NewStart CGSL MAIN 6.01 kernel vulnerabilitie
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
OSV | Red Hat Security Advisory: kernel security, bug fix, and enhancement update | 16 Sep 202403:51 | – | osv |
OSV | Red Hat Security Advisory: kernel security and bug fix update | 16 Sep 202403:51 | – | osv |
OSV | Red Hat Security Advisory: kernel security and bug fix update | 16 Sep 202403:51 | – | osv |
OSV | Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update | 13 Sep 202422:39 | – | osv |
OSV | Red Hat Security Advisory: kpatch-patch security update | 13 Sep 202422:03 | – | osv |
OSV | Red Hat Security Advisory: kernel security, bug fix, and enhancement update | 13 Sep 202422:39 | – | osv |
OSV | Red Hat Security Advisory: kpatch-patch security update | 13 Sep 202422:03 | – | osv |
OSV | Red Hat Security Advisory: kpatch-patch security update | 13 Sep 202422:05 | – | osv |
OSV | Red Hat Security Advisory: kernel-rt security and bug fix update | 13 Sep 202422:03 | – | osv |
OSV | Red Hat Security Advisory: kernel security and bug fix update | 13 Sep 202422:03 | – | osv |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from ZTE advisory NS-SA-2020-0030. The text
# itself is copyright (C) ZTE, Inc.
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(138766);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id(
"CVE-2018-16871",
"CVE-2019-8980",
"CVE-2019-17053",
"CVE-2019-17055",
"CVE-2019-18282",
"CVE-2019-18805",
"CVE-2019-19045",
"CVE-2019-19055",
"CVE-2019-19077",
"CVE-2019-19532",
"CVE-2019-19534",
"CVE-2019-19768",
"CVE-2020-1749",
"CVE-2020-2732",
"CVE-2020-10711",
"CVE-2020-11884",
"CVE-2020-12657"
);
script_bugtraq_id(107120, 108547);
script_name(english:"NewStart CGSL MAIN 6.01 : kernel Multiple Vulnerabilities (NS-SA-2020-0030)");
script_set_attribute(attribute:"synopsis", value:
"The remote machine is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote NewStart CGSL host, running version MAIN 6.01, has kernel packages installed that are affected by multiple
vulnerabilities:
- A flaw was found in the Linux kernel's NFS
implementation, all versions 3.x and all versions 4.x up
to 4.20. An attacker, who is able to mount an exported
NFS filesystem, is able to trigger a null pointer
dereference by using an invalid NFS sequence. This can
panic the machine and deny access to the NFS server. Any
outstanding disk writes to the NFS server will be lost.
(CVE-2018-16871)
- ieee802154_create in net/ieee802154/socket.c in the
AF_IEEE802154 network module in the Linux kernel through
5.3.2 does not enforce CAP_NET_RAW, which means that
unprivileged users can create a raw socket, aka
CID-e69dbd4619e7. (CVE-2019-17053)
- base_sock_create in drivers/isdn/mISDN/socket.c in the
AF_ISDN network module in the Linux kernel through 5.3.2
does not enforce CAP_NET_RAW, which means that
unprivileged users can create a raw socket, aka
CID-b91ee4aa2a21. (CVE-2019-17055)
- The flow_dissector feature in the Linux kernel 4.3
through 5.x before 5.3.10 has a device tracking
vulnerability, aka CID-55667441c84f. This occurs because
the auto flowlabel of a UDP IPv6 packet relies on a
32-bit hashrnd value as a secret, and because jhash
(instead of siphash) is used. The hashrnd value remains
the same starting from boot time, and can be inferred by
an attacker. This affects net/core/flow_dissector.c and
related code. (CVE-2019-18282)
- An issue was discovered in net/ipv4/sysctl_net_ipv4.c in
the Linux kernel before 5.0.11. There is a
net/ipv4/tcp_input.c signed integer overflow in
tcp_ack_update_rtt() when userspace writes a very large
integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading
to a denial of service or possibly unspecified other
impact, aka CID-19fad20d15a6. (CVE-2019-18805)
- A memory leak in the mlx5_fpga_conn_create_cq() function
in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c
in the Linux kernel before 5.3.11 allows attackers to
cause a denial of service (memory consumption) by
triggering mlx5_vector2eqn() failures, aka
CID-c8c2a057fdc7. (CVE-2019-19045)
- ** DISPUTED ** A memory leak in the
nl80211_get_ftm_responder_stats() function in
net/wireless/nl80211.c in the Linux kernel through
5.3.11 allows attackers to cause a denial of service
(memory consumption) by triggering nl80211hdr_put()
failures, aka CID-1399c59fa929. NOTE: third parties
dispute the relevance of this because it occurs on a
code path where a successful allocation has already
occurred. (CVE-2019-19055)
- A memory leak in the bnxt_re_create_srq() function in
drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux
kernel through 5.3.11 allows attackers to cause a denial
of service (memory consumption) by triggering copy to
udata failures, aka CID-4a9d46a9fe14. (CVE-2019-19077)
- In the Linux kernel before 5.3.9, there are multiple
out-of-bounds write bugs that can be caused by a
malicious USB device in the Linux kernel HID drivers,
aka CID-d9d4b1e46d95. This affects drivers/hid/hid-
axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c,
drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c,
drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c,
drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c,
drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-
microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-
tmff.c, and drivers/hid/hid-zpff.c. (CVE-2019-19532)
- In the Linux kernel before 5.3.11, there is an info-leak
bug that can be caused by a malicious USB device in the
drivers/net/can/usb/peak_usb/pcan_usb_core.c driver, aka
CID-f7a1337f0d29. (CVE-2019-19534)
- In the Linux kernel 5.4.0-rc2, there is a use-after-free
(read) in the __blk_add_trace function in
kernel/trace/blktrace.c (which is used to fill out a
blk_io_trace structure and place it in a per-cpu sub-
buffer). (CVE-2019-19768)
- A memory leak in the kernel_read_file function in
fs/exec.c in the Linux kernel through 4.20.11 allows
attackers to cause a denial of service (memory
consumption) by triggering vfs_read failures.
(CVE-2019-8980)
- A NULL pointer dereference flaw was found in the Linux
kernel's SELinux subsystem in versions before 5.7. This
flaw occurs while importing the Commercial IP Security
Option (CIPSO) protocol's category bitmap into the
SELinux extensible bitmap via the'
ebitmap_netlbl_import' routine. While processing the
CIPSO restricted bitmap tag in the
'cipso_v4_parsetag_rbm' routine, it sets the security
attribute to indicate that the category bitmap is
present, even if it has not been allocated. This issue
leads to a NULL pointer dereference issue while
importing the same category bitmap into SELinux. This
flaw allows a remote network user to crash the system
kernel, resulting in a denial of service.
(CVE-2020-10711)
- In the Linux kernel through 5.6.7 on the s390 platform,
code execution may occur because of a race condition, as
demonstrated by code in enable_sacf_uaccess in
arch/s390/lib/uaccess.c that fails to protect against a
concurrent page table upgrade, aka CID-3f777e19d171. A
crash could also occur. (CVE-2020-11884)
- An issue was discovered in the Linux kernel before
5.6.5. There is a use-after-free in block/bfq-iosched.c
related to bfq_idle_slice_timer_body. (CVE-2020-12657)
- A flaw was discovered in the way that the KVM hypervisor
handled instruction emulation for an L2 guest when
nested virtualisation is enabled. Under some
circumstances, an L2 guest may trick the L0 guest into
accessing sensitive L1 resources that should be
inaccessible to the L2 guest. (CVE-2020-2732)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2020-0030");
script_set_attribute(attribute:"solution", value:
"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for
more information.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-18805");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/21");
script_set_attribute(attribute:"patch_publication_date", value:"2020/07/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/21");
script_set_attribute(attribute:"plugin_type", value:"local");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"NewStart CGSL Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/ZTE-CGSL/release");
if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");
if (release !~ "CGSL MAIN 6.01")
audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.01');
if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);
flag = 0;
pkgs = {
"CGSL MAIN 6.01": [
"bpftool-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"bpftool-debuginfo-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-abi-whitelists-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-core-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-cross-headers-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-debug-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-debug-core-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-debug-debuginfo-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-debug-devel-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-debug-modules-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-debug-modules-extra-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-debug-modules-internal-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-debuginfo-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-debuginfo-common-x86_64-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-devel-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-headers-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-ipaclones-internal-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-modules-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-modules-extra-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-modules-internal-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-selftests-internal-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-sign-keys-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-tools-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-tools-debuginfo-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-tools-libs-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"kernel-tools-libs-devel-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"perf-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"perf-debuginfo-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"python3-perf-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b",
"python3-perf-debuginfo-4.18.0-147.8.1.el8_1.cgslv6_1.4.110.g7726f271b"
]
};
pkg_list = pkgs[release];
foreach (pkg in pkg_list)
if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo