval in which
environment-variable copying is
incomplete.(CVE-2016-7916)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1089
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?743b78fa");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"patch_publication_date", value:"2016/12/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["kernel-3.10.0-229.42.1.105",
"kernel-debug-3.10.0-229.42.1.105",
"kernel-debuginfo-3.10.0-229.42.1.105",
"kernel-debuginfo-common-x86_64-3.10.0-229.42.1.105",
"kernel-devel-3.10.0-229.42.1.105",
"kernel-headers-3.10.0-229.42.1.105",
"kernel-tools-3.10.0-229.42.1.105",
"kernel-tools-libs-3.10.0-229.42.1.105",
"perf-3.10.0-229.42.1.105",
"python-perf-3.10.0-229.42.1.105"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactĀ us for a demo andĀ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo