Lucene search
+L

Kernel vulnerabilities detected in banner reporting (PCI-DSS check)

🗓️ 23 Mar 2018 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 273 Views

Kernel vulnerabilities detected in banner reporting. Checks banners for vulnerable kernel level

Refs
Code
SourceLink
nessuswww.nessus.org/u
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(108590);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/22");

  script_name(english:"Kernel vulnerabilities detected in banner reporting (PCI-DSS check)");
  script_summary(english:"Checks banners for vulnerable kernel levels");

  script_set_attribute(
    attribute:"synopsis",
    value:
"The Linux kernel version reported in banners possesses one or more
vulnerabilities."
  );
  script_set_attribute(
    attribute:"description",
    value:
"A service banner response from the remote host indicates a Linux 
kernel install at a level that may be vulnerable to one or more
non-denial-of-service vulnerabilities.

This plugin only runs when 'Check for PCI-DSS compliance' is enabled
in the scan policy. It does not run if local security checks are
enabled. It runs off of self-reported kernel versions in banners."
  );

  # https://www.cvedetails.com/product/47/Linux-Linux-Kernel.html?vendor_id=33"
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?52b202ee");
  script_set_attribute(
    attribute:"solution",
    value:
"Update the version of the Linux kernel running on the system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L");
  script_set_attribute(attribute:"cvss_score_source", value:"manual");
  script_set_attribute(attribute:"cvss_score_rationale", value:"Score from an in depth analysis done by Tenable");

  script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/23");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_require_keys("Settings/PCI_DSS");
  script_exclude_keys("Host/local_checks_enabled");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("kernel_cves.inc");
include("lists.inc");

if (!get_kb_item("Settings/PCI_DSS")) audit(AUDIT_PCI);
if (get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are enabled.");

# Check all relevant banner KBs
banners = get_kb_list("*/banner/*");
if (isnull(banners)) exit(0, "Relevant banners not present for this scan.");

global_var ver_compare_regexes = make_array(1, "git(\d+)", -1, "rc(\d+)");
function vcomp ()
{
  var v1 = _FCT_ANON_ARGS[0];
  var v2 = _FCT_ANON_ARGS[1];
  return ver_compare(ver:v1, fix:v2, strict:FALSE, regexes:ver_compare_regexes) < 0;
}

function version_sort ()
{
  var seq = _FCT_ANON_ARGS[0];
  return collib::merge_sort(seq, comparator:@vcomp);
}

# Determine if a kernel version is present in the banners and extract it
port = 0;
version = NULL;
foreach banner_kb (sort(keys(banners)))
{
  banner_value = banners[banner_kb];
  regex = "(?:kernel|linux) (\d+\.\d+\.\d+[^\s]*)";
  kernel_version = pregmatch(string:banner_value, pattern:regex, icase:TRUE);
  if(!isnull(kernel_version))
  {
    version = kernel_version[1];
    #version -= ".EL";
    version = ereg_replace(string:version, pattern:"^(.*?)\.EL(.*)$", replace:"\1\2");
    version = ereg_replace(string:version, pattern:"^(.*?)\.el\d\.(?:x86_64|i\d86)(.*)$", replace:"\1\2");

    # Try and extract port from banner_kb
    portmatch = pregmatch(pattern:"\/(\d+)(?:\/|$)", string:banner_kb);
    if (portmatch)
    {
      port = portmatch[1];
    }
    break;
  }
}

if (isnull(version))
{
  exit(0, "Unable to find kernel version strings in banner(s).");
}

max_score = 0;
report = 'Kernel version: ' + version +
         '\nVulnerabilities associated with unpatched fixes:\n';
foreach check_version (version_sort(keys(_kernel_vuln_cves)))
{
  minver = NULL;
  check_split = split(check_version, sep:'.', keep:FALSE);
  minver = check_split[0];
  if (ver_compare(ver:version, fix:check_version, minver:minver, strict:FALSE, regexes:ver_compare_regexes) < 0)
  {
    version_score = int(_kernel_vuln_cves[check_version]['max_score']);
    version_cves = _kernel_vuln_cves[check_version]['cve_list'];
    if (version_score > max_score)
    {
      max_score = version_score;
    }
    advisory_ids = os_vuln_cves[version]['advisory_ids'];
    cve_split = split(version_cves, sep:', ', keep:0);
    cves_block = '      ';
    for (i = 0; i < max_index(cve_split); i++)
    {
      terminator = ', ';
      if (i == (max_index(cve_split) - 1))
      {
        terminator = '\n';
      }
      else if ((i + 1) % 4 == 0)
      {
        terminator = ',\n      ';
      } 
      else
      {
        terminator = ', ';
      }
      cves_block += cve_split[i] + terminator;
    }
    report += '  - Version ' + check_version + ' fixes:\n' + cves_block;
  }
}

# PCI doesn't care about Low scores
if (max_score > 4)
{
  security_report_v4(
    port       : port,
    severity   : SECURITY_HOLE,
    extra      : report
  );
}
else
{
  exit(0, "Banner kernel version not known as vulnerable to PCI-appropriate CVEs.");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

22 Apr 2020 00:00Current
5.6Medium risk
Vulners AI Score5.6
273