Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2016-7E12AE5359.NASL
HistoryMar 04, 2016 - 12:00 a.m.

Fedora 23 : kernel-4.4.2-301.fc23 (2016-7e12ae5359)

2016-03-0400:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
32

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.054 Low

EPSS

Percentile

93.2%

JSON

This is an incremental update over 4.4.2-300 which contains two fixes fix for AMD IOMMU warnings use after free in USB ---- The 4.4.2 update contains a number of important updates across the kernel tree.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2016-7e12ae5359.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(89570);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2015-8812", "CVE-2016-0617", "CVE-2016-2383", "CVE-2016-2384");
  script_xref(name:"FEDORA", value:"2016-7e12ae5359");

  script_name(english:"Fedora 23 : kernel-4.4.2-301.fc23 (2016-7e12ae5359)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This is an incremental update over 4.4.2-300 which contains two fixes
fix for AMD IOMMU warnings use after free in USB ---- The 4.4.2 update
contains a number of important updates across the kernel tree.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1303532"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1305803"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1308444"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1308452"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2016-February/178056.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?61322666"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected kernel package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kernel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/02/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC23", reference:"kernel-4.4.2-301.fc23")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
VendorProductVersionCPE
fedoraprojectfedora23cpe:/o:fedoraproject:fedora:23
fedoraprojectfedorakernelp-cpe:/a:fedoraproject:fedora:kernel

Related

fedora 3
openvas 43
nessus 52
suse 22
osv 2
debian 3
ubuntucve 4
f5 4
nvd 4
cvelist 4
debiancve 4
cve 4
prion 4
ubuntu 19
exploitpack 1
zdt 1
packetstorm 1
veracode 1
exploitdb 1
seebug 1
oraclelinux 6
cloudfoundry 2
amazon 1
redhat 3
centos 2
ibm 4
virtuozzo 2
kitploit 1
fedora
fedora
[SECURITY] Fedora 22 Update: kernel-4.4.3-201.fc22
2016-03-05 01:20:44
[SECURITY] Fedora 22 Update: kernel-4.3.6-201.fc22
2016-02-28 08:29:55
[SECURITY] Fedora 23 Update: kernel-4.4.2-301.fc23
2016-02-28 12:28:05
openvas
openvas
Fedora Update for kernel FEDORA-2016-9
2016-03-05 00:00:00
Fedora Update for kernel FEDORA-2016-7
2016-02-29 00:00:00
Debian: Security Advisory (DLA-439-1)
2023-03-08 00:00:00
nessus
nessus
Fedora 22 : kernel-4.3.6-201.fc22 (2016-e7162262b0)
2016-03-04 00:00:00
Fedora 22 : kernel-4.4.3-201.fc22 (2016-9fbe2c258b)
2016-03-07 00:00:00
Debian DLA-439-1 : linux-2.6 security update
2016-03-01 00:00:00
suse
suse
Security update for Linux Kernel Live Patch 7 (important)
2016-04-14 20:07:59
Security update for Linux Kernel Live Patch 11 (important)
2016-04-14 17:10:58
Security update for Linux Kernel Live Patch 0 for SP 1 (important)
2016-04-14 17:08:08
osv
osv
linux-2.6 - security update
2016-02-29 00:00:00
linux - security update
2016-03-03 00:00:00
debian
debian
[SECURITY] [DLA 439-1] linux-2.6 security update
2016-02-29 18:43:11
[SECURITY] [DSA 3503-1] linux security update
2016-03-03 20:56:20
[SECURITY] [DSA 3503-1] linux security update
2016-03-03 20:56:20
ubuntucve
ubuntucve
CVE-2015-8812
2015-12-31 00:00:00
CVE-2016-0617
2016-09-30 00:00:00
CVE-2016-2383
2016-02-15 00:00:00
f5
f5
SOL80758444 - Linux kernel vulnerability CVE-2015-8812
2016-06-17 00:00:00
K80758444 : Linux kernel vulnerability CVE-2015-8812
2016-06-17 00:00:00
SOL11853211 - Multiple Linux kernel vulnerabilities
2016-07-11 00:00:00
nvd
nvd
CVE-2015-8812
2016-04-27 17:59:02
CVE-2016-0617
2016-09-30 14:59:00
CVE-2016-2384
2016-04-27 17:59:11
cvelist
cvelist
CVE-2015-8812
2016-04-27 17:00:00
CVE-2016-2384
2016-04-27 17:00:00
CVE-2016-0617
2016-09-30 14:00:00
debiancve
debiancve
CVE-2015-8812
2016-04-27 17:59:02
CVE-2016-0617
2016-09-30 14:59:00
CVE-2016-2384
2016-04-27 17:59:11
cve
cve
CVE-2015-8812
2016-04-27 17:59:02
CVE-2016-0617
2016-09-30 14:59:00
CVE-2016-2383
2016-04-27 17:59:10
prion
prion
Design/Logic Flaw
2016-04-27 17:59:00
Design/Logic Flaw
2016-09-30 14:59:00
Double free
2016-04-27 17:59:00
ubuntu
ubuntu
Linux kernel vulnerability
2016-03-14 00:00:00
Linux kernel (OMAP4) vulnerability
2016-03-14 00:00:00
Linux kernel (Wily HWE) vulnerabilities
2016-04-06 00:00:00
exploitpack
exploitpack
Linux Kernel 3.x (Ubuntu 14.04 Mint 17.3 Fedora 22) - Double-free usb-midi SMEP Privilege Escalation
2016-02-22 00:00:00
zdt
zdt
Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Local Privilege
2017-05-14 00:00:00
packetstorm
packetstorm
Linux Kernel 3.x usb-midi Local Privilege Escalation
2017-05-12 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:51:58
exploitdb
exploitdb
Linux Kernel 3.x (Ubuntu 14.04 / Mint 17.3 / Fedora 22) - Double-free usb-midi SMEP Privilege Escalation
2016-02-22 00:00:00
seebug
seebug
Linux kernel local privilege escalation flaw in n_hdlc(CVE-2017-2636)
2017-03-09 00:00:00
oraclelinux
oraclelinux
kernel-uek security update
2016-03-28 00:00:00
Unbreakable Enterprise kernel security update
2018-06-15 00:00:00
Unbreakable Enterprise kernel security update
2018-06-15 00:00:00
cloudfoundry
cloudfoundry
USN-2949-1 Linux kernel (Vivid HWE) vulnerabilities | Cloud Foundry
2016-05-06 00:00:00
USN-2932-1 Linux kernel vulnerabilities | Cloud Foundry
2016-03-16 00:00:00
amazon
amazon
Medium: kernel
2016-03-16 16:30:00
redhat
redhat
(RHSA-2017:0817) Moderate: kernel security, bug fix, and enhancement update
2017-03-21 08:09:43
(RHSA-2016:2584) Important: kernel-rt security, bug fix, and enhancement update
2016-11-03 06:07:15
(RHSA-2016:2574) Important: kernel security, bug fix, and enhancement update
2016-11-03 06:07:14
centos
centos
kernel, perf, python security update
2017-03-24 15:34:16
kernel, perf, python security update
2016-11-25 15:59:02
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
2023-03-29 01:48:02
Security Bulletin: IBM Security Access Manager version 9.0.3.0 appliances are affected by multiple kernel vulnerabilities
2018-06-16 22:03:41
Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities in Linux Kernel
2018-06-16 22:00:56
virtuozzo
virtuozzo
Kernel security update: new kernel 2.6.32-042stab123.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
2017-03-30 00:00:00
Kernel security update: new kernel 2.6.32-042stab123.1, Virtuozzo 6.0 Update 12 Hotfix 7 (6.0.12-)
2017-03-30 00:00:00
kitploit
kitploit
Kernelpop - Kernel Privilege Escalation Enumeration And Exploitation Framework
2017-11-04 13:30:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.054 Low

EPSS

Percentile

93.2%

JSON
Related for FEDORA_2016-7E12AE5359.NASL
fedora3openvas43nessus52suse22osv2debian3ubuntucve4f54nvd4cvelist4debiancve4cve4prion4ubuntu19exploitpack1zdt1packetstorm1veracode1exploitdb1seebug1oraclelinux6cloudfoundry2amazon1redhat3centos2ibm4virtuozzo2kitploit1