Lucene search
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2017-482.NASLHistoryApr 19, 2017 - 12:00 a.m.
openSUSE Security Update : dracut (openSUSE-2017-482)
2017-04-1900:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
This update for dracut fixes the following issues :
Security issues fixed :
- CVE-2016-8637: When the early microcode loading was enabled during initrd creation, the initrd would be read-only available for all users, allowing local users to retrieve secrets stored in the initial ramdisk.
(bsc#1008340)
Non security issues fixed :
-
Remove zlib module as requirement. (bsc#1020063)
-
Unlimit TaskMax for xfs_repair in emergency shell.
(bsc#1019938) -
Resolve symbolic links for -i and -k parameters.
(bsc#902375) -
Enhance purge-kernels script to handle kgraft patches.
(bsc#1017141) -
Allow booting from degraded MD arrays with systemd.
(bsc#1017695) -
Allow booting on s390x with fips=1 on the kernel command line. (bnc#1021687)
-
Start multipath services before local-fs-pre.target.
(bsc#1005410, bsc#1006118, bsc#1007925) -
Fix /sbin/installkernel to handle kernel packages built with ‘make bin-rpmpkg’. (bsc#1008648)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2017-482.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(99450);
script_version("3.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2016-8637");
script_name(english:"openSUSE Security Update : dracut (openSUSE-2017-482)");
script_summary(english:"Check for the openSUSE-2017-482 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update for dracut fixes the following issues :
Security issues fixed :
- CVE-2016-8637: When the early microcode loading was
enabled during initrd creation, the initrd would be
read-only available for all users, allowing local users
to retrieve secrets stored in the initial ramdisk.
(bsc#1008340)
Non security issues fixed :
- Remove zlib module as requirement. (bsc#1020063)
- Unlimit TaskMax for xfs_repair in emergency shell.
(bsc#1019938)
- Resolve symbolic links for -i and -k parameters.
(bsc#902375)
- Enhance purge-kernels script to handle kgraft patches.
(bsc#1017141)
- Allow booting from degraded MD arrays with systemd.
(bsc#1017695)
- Allow booting on s390x with fips=1 on the kernel command
line. (bnc#1021687)
- Start multipath services before local-fs-pre.target.
(bsc#1005410, bsc#1006118, bsc#1007925)
- Fix /sbin/installkernel to handle kernel packages built
with 'make bin-rpmpkg'. (bsc#1008648)
This update was imported from the SUSE:SLE-12-SP2:Update update
project."
);
script_set_attribute(
attribute:"solution",
value:"Update the affected dracut packages."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dracut");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dracut-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dracut-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dracut-fips");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dracut-tools");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
script_set_attribute(attribute:"patch_publication_date", value:"2017/04/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/19");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE42.2", reference:"dracut-044-16.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"dracut-debuginfo-044-16.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"dracut-debugsource-044-16.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"dracut-fips-044-16.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"dracut-tools-044-16.3.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
else security_note(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dracut / dracut-debuginfo / dracut-debugsource / dracut-fips / etc");
}
Related
prion
prion
Information disclosure
2018-08-01 13:29:00
debiancve
debiancve
CVE-2016-8637
2018-08-01 13:29:00
nessus
nessus
SUSE SLED12 / SLES12 Security Update : dracut (SUSE-SU-2017:0951-1)
2017-04-07 00:00:00
SUSE SLES12 Security Update : dracut (SUSE-SU-2017:2696-1)
2017-10-11 00:00:00
Fedora 25 : dracut (2016-cc5006bef7)
2016-11-21 00:00:00
osv
osv
CVE-2016-8637
2018-08-01 13:29:00
dracut-044-17.1 on GA media
2024-06-15 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: dracut-044-78.fc25
2016-11-19 22:03:43
[SECURITY] Fedora 24 Update: dracut-044-21.fc24
2016-11-10 03:35:06
nvd
nvd
CVE-2016-8637
2018-08-01 13:29:00
openvas
openvas
Fedora Update for dracut FEDORA-2016-94d1c64fe2
2016-12-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:0641-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:2696-1)
2021-04-19 00:00:00
ubuntucve
ubuntucve
CVE-2016-8637
2018-08-01 00:00:00
redhatcve
redhatcve
CVE-2016-8637
2016-11-07 14:17:27
cve
cve
CVE-2016-8637
2018-08-01 13:29:00
mageia
mageia
Updated dracut packages fix security vulnerability
2016-11-18 02:40:52
cvelist
cvelist
CVE-2016-8637
2018-08-01 13:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1825
2021-07-02 16:38:57
photon
photon
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
Related for OPENSUSE-2017-482.NASL