Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.NEWSTART_CGSL_NS-SA-2022-0047_KERNEL.NASL
HistoryMay 09, 2022 - 12:00 a.m.

NewStart CGSL MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2022-0047)

2022-05-0900:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
JSON

The remote NewStart CGSL host, running version MAIN 5.05, has kernel packages installed that are affected by multiple vulnerabilities:

  • A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c.
    This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space (CVE-2021-22555)

  • net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. (CVE-2021-32399)

  • arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. (CVE-2021-37576)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from ZTE advisory NS-SA-2022-0047. The text
# itself is copyright (C) ZTE, Inc.
##

include('compat.inc');

if (description)
{
  script_id(160783);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/01/13");

  script_cve_id("CVE-2021-22555", "CVE-2021-32399", "CVE-2021-37576");

  script_name(english:"NewStart CGSL MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2022-0047)");

  script_set_attribute(attribute:"synopsis", value:
"The remote NewStart CGSL host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote NewStart CGSL host, running version MAIN 5.05, has kernel packages installed that are affected by multiple
vulnerabilities:

  - A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c.
    This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name
    space (CVE-2021-22555)

  - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI
    controller. (CVE-2021-32399)

  - arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest
    OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e. (CVE-2021-37576)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2022-0047");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2021-22555");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2021-32399");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2021-37576");
  script_set_attribute(attribute:"solution", value:
"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for
more information.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-37576");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Netfilter x_tables Heap OOB Write Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/05/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/05/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:bpftool");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:python-perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:zte:cgsl_main:5");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"NewStart CGSL Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");

  exit(0);
}

include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item('Host/ZTE-CGSL/release');
if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');

if (release !~ "CGSL MAIN 5.05")
  audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 5.05');

if (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);

var flag = 0;

var pkgs = {
  'CGSL MAIN 5.05': [
    'bpftool-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603',
    'kernel-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603',
    'kernel-abi-whitelists-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603',
    'kernel-debug-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603',
    'kernel-debug-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603',
    'kernel-debug-devel-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603',
    'kernel-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603',
    'kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603',
    'kernel-devel-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603',
    'kernel-headers-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603',
    'kernel-tools-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603',
    'kernel-tools-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603',
    'kernel-tools-libs-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603',
    'kernel-tools-libs-devel-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603',
    'perf-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603',
    'perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603',
    'python-perf-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603',
    'python-perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.382.8.g763e603'
  ]
};
var pkg_list = pkgs[release];

foreach (pkg in pkg_list)
  if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}
VendorProductVersionCPE
ztecgsl_mainbpftoolp-cpe:/a:zte:cgsl_main:bpftool
ztecgsl_mainkernelp-cpe:/a:zte:cgsl_main:kernel
ztecgsl_mainkernel-abi-whitelistsp-cpe:/a:zte:cgsl_main:kernel-abi-whitelists
ztecgsl_mainkernel-debugp-cpe:/a:zte:cgsl_main:kernel-debug
ztecgsl_mainkernel-headersp-cpe:/a:zte:cgsl_main:kernel-headers
ztecgsl_mainkernel-debug-debuginfop-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo
ztecgsl_mainkernel-debug-develp-cpe:/a:zte:cgsl_main:kernel-debug-devel
ztecgsl_mainkernel-debuginfop-cpe:/a:zte:cgsl_main:kernel-debuginfo
ztecgsl_mainkernel-debuginfo-common-x86_64p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64
ztecgsl_mainkernel-develp-cpe:/a:zte:cgsl_main:kernel-devel
Rows per page:
1-10 of 191

Related

nessus 86
redhat 35
oraclelinux 7
fedora 4
debiancve 3
ibm 3
githubexploit 5
f5 3
cbl_mariner 4
ubuntucve 4
redhatcve 3
cve 3
prion 3
veracode 3
packetstorm 2
osv 10
zdt 2
centos 2
ubuntu 2
metasploit 1
cloudlinux 2
exploitdb 1
rocky 4
almalinux 3
rapid7blog 1
suse 2
photon 1
nessus
nessus
NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2022-0020)
2022-05-10 00:00:00
NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2022-0023)
2022-05-09 00:00:00
RHEL 7 : kernel (RHSA-2021:3725)
2021-10-05 00:00:00
redhat
redhat
(RHSA-2021:3725) Important: kernel security and bug fix update
2021-10-05 07:22:39
(RHSA-2021:3381) Important: kpatch-patch security update
2021-08-31 08:41:59
(RHSA-2021:3321) Important: kernel security and bug fix update
2021-08-31 07:37:22
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2021-08-04 00:00:00
kernel security and bug fix update
2021-08-31 00:00:00
kernel security and bug fix update
2021-09-08 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: kernel-tools-5.13.6-200.fc34
2021-08-02 01:05:52
[SECURITY] Fedora 34 Update: kernel-5.13.6-200.fc34
2021-08-02 01:05:51
[SECURITY] Fedora 33 Update: kernel-tools-5.13.6-100.fc33
2021-08-02 01:07:19
debiancve
debiancve
CVE-2021-37576
2021-07-26 22:15:00
CVE-2021-22555
2021-07-07 12:15:00
CVE-2021-32399
2021-05-10 22:15:00
ibm
ibm
Security Bulletin: Vulnerability in Linux Kernel affects IBM Integrated Analytics System.
2022-02-17 12:30:50
Security Bulletin: Publicly disclosed vulnerabilities from Kernel affect IBM Netezza Host Management
2021-12-24 13:23:23
Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM QRadar SIEM (CVE-2021-22543, CVE-2021-3653, CVE-2021-3656, CVE-2021-37576)
2022-04-28 20:56:41
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Linux Linux Kernel
2021-07-16 19:12:57
Exploit for Out-of-bounds Write in Linux Linux Kernel
2021-07-16 01:54:01
Exploit for Out-of-bounds Write in Linux Linux Kernel
2023-08-05 18:56:18
f5
f5
K06524534 : Linux kernel vulnerability CVE-2021-22555
2022-07-07 00:00:00
K39029022 : Linux kernel vulnerability CVE-2021-37576
2022-01-20 00:00:00
K53082045 : Linux kernel Vulnerability CVE-2021-32399
2022-05-12 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-37576 affecting package kernel 5.10.78.1-1
2022-04-09 06:52:47
CVE-2021-37576 affecting package kernel 5.10.168.1-1
2021-09-09 15:03:26
CVE-2021-32399 affecting package kernel 5.10.189.1-1
2021-09-09 15:03:26
ubuntucve
ubuntucve
CVE-2021-37576
2021-07-26 00:00:00
CVE-2021-32399
2021-05-10 00:00:00
CVE-2021-22555
2021-07-07 00:00:00
redhatcve
redhatcve
CVE-2021-37576
2021-07-27 17:51:06
CVE-2021-22555
2021-07-07 19:42:44
CVE-2021-32399
2021-06-11 09:48:36
cve
cve
CVE-2021-37576
2021-07-26 22:15:00
CVE-2021-22555
2021-07-07 12:15:00
CVE-2021-32399
2021-05-10 22:15:00
prion
prion
Memory corruption
2021-07-26 22:15:00
Heap overflow
2021-07-07 12:15:00
Race condition
2021-05-10 22:15:00
veracode
veracode
Denial Of Service (DoS)
2021-09-09 16:22:43
Denial Of Service
2021-08-18 17:49:29
Denial Of Service
2021-07-23 00:39:04
packetstorm
packetstorm
Linux Kernel Netfilter Heap Out-Of-Bounds Write
2021-07-16 00:00:00
Netfilter x_tables Heap Out-Of-Bounds Write / Privilege Escalation
2021-10-07 00:00:00
osv
osv
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerability
2021-08-12 22:28:40
CVE-2021-22555
2021-07-07 12:15:08
CVE-2021-32399
2021-05-10 22:15:06
zdt
zdt
Linux Kernel 2.6.19 < 5.9 - (Netfilter) Local Privilege Escalation Exploit
2021-07-16 00:00:00
Netfilter x_tables Heap Out-Of-Bounds Write / Privilege Escalation Exploit
2021-10-07 00:00:00
centos
centos
bpftool, kernel, perf, python security update
2021-08-31 21:19:47
bpftool, kernel, perf, python security update
2021-11-17 15:22:13
ubuntu
ubuntu
Linux kernel vulnerability
2021-08-12 00:00:00
Kernel Live Patch Security Notice
2021-08-16 00:00:00
metasploit
metasploit
Netfilter x_tables Heap OOB Write Privilege Escalation
2021-10-04 15:48:23
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-22555
2021-09-21 22:05:12
Fix of CVE: CVE-2021-22555
2021-09-21 22:04:54
exploitdb
exploitdb
Linux Kernel 2.6.19 &lt; 5.9 - &#039;Netfilter Local Privilege Escalation
2021-07-15 00:00:00
rocky
rocky
kernel security and bug fix update
2021-09-07 17:24:27
kernel security and bug fix update
2021-07-20 13:30:15
kernel-rt security and bug fix update
2021-08-10 12:10:45
almalinux
almalinux
Important: kernel security and bug fix update
2021-07-20 13:30:15
Important: kernel security and bug fix update
2021-09-07 17:24:27
Important: kernel security, bug fix, and enhancement update
2021-08-10 11:56:07
rapid7blog
rapid7blog
Metasploit Wrap-Up
2021-10-08 16:57:33
suse
suse
Security update for the Linux Kernel (important)
2021-07-20 00:00:00
Security update for the Linux Kernel (important)
2021-07-20 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2021-0234
2021-05-04 00:00:00
JSON
Related for NEWSTART_CGSL_NS-SA-2022-0047_KERNEL.NASL
nessus86redhat35oraclelinux7fedora4debiancve3ibm3githubexploit5f53cbl_mariner4ubuntucve4redhatcve3cve3prion3veracode3packetstorm2osv10zdt2centos2ubuntu2metasploit1cloudlinux2exploitdb1rocky4almalinux3rapid7blog1suse2photon1