Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2011-0283.NASL
HistoryJul 12, 2013 - 12:00 a.m.

Oracle Linux 6 : kernel (ELSA-2011-0283)

2013-07-1200:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
33
JSON

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0283 advisory.

  • The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer. (CVE-2010-4165)

  • Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors involving an mprotect system call. (CVE-2010-4169)

  • fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an OOM dodging issue, a related issue to CVE-2010-3858. (CVE-2010-4243)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2011-0283.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(68206);
  script_version("1.20");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/09/08");

  script_cve_id("CVE-2010-4165", "CVE-2010-4169", "CVE-2010-4243");
  script_bugtraq_id(44830, 44861, 45004);
  script_xref(name:"RHSA", value:"2011:0283");

  script_name(english:"Oracle Linux 6 : kernel (ELSA-2011-0283)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2011-0283 advisory.

  - The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly
    restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a
    setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a
    signed integer. (CVE-2010-4165)

  - Use-after-free vulnerability in mm/mprotect.c in the Linux kernel before 2.6.37-rc2 allows local users to
    cause a denial of service via vectors involving an mprotect system call. (CVE-2010-4169)

  - fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM Killer to assess use of stack memory
    by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial
    of service (memory consumption) via a crafted exec system call, aka an OOM dodging issue, a related
    issue to CVE-2010-3858. (CVE-2010-4243)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2011-0283.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2010-4243");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/08/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/02/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Oracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("linux_alt_patch_detect.nasl", "ssh_get_info.nasl");
  script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");

  exit(0);
}


include('audit.inc');
include('global_settings.inc');
include('ksplice.inc');
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
var os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);

var machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');
if (machine_uptrack_level)
{
  var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:"\.(x86_64|i[3-6]86|aarch64)$", replace:'');
  var fixed_uptrack_levels = ['2.6.32-71.18.1.el6'];
  foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {
    if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)
    {
      audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2011-0283');
    }
  }
  __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\n\n';
}

var kernel_major_minor = get_kb_item('Host/uname/major_minor');
if (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');
var expected_kernel_major_minor = '2.6';
if (kernel_major_minor != expected_kernel_major_minor)
  audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);

var pkgs = [
    {'reference':'kernel-2.6.32-71.18.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},
    {'reference':'kernel-2.6.32-71.18.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},
    {'reference':'kernel-debug-2.6.32-71.18.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},
    {'reference':'kernel-debug-2.6.32-71.18.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},
    {'reference':'kernel-debug-devel-2.6.32-71.18.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},
    {'reference':'kernel-debug-devel-2.6.32-71.18.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},
    {'reference':'kernel-devel-2.6.32-71.18.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},
    {'reference':'kernel-devel-2.6.32-71.18.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},
    {'reference':'kernel-firmware-2.6.32-71.18.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-firmware-2.6.32'},
    {'reference':'kernel-headers-2.6.32-71.18.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},
    {'reference':'kernel-headers-2.6.32-71.18.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},
    {'reference':'perf-2.6.32-71.18.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var release = NULL;
  var sp = NULL;
  var cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && release) {
    if (exists_check) {
        if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    } else {
        if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    }
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-debug / kernel-debug-devel / etc');
}
VendorProductVersionCPE
oraclelinux6cpe:/o:oracle:linux:6
oraclelinuxkernelp-cpe:/a:oracle:linux:kernel
oraclelinuxkernel-debugp-cpe:/a:oracle:linux:kernel-debug
oraclelinuxkernel-debug-develp-cpe:/a:oracle:linux:kernel-debug-devel
oraclelinuxkernel-develp-cpe:/a:oracle:linux:kernel-devel
oraclelinuxkernel-firmwarep-cpe:/a:oracle:linux:kernel-firmware
oraclelinuxkernel-headersp-cpe:/a:oracle:linux:kernel-headers
oraclelinuxperfp-cpe:/a:oracle:linux:perf

Related

openvas 71
oraclelinux 5
redhat 7
nessus 41
prion 4
ubuntucve 4
cve 4
securityvulns 7
veracode 4
packetstorm 3
exploitpack 2
seebug 7
exploitdb 2
ubuntu 15
suse 7
centos 1
fedora 4
debian 2
osv 2
vmware 2
openvas
openvas
RedHat Update for kernel RHSA-2011:0283-01
2012-07-09 00:00:00
RedHat Update for kernel RHSA-2011:0283-01
2012-07-09 00:00:00
Oracle: Security Advisory (ELSA-2011-0283)
2015-10-06 00:00:00
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2011-02-23 00:00:00
Oracle Linux 6 Unbreakable Enterprise kernel security fix update
2011-03-16 00:00:00
kernel security and bug fix update
2011-06-02 00:00:00
redhat
redhat
(RHSA-2011:0283) Moderate: kernel security, bug fix, and enhancement update
2011-02-22 00:00:00
(RHSA-2011:0836) Important: kernel security and bug fix update
2011-06-01 00:00:00
(RHSA-2010:0958) Important: kernel-rt security and bug fix update
2010-12-08 00:00:00
nessus
nessus
Scientific Linux Security Update : kernel on SL6.x i386/x86_64
2012-08-01 00:00:00
RHEL 6 : kernel (RHSA-2011:0283)
2011-02-23 00:00:00
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2010)
2013-07-12 00:00:00
prion
prion
Sql injection
2011-01-22 22:00:00
Design/Logic Flaw
2010-11-22 13:00:00
Design/Logic Flaw
2010-11-22 13:00:00
ubuntucve
ubuntucve
CVE-2010-4243
2011-01-22 00:00:00
CVE-2010-4169
2010-11-22 00:00:00
CVE-2010-4165
2010-11-22 00:00:00
cve
cve
CVE-2010-4243
2011-01-22 22:00:00
CVE-2010-4169
2010-11-22 13:00:00
CVE-2010-4165
2010-11-22 13:00:00
securityvulns
securityvulns
[USN-1054-1] Linux kernel vulnerabilities
2011-02-02 00:00:00
Linux kernel multiple security vulnerabilities
2011-02-02 00:00:00
Microsoft Security Bulletin MS10-071 - Critical Cumulative Security Update for Internet Explorer &#40;2360131&#41;
2010-10-13 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:55:17
Denial Of Service (DoS)
2020-04-10 00:58:27
Denial Of Service (DoS)
2020-04-10 00:52:44
packetstorm
packetstorm
Linux Kernel 2.6 TCP_MAXSEG Denial Of Service
2011-03-10 00:00:00
Linux Kernel 2.6.37 Denial Of Service
2011-03-01 00:00:00
Ubuntu Security Notice USN-1202-1
2011-09-14 00:00:00
exploitpack
exploitpack
Linux Kernel 2.6.37-rc2 - TCP_MAXSEG Kernel Panic (Denial of Service) (2)
2011-03-10 00:00:00
Linux Kernel 2.6.37 - Local Kernel Denial of Service (1)
2011-03-02 00:00:00
seebug
seebug
Linux Kernel <= 2.6.37 Local Kernel Denial of Service
2014-07-01 00:00:00
Linux Kernel &lt; 2.6.37-rc2 TCP_MAXSEG Kernel Panic DoS
2011-03-14 00:00:00
Linux Kernel < 2.6.37-rc2 TCP_MAXSEG Kernel Panic DoS
2014-07-01 00:00:00
exploitdb
exploitdb
Linux Kernel &lt; 2.6.37-rc2 - &#039;TCP_MAXSEG&#039; Kernel Panic (Denial of Service) (2)
2011-03-10 00:00:00
Linux Kernel 2.6.37 - Local Kernel Denial of Service (1)
2011-03-02 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2011-02-01 00:00:00
Linux kernel vulnerabilities
2011-02-25 00:00:00
Linux kernel vulnerabilities
2011-03-03 00:00:00
suse
suse
local privilege escalation in kernel
2011-01-14 16:35:40
local privilege escalation, remote denial of in kernel
2011-01-03 15:33:10
remote denial of service, local privilege in kernel
2011-03-08 16:13:04
centos
centos
kernel security update
2011-01-06 12:23:15
fedora
fedora
[SECURITY] Fedora 14 Update: kernel-2.6.35.11-83.fc14
2011-02-10 21:27:10
[SECURITY] Fedora 13 Update: kernel-2.6.34.8-68.fc13
2011-03-07 21:06:13
[SECURITY] Fedora 13 Update: kernel-2.6.34.9-69.fc13
2011-06-21 17:22:40
debian
debian
[SECURITY] [DSA 2153-1] linux-2.6 security update
2011-01-30 06:42:05
[SECURITY] [DSA 2126-1] New Linux 2.6.26 packages fix several issues
2010-11-27 04:49:43
osv
osv
linux-2.6 - several issues
2011-01-30 00:00:00
linux-2.6 - several issues
2010-11-26 00:00:00
vmware
vmware
VMware ESX third party updates for Service Console packages glibc and dhcp
2011-10-12 00:00:00
VMware ESXi and ESX updates to third party libraries and ESX Service Console
2011-10-12 00:00:00
JSON
Related for ORACLELINUX_ELSA-2011-0283.NASL
openvas71oraclelinux5redhat7nessus41prion4ubuntucve4cve4securityvulns7veracode4packetstorm3exploitpack2seebug7exploitdb2ubuntu15suse7centos1fedora4debian2osv2vmware2