Vulners
Lucene search
MiracleLinux 4 : kernel-2.6.32-696.6.3.el6 (AXSA:2017-1749:05)
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2017-1749:05.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(289136);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/19");
script_cve_id("CVE-2017-7895");
script_name(english:"MiracleLinux 4 : kernel-2.6.32-696.6.3.el6 (AXSA:2017-1749:05)");
script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the
AXSA:2017-1749:05 advisory.
The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
Security issues fixed with this release:
CVE-2017-7895
The NFSv2 and NFSv3 server implementations in the Linux kernel through
4.10.13 lack certain checks for the end of a buffer, which allows
remote attackers to trigger pointer-arithmetic errors or possibly have
unspecified other impact via crafted requests, related to
fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.
Fixed bugs:
* If several file operations were started after a mounted NFS share had got idle and its Transmission
Control Protocol (TCP) connection had therefore been terminated, these operations could cause multiple TCP
SYN packets coming from the NFS client instead of one. With this update, the reconnection logic has been
fixed, and only one TCP SYN packet is now sent in the described situation.
* When the ixgbe driver was loaded for a backplane-connected network card, a kernel panic could occur,
because the ops.setup_fc function pointer was used before the initialization. With this update,
ops.setup_fc is initialized earlier. As a result, ixgbe no longer panics on load.
* When setting an Access Control List (ACL) with 190 and more Access Control Entries (ACEs) on a NFSv4
directory, a kernel crash could previously occur. This update fixes the nfs4_getfacl() function, and the
kernel no longer crashes under the described circumstances.
* When upgrading to kernel with the fix for stack guard flaw, a crash could occur in Java Virtual Machine
(JVM) environments, which attempted to implement their own stack guard page. With this update, the
underlying source code has been fixed to consider the PROT_NONE mapping as a part of the stack, and the
crash in JVM no longer occurs under the described circumstances.
* When a program receives IPv6 packets using the raw socket, the ioctl(FIONREAD) and ioctl(SIOCINQ)
functions can incorrectly return zero waiting bytes. This update fixes the ip6_input_finish() function to
check the raw payload size properly. As a result, the ioctl() function now returns bytes waiting in the
raw socket correctly.
* Previously, listing a directory on a non-standard XFS filesystem (with non-default multi-fsb directory
blocks) could lead to a soft lock up due to array index overrun in the xfs_dir2_leaf_readbuf() function.
This update fixes xfs_dir2_leaf_readbuf(), and the soft lock up no longer occurs under the described
circumstances.
* Previously, aborts from the array after the Storage Area Network (SAN) fabric back-pressure led to
premature reuse of still valid sequence with the same OX_ID. Consequently, an error message and data
corruption could occur. This update fixes the libfc driver to isolate the timed out OX_IDs, thus fixing
this bug.
* Previously, a kernel panic occurred when the mcelog daemon executed a huge page memory offline. This
update fixes the HugeTLB feature of the Linux kernel to check for the Page Table Entry (PTE) NULL pointer
in the page_check_address() function. As a result, the kernel panic no longer occurs under the described
circumstances.
Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/8181");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7895");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vendor_severity", value:"High");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/28");
script_set_attribute(attribute:"patch_publication_date", value:"2017/07/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-abi-whitelists");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-firmware");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:4");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Miracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm2.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^4([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 4.x', 'MIRACLE LINUX ' + os_version);
if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);
var constraints = [
{
'release': '4',
'pkgs': [
{'reference':'kernel-2.6.32-696.6.3.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-2.6.32-696.6.3.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-abi-whitelists-2.6.32-696.6.3.el6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-debug-2.6.32-696.6.3.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-debug-2.6.32-696.6.3.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-debug-devel-2.6.32-696.6.3.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-debug-devel-2.6.32-696.6.3.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-devel-2.6.32-696.6.3.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-devel-2.6.32-696.6.3.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-firmware-2.6.32-696.6.3.el6', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-headers-2.6.32-696.6.3.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'kernel-headers-2.6.32-696.6.3.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'perf-2.6.32-696.6.3.el6', 'cpu':'i686', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'perf-2.6.32-696.6.3.el6', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
]
}
];
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
## (no known rpm to check OR known rpm_exists)
(!exists_check || rpm_exists(rpm:exists_check)) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Jan 2026 00:00Current
7High risk
Vulners AI Score7
CVSS 3.19.8
CVSS 210
EPSS0.21519