Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.NEWSTART_CGSL_NS-SA-2022-0002_KERNEL.NASL
HistoryMay 10, 2022 - 12:00 a.m.

NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2022-0002)

2022-05-1000:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
JSON

The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple vulnerabilities:

  • The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after- free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. (CVE-2019-11487)

  • rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow. (CVE-2019-17666)

  • A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
    drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
    (CVE-2020-29661)

  • An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)

  • An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. (CVE-2021-27365)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from ZTE advisory NS-SA-2022-0002. The text
# itself is copyright (C) ZTE, Inc.
##

include('compat.inc');

if (description)
{
  script_id(160830);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/10");

  script_cve_id(
    "CVE-2019-11487",
    "CVE-2019-17666",
    "CVE-2020-29661",
    "CVE-2021-27364",
    "CVE-2021-27365"
  );

  script_name(english:"NewStart CGSL MAIN 4.05 : kernel Multiple Vulnerabilities (NS-SA-2022-0002)");

  script_set_attribute(attribute:"synopsis", value:
"The remote NewStart CGSL host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote NewStart CGSL host, running version MAIN 4.05, has kernel packages installed that are affected by multiple
vulnerabilities:

  - The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-
    free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,
    include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can
    occur with FUSE requests. (CVE-2019-11487)

  - rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a
    certain upper-bound check, leading to a buffer overflow. (CVE-2019-17666)

  - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.
    drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.
    (CVE-2020-29661)

  - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is
    adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)

  - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have
    appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can
    send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a
    Netlink message. (CVE-2021-27365)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2022-0002");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2019-11487");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2019-17666");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2020-29661");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2021-27364");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2021-27365");
  script_set_attribute(attribute:"solution", value:
"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for
more information.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-17666");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/05/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/05/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:python-perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:zte:cgsl_main:4");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"NewStart CGSL Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");

  exit(0);
}

include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item('Host/ZTE-CGSL/release');
if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');

if (release !~ "CGSL MAIN 4.05")
  audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');

if (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);

var flag = 0;

var pkgs = {
  'CGSL MAIN 4.05': [
    'kernel-2.6.32-642.13.1.el6.cgslv4_5.0.172.gacd0c9c',
    'kernel-debuginfo-2.6.32-642.13.1.el6.cgslv4_5.0.172.gacd0c9c',
    'kernel-debuginfo-common-x86_64-2.6.32-642.13.1.el6.cgslv4_5.0.172.gacd0c9c',
    'kernel-devel-2.6.32-642.13.1.el6.cgslv4_5.0.172.gacd0c9c',
    'kernel-headers-2.6.32-642.13.1.el6.cgslv4_5.0.172.gacd0c9c',
    'perf-2.6.32-642.13.1.el6.cgslv4_5.0.172.gacd0c9c',
    'perf-debuginfo-2.6.32-642.13.1.el6.cgslv4_5.0.172.gacd0c9c',
    'python-perf-2.6.32-642.13.1.el6.cgslv4_5.0.172.gacd0c9c',
    'python-perf-debuginfo-2.6.32-642.13.1.el6.cgslv4_5.0.172.gacd0c9c'
  ]
};
var pkg_list = pkgs[release];

foreach (pkg in pkg_list)
  if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}
VendorProductVersionCPE
ztecgsl_mainkernelp-cpe:/a:zte:cgsl_main:kernel
ztecgsl_mainkernel-debuginfop-cpe:/a:zte:cgsl_main:kernel-debuginfo
ztecgsl_mainkernel-debuginfo-common-x86_64p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64
ztecgsl_mainkernel-develp-cpe:/a:zte:cgsl_main:kernel-devel
ztecgsl_mainkernel-headersp-cpe:/a:zte:cgsl_main:kernel-headers
ztecgsl_mainperfp-cpe:/a:zte:cgsl_main:perf
ztecgsl_mainperf-debuginfop-cpe:/a:zte:cgsl_main:perf-debuginfo
ztecgsl_mainpython-perfp-cpe:/a:zte:cgsl_main:python-perf
ztecgsl_mainpython-perf-debuginfop-cpe:/a:zte:cgsl_main:python-perf-debuginfo
ztecgsl_main4cpe:/o:zte:cgsl_main:4

Related

nessus 72
oraclelinux 14
redhat 31
osv 5
centos 4
ubuntu 5
ibm 2
cloudfoundry 1
virtuozzo 4
slackware 1
cloudlinux 1
openvas 5
photon 2
prion 5
veracode 4
cve 5
f5 3
ubuntucve 5
redhatcve 5
zdt 1
debiancve 5
archlinux 4
fedora 4
symantec 1
packetstorm 1
cbl_mariner 5
mageia 2
threatpost 1
amazon 1
nessus
nessus
Oracle Linux 6 : kernel (ELSA-2021-9212)
2021-05-04 00:00:00
RHEL 6 : kernel (RHSA-2021:1288)
2022-02-09 00:00:00
RHEL 7 : kpatch-patch (RHSA-2021:1069)
2021-04-06 00:00:00
oraclelinux
oraclelinux
kernel security update
2021-05-04 00:00:00
kernel security, bug fix, and enhancement update
2020-03-18 00:00:00
Unbreakable Enterprise kernel-container security update
2021-03-18 00:00:00
redhat
redhat
(RHSA-2021:1288) Important: kernel security and bug fix update
2021-04-20 14:27:34
(RHSA-2021:1173) Important: kpatch-patch security update
2021-04-13 10:01:55
(RHSA-2021:1069) Important: kpatch-patch security update
2021-04-06 07:27:25
osv
osv
linux, linux-aws, linux-aws-hwe, linux-azure, linux-azure-4.15, linux-gcp, linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities
2021-03-29 16:52:26
linux, linux-lts-xenial vulnerabilities
2021-03-25 03:09:57
Android Vomit Report
2021-05-01 00:00:00
centos
centos
bpftool, kernel, perf, python security update
2021-04-10 17:09:38
bpftool, kernel, perf, python security update
2020-03-18 19:22:23
kernel, perf, python security update
2020-11-09 13:13:23
ubuntu
ubuntu
Linux kernel vulnerabilities
2021-03-29 00:00:00
Linux kernel vulnerabilities
2021-03-25 00:00:00
Linux kernel (Trusty HWE) vulnerabilities
2021-04-06 00:00:00
ibm
ibm
Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management
2021-09-23 03:53:04
Security Bulletin: IBM QRadar Network Packet Capture is vulnerable to using components with known vulnerabilities
2021-07-30 05:04:09
cloudfoundry
cloudfoundry
USN-4883-1: Linux kernel vulnerabilities | Cloud Foundry
2021-04-14 00:00:00
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel patch 125.0 for Virtuozzo Hybrid Server 7.0, 7.5, Virtuozzo Infrastructure Platform 3.0, and Virtuozzo Hybrid Infrastructure 3.5, 4.0
2021-04-05 00:00:00
[Important] [Security] New kernel 2.6.32-042stab146.1; Virtuozzo 6.0 Update 12 Hotfix 54 (6.0.12-3761)
2021-08-03 00:00:00
[Important] [Security] Virtuozzo ReadyKernel patch 122.0 for Virtuozzo Hybrid Server 7.0, Virtuozzo Infrastructure Platform 3.0, and Virtuozzo Hybrid Infrastructure 3.5, 4.0
2021-02-15 00:00:00
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2021-03-14 04:08:15
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-27364, CVE-2021-27363, CVE-2021-27365
2021-09-21 22:01:04
openvas
openvas
CentOS: Security Advisory for bpftool (CESA-2020:0839)
2020-03-26 00:00:00
Fedora Update for kernel-tools FEDORA-2019-6a67ff8793
2020-01-09 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1671)
2020-01-23 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0375
2021-03-27 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0332
2021-03-27 00:00:00
prion
prion
Design/Logic Flaw
2019-04-23 22:29:00
Buffer overflow
2019-10-17 02:15:00
Design/Logic Flaw
2020-12-09 17:15:00
veracode
veracode
Denial Of Service (DoS)
2020-03-18 00:55:52
Use-after-free
2021-02-17 16:03:38
Privilege Escalation
2021-04-07 09:16:26
cve
cve
CVE-2019-11487
2019-04-23 22:29:00
CVE-2020-29661
2020-12-09 17:15:00
CVE-2019-17666
2019-10-17 02:15:00
f5
f5
K14255532 : Linux kernel vulnerability CVE-2019-11487
2019-06-28 00:00:00
K56851402 : Linux kernel vulnerability CVE-2019-17666
2020-09-11 00:00:00
K34519550 : Linux kernel vulnerability CVE-2021-27364
2022-03-02 00:00:00
ubuntucve
ubuntucve
CVE-2019-11487
2019-04-23 00:00:00
CVE-2019-17666
2019-10-17 00:00:00
CVE-2021-27365
2021-03-07 00:00:00
redhatcve
redhatcve
CVE-2019-17666
2019-10-21 11:20:57
CVE-2019-11487
2020-04-07 17:14:51
CVE-2021-27365
2021-03-05 19:04:14
zdt
zdt
Linux TIOCSPGRP Broken Locking Exploit
2020-12-24 00:00:00
debiancve
debiancve
CVE-2019-11487
2019-04-23 22:29:00
CVE-2019-17666
2019-10-17 02:15:00
CVE-2020-29661
2020-12-09 17:15:00
archlinux
archlinux
[ASA-201911-12] linux-zen: arbitrary code execution
2019-11-13 00:00:00
[ASA-201911-10] linux: arbitrary code execution
2019-11-13 00:00:00
[ASA-201911-11] linux-lts: arbitrary code execution
2019-11-13 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: kernel-5.3.7-301.fc31
2019-10-24 17:10:09
[SECURITY] Fedora 31 Update: kernel-tools-5.3.7-300.fc31
2019-10-24 17:10:10
[SECURITY] Fedora 33 Update: kernel-5.9.14-200.fc33
2020-12-17 01:25:30
symantec
symantec
Linux Kernel CVE-2019-17666 Buffer Overflow Vulnerability
2019-10-16 00:00:00
packetstorm
packetstorm
Linux TIOCSPGRP Broken Locking
2020-12-22 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-29661 affecting package kernel 5.4.91-6
2021-01-29 07:40:05
CVE-2021-27365 affecting package kernel 5.10.78.1-1
2022-04-09 06:52:47
CVE-2021-27364 affecting package kernel 5.10.189.1-1
2021-09-09 15:03:26
mageia
mageia
Updated kernel packages fix security vulnerabilities
2019-10-29 17:54:30
Updated kernel packages fix security issues
2021-03-22 20:17:19
threatpost
threatpost
Four-Year-Old Critical Linux Wi-Fi Bug Allows System Compromise
2019-10-18 15:55:37
amazon
amazon
Important: kernel
2021-03-18 17:29:00
JSON
Related for NEWSTART_CGSL_NS-SA-2022-0002_KERNEL.NASL
nessus72oraclelinux14redhat31osv5centos4ubuntu5ibm2cloudfoundry1virtuozzo4slackware1cloudlinux1openvas5photon2prion5veracode4cve5f53ubuntucve5redhatcve5zdt1debiancve5archlinux4fedora4symantec1packetstorm1cbl_mariner5mageia2threatpost1amazon1