Lucene search

K

EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1089)

šŸ—“ļøĀ 01 May 2017Ā 00:00:00Reported byĀ This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.TypeĀ 
nessus
Ā nessus
šŸ”—Ā www.tenable.comšŸ‘Ā 190Ā Views

EulerOS 2.0 SP1 kernel vulnerabilities affecting local user

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
OpenVAS
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2016-1089)
23 Jan 202000:00
ā€“openvas
OpenVAS
Ubuntu: Security Advisory (USN-3206-1)
22 Feb 201700:00
ā€“openvas
OpenVAS
Ubuntu: Security Advisory (USN-3207-1)
22 Feb 201700:00
ā€“openvas
OpenVAS
Ubuntu: Security Advisory (USN-3207-2)
22 Feb 201700:00
ā€“openvas
OpenVAS
openSUSE: Security Advisory for kernel (openSUSE-SU-2016:3061-1)
9 Dec 201600:00
ā€“openvas
OpenVAS
Ubuntu: Security Advisory (USN-3159-2)
21 Dec 201600:00
ā€“openvas
OpenVAS
Ubuntu: Security Advisory (USN-3159-1)
21 Dec 201600:00
ā€“openvas
OpenVAS
Ubuntu: Security Advisory (USN-3160-1)
21 Dec 201600:00
ā€“openvas
OpenVAS
Ubuntu: Security Advisory (USN-3160-2)
21 Dec 201600:00
ā€“openvas
OpenVAS
RedHat Update for kernel RHSA-2017:0892-01
12 Apr 201700:00
ā€“openvas
Rows per page
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(99846);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id(
    "CVE-2016-3841",
    "CVE-2016-7910",
    "CVE-2016-7911",
    "CVE-2016-7914",
    "CVE-2016-7916"
  );

  script_name(english:"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1089)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - Use-after-free vulnerability in the disk_seqf_stop
    function in block/genhd.c in the Linux kernel before
    4.7.1 allows local users to gain privileges by
    leveraging the execution of a certain stop operation
    even if the corresponding start operation had
    failed.(CVE-2016-7910)

  - Race condition in the get_task_ioprio function in
    block/ioprio.c in the Linux kernel before 4.6.6 allows
    local users to gain privileges or cause a denial of
    service (use-after-free) via a crafted ioprio_get
    system call.(CVE-2016-7911)

  - The assoc_array_insert_into_terminal_node function in
    lib/assoc_array.c in the Linux kernel before 4.5.3 does
    not check whether a slot is a leaf, which allows local
    users to obtain sensitive information from kernel
    memory or cause a denial of service (invalid pointer
    dereference and out-of-bounds read) via an application
    that uses associative-array data structures, as
    demonstrated by the keyutils test suite.(CVE-2016-7914)

  - The IPv6 stack in the Linux kernel before 4.3.3
    mishandles options data, which allows local users to
    gain privileges or cause a denial of service
    (use-after-free and system crash) via a crafted sendmsg
    system call.(CVE-2016-3841)

  - Race condition in the environ_read function in
    fs/proc/base.c in the Linux kernel before 4.5.4 allows
    local users to obtain sensitive information from kernel
    memory by reading a /proc/*/environ file during a
    process-setup time interval in which
    environment-variable copying is
    incomplete.(CVE-2016-7916)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2016-1089
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?743b78fa");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/12/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["kernel-3.10.0-229.42.1.105",
        "kernel-debug-3.10.0-229.42.1.105",
        "kernel-debuginfo-3.10.0-229.42.1.105",
        "kernel-debuginfo-common-x86_64-3.10.0-229.42.1.105",
        "kernel-devel-3.10.0-229.42.1.105",
        "kernel-headers-3.10.0-229.42.1.105",
        "kernel-tools-3.10.0-229.42.1.105",
        "kernel-tools-libs-3.10.0-229.42.1.105",
        "perf-3.10.0-229.42.1.105",
        "python-perf-3.10.0-229.42.1.105"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactĀ us for a demo andĀ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo