Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2012-0107.NASL
HistoryJul 12, 2013 - 12:00 a.m.

Oracle Linux 5 : kernel (ELSA-2012-0107)

2013-07-1200:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30
JSON

From Red Hat Security Advisory 2012:0107 :

Updated kernel packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues :

  • Using the SG_IO ioctl to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access (and be able to issue other SCSI commands) to the entire block device. Refer to Red Hat Knowledgebase article DOC-67874, linked to in the References, for further details about this issue. (CVE-2011-4127, Important)

  • A flaw was found in the way the Linux kernel handled robust list pointers of user-space held futexes across exec() calls. A local, unprivileged user could use this flaw to cause a denial of service or, eventually, escalate their privileges. (CVE-2012-0028, Important)

  • A flaw was found in the Linux kernel in the way splitting two extents in ext4_ext_convert_to_initialized() worked. A local, unprivileged user with the ability to mount and unmount ext4 file systems could use this flaw to cause a denial of service.
    (CVE-2011-3638, Moderate)

  • A flaw was found in the way the Linux kernel’s journal_unmap_buffer() function handled buffer head states. On systems that have an ext4 file system with a journal mounted, a local, unprivileged user could use this flaw to cause a denial of service.
    (CVE-2011-4086, Moderate)

  • A divide-by-zero flaw was found in the Linux kernel’s igmp_heard_query() function. An attacker able to send certain IGMP (Internet Group Management Protocol) packets to a target system could use this flaw to cause a denial of service. (CVE-2012-0207, Moderate)

Red Hat would like to thank Zheng Liu for reporting CVE-2011-3638, and Simon McVittie for reporting CVE-2012-0207.

This update also fixes the following bugs :

  • When a host was in recovery mode and a SCSI scan operation was initiated, the scan operation failed and provided no error output.
    This bug has been fixed and the SCSI layer now waits for recovery of the host to complete scan operations for devices. (BZ#772162)

  • SG_IO ioctls were not implemented correctly in the Red Hat Enterprise Linux 5 virtio-blk driver. Sending an SG_IO ioctl request to a virtio-blk disk caused the sending thread to enter an uninterruptible sleep state (‘D’ state). With this update, SG_IO ioctls are rejected by the virtio-blk driver: the ioctl system call will simply return an ENOTTY (‘Inappropriate ioctl for device’) error and the thread will continue normally. (BZ#773322)

Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2012:0107 and 
# Oracle Linux Security Advisory ELSA-2012-0107 respectively.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(68454);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/08/24");

  script_cve_id("CVE-2011-3638", "CVE-2011-4086", "CVE-2011-4127", "CVE-2012-0028", "CVE-2012-0207");
  script_bugtraq_id(50322, 51176, 51343, 51945, 51947);
  script_xref(name:"RHSA", value:"2012:0107");

  script_name(english:"Oracle Linux 5 : kernel (ELSA-2012-0107)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote Oracle Linux host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description",
    value:
"From Red Hat Security Advisory 2012:0107 :

Updated kernel packages that fix multiple security issues and two bugs
are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues :

* Using the SG_IO ioctl to issue SCSI requests to partitions or LVM
volumes resulted in the requests being passed to the underlying block
device. If a privileged user only had access to a single partition or
LVM volume, they could use this flaw to bypass those restrictions and
gain read and write access (and be able to issue other SCSI commands)
to the entire block device. Refer to Red Hat Knowledgebase article
DOC-67874, linked to in the References, for further details about this
issue. (CVE-2011-4127, Important)

* A flaw was found in the way the Linux kernel handled robust list
pointers of user-space held futexes across exec() calls. A local,
unprivileged user could use this flaw to cause a denial of service or,
eventually, escalate their privileges. (CVE-2012-0028, Important)

* A flaw was found in the Linux kernel in the way splitting two
extents in ext4_ext_convert_to_initialized() worked. A local,
unprivileged user with the ability to mount and unmount ext4 file
systems could use this flaw to cause a denial of service.
(CVE-2011-3638, Moderate)

* A flaw was found in the way the Linux kernel's
journal_unmap_buffer() function handled buffer head states. On systems
that have an ext4 file system with a journal mounted, a local,
unprivileged user could use this flaw to cause a denial of service.
(CVE-2011-4086, Moderate)

* A divide-by-zero flaw was found in the Linux kernel's
igmp_heard_query() function. An attacker able to send certain IGMP
(Internet Group Management Protocol) packets to a target system could
use this flaw to cause a denial of service. (CVE-2012-0207, Moderate)

Red Hat would like to thank Zheng Liu for reporting CVE-2011-3638, and
Simon McVittie for reporting CVE-2012-0207.

This update also fixes the following bugs :

* When a host was in recovery mode and a SCSI scan operation was
initiated, the scan operation failed and provided no error output.
This bug has been fixed and the SCSI layer now waits for recovery of
the host to complete scan operations for devices. (BZ#772162)

* SG_IO ioctls were not implemented correctly in the Red Hat
Enterprise Linux 5 virtio-blk driver. Sending an SG_IO ioctl request
to a virtio-blk disk caused the sending thread to enter an
uninterruptible sleep state ('D' state). With this update, SG_IO
ioctls are rejected by the virtio-blk driver: the ioctl system call
will simply return an ENOTTY ('Inappropriate ioctl for device') error
and the thread will continue normally. (BZ#773322)

Users should upgrade to these updated packages, which contain
backported patches to correct these issues. The system must be
rebooted for this update to take effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://oss.oracle.com/pipermail/el-errata/2012-February/002601.html"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Update the affected kernel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-PAE");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-PAE-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Oracle Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
include("ksplice.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  cve_list = make_list("CVE-2011-3638", "CVE-2011-4086", "CVE-2011-4127", "CVE-2012-0028", "CVE-2012-0207");  
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for ELSA-2012-0107");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

kernel_major_minor = get_kb_item("Host/uname/major_minor");
if (empty_or_null(kernel_major_minor)) exit(1, "Unable to determine kernel major-minor level.");
expected_kernel_major_minor = "2.6";
if (kernel_major_minor != expected_kernel_major_minor)
  audit(AUDIT_OS_NOT, "running kernel level " + expected_kernel_major_minor + ", it is running kernel level " + kernel_major_minor);

flag = 0;
if (rpm_exists(release:"EL5", rpm:"kernel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-2.6.18-274.18.1.0.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-PAE-2.6.18") && rpm_check(release:"EL5", cpu:"i386", reference:"kernel-PAE-2.6.18-274.18.1.0.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-PAE-devel-2.6.18") && rpm_check(release:"EL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-274.18.1.0.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-debug-2.6.18") && rpm_check(release:"EL5", reference:"kernel-debug-2.6.18-274.18.1.0.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-debug-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-debug-devel-2.6.18-274.18.1.0.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-devel-2.6.18-274.18.1.0.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-doc-2.6.18") && rpm_check(release:"EL5", reference:"kernel-doc-2.6.18-274.18.1.0.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-headers-2.6.18") && rpm_check(release:"EL5", reference:"kernel-headers-2.6.18-274.18.1.0.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-xen-2.6.18") && rpm_check(release:"EL5", reference:"kernel-xen-2.6.18-274.18.1.0.1.el5")) flag++;
if (rpm_exists(release:"EL5", rpm:"kernel-xen-devel-2.6.18") && rpm_check(release:"EL5", reference:"kernel-xen-devel-2.6.18-274.18.1.0.1.el5")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "affected kernel");
}
VendorProductVersionCPE
oraclelinuxkernelp-cpe:/a:oracle:linux:kernel
oraclelinuxkernel-paep-cpe:/a:oracle:linux:kernel-pae
oraclelinuxkernel-pae-develp-cpe:/a:oracle:linux:kernel-pae-devel
oraclelinuxkernel-debugp-cpe:/a:oracle:linux:kernel-debug
oraclelinuxkernel-debug-develp-cpe:/a:oracle:linux:kernel-debug-devel
oraclelinuxkernel-develp-cpe:/a:oracle:linux:kernel-devel
oraclelinuxkernel-docp-cpe:/a:oracle:linux:kernel-doc
oraclelinuxkernel-headersp-cpe:/a:oracle:linux:kernel-headers
oraclelinuxkernel-xenp-cpe:/a:oracle:linux:kernel-xen
oraclelinuxkernel-xen-develp-cpe:/a:oracle:linux:kernel-xen-devel
Rows per page:
1-10 of 111

Related

nessus 50
openvas 69
redhat 11
oraclelinux 8
centos 4
ubuntu 11
ubuntucve 5
veracode 6
amazon 2
cve 5
prion 5
seebug 5
fedora 7
debiancve 1
exploitpack 1
exploitdb 1
securityvulns 4
suse 2
debian 1
osv 1
nessus
nessus
Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20120209)
2012-08-01 00:00:00
CentOS 5 : kernel (CESA-2012:0107)
2012-02-14 00:00:00
RHEL 5 : kernel (RHSA-2012:0107)
2012-02-10 00:00:00
openvas
openvas
CentOS Update for kernel CESA-2012:0107 centos5
2012-07-30 00:00:00
CentOS Update for kernel CESA-2012:0107 centos5
2012-07-30 00:00:00
RedHat Update for kernel RHSA-2012:0107-01
2012-02-13 00:00:00
redhat
redhat
(RHSA-2012:0107) Important: kernel security and bug fix update
2012-02-09 00:00:00
(RHSA-2012:0358) Important: kernel security and bug fix update
2012-03-06 00:00:00
(RHSA-2012:0517) Moderate: kernel security and bug fix update
2012-04-24 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2012-02-09 00:00:00
Unbreakable Enterprise kernel security update
2012-05-16 00:00:00
kernel security and bug fix update
2011-12-22 00:00:00
centos
centos
kernel security update
2012-02-09 21:30:36
kernel, perf, python security update
2012-05-16 09:19:09
qemu security update
2012-01-24 03:15:05
ubuntu
ubuntu
Linux kernel vulnerability
2012-05-25 00:00:00
Linux kernel (Oneiric backport) vulnerabilities
2012-03-06 00:00:00
Linux kernel vulnerabilities
2012-03-27 00:00:00
ubuntucve
ubuntucve
CVE-2011-4086
2012-02-09 00:00:00
CVE-2011-3638
2011-10-28 00:00:00
CVE-2012-0028
2012-01-04 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:51:18
Privilege Escalation
2020-04-10 01:07:38
Authorization Bypass
2020-04-10 01:03:58
amazon
amazon
Medium: kernel
2012-02-15 17:38:00
Medium: kernel
2012-01-06 10:19:00
cve
cve
CVE-2011-4086
2012-07-03 16:40:00
CVE-2012-0028
2012-06-21 23:55:00
CVE-2011-4127
2012-07-03 16:40:00
prion
prion
Design/Logic Flaw
2012-07-03 16:40:00
Code injection
2013-03-01 12:37:00
Design/Logic Flaw
2012-07-03 16:40:00
seebug
seebug
Linux Kernel ext4 ext4_ext_insert_extent()拒绝服务漏洞
2011-10-27 00:00:00
Linux kernel 2.6.x “exec()”本地拒绝服务漏洞
2012-02-14 00:00:00
Linux kernel 2.6.x 'SG_IO IOCTL' SCSI请求本地特权提升漏洞
2011-12-24 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: libguestfs-1.14.8-1.fc16
2012-01-05 20:56:45
[SECURITY] Fedora 15 Update: libguestfs-1.10.12-1.fc15
2012-01-05 21:00:57
[SECURITY] Fedora 16 Update: kernel-3.2.5-3.fc16
2012-02-10 22:00:18
debiancve
debiancve
CVE-2011-4127
2012-07-03 16:40:00
exploitpack
exploitpack
Linux Kernel 2.6.36 IGMP - Remote Denial of Service
2012-01-17 00:00:00
exploitdb
exploitdb
Linux Kernel 2.6.36 IGMP - Remote Denial of Service
2012-01-17 00:00:00
securityvulns
securityvulns
Linux kernel multiple security vulnerabilities
2012-03-10 00:00:00
[USN-1364-1] Linux kernel &#40;OMAP4&#41; vulnerabilities
2012-02-15 00:00:00
[SECURITY] [DSA 2469-1] linux-2.6 security update
2012-05-14 00:00:00
suse
suse
Security update for Linux kernel (important)
2012-04-23 22:08:26
kernel update for SLE11 SP2 (important)
2012-04-26 20:08:43
debian
debian
[SECURITY] [DSA 2469-1] linux-2.6 security update
2012-05-10 15:48:18
osv
osv
linux-2.6 - several
2012-05-10 00:00:00
JSON
Related for ORACLELINUX_ELSA-2012-0107.NASL
nessus50openvas69redhat11oraclelinux8centos4ubuntu11ubuntucve5veracode6amazon2cve5prion5seebug5fedora7debiancve1exploitpack1exploitdb1securityvulns4suse2debian1osv1