Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2013-2513.NASL
HistoryJul 12, 2013 - 12:00 a.m.

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2513)

2013-07-1200:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
103
JSON

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-2513 advisory.

  • Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. (CVE-2013-0871)

  • Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition. (CVE-2013-0913)

  • Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.
    (CVE-2013-1773)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2013-2513.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(68850);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/09/08");

  script_cve_id(
    "CVE-2013-0268",
    "CVE-2013-0871",
    "CVE-2013-0913",
    "CVE-2013-1773"
  );
  script_bugtraq_id(
    57838,
    57986,
    58200,
    58427
  );

  script_name(english:"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2513)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in
the ELSA-2013-2513 advisory.

  - Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain
    privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by
    ptrace_death. (CVE-2013-0871)

  - Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering
    Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before
    25.0.1364.173 and other products, allows local users to cause a denial of service (heap-based buffer
    overflow) or possibly have unspecified other impact via a crafted application that triggers many
    relocation copies, and potentially leads to a race condition. (CVE-2013-0913)

  - Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to
    gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem
    with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.
    (CVE-2013-1773)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2013-2513.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-0913");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/02/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Oracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("linux_alt_patch_detect.nasl", "ssh_get_info.nasl");
  script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");

  exit(0);
}


include('audit.inc');
include('global_settings.inc');
include('ksplice.inc');
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
var os_ver = os_ver[1];
if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 5 / 6', 'Oracle Linux ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);

var machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');
if (machine_uptrack_level)
{
  var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:"\.(x86_64|i[3-6]86|aarch64)$", replace:'');
  var fixed_uptrack_levels = ['2.6.39-400.21.1.el5uek', '2.6.39-400.21.1.el6uek'];
  foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {
    if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)
    {
      audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2013-2513');
    }
  }
  __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\n\n';
}

var kernel_major_minor = get_kb_item('Host/uname/major_minor');
if (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');
var expected_kernel_major_minor = '2.6';
if (kernel_major_minor != expected_kernel_major_minor)
  audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);

var pkgs = [
    {'reference':'kernel-uek-2.6.39-400.21.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},
    {'reference':'kernel-uek-2.6.39-400.21.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},
    {'reference':'kernel-uek-debug-2.6.39-400.21.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},
    {'reference':'kernel-uek-debug-2.6.39-400.21.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},
    {'reference':'kernel-uek-debug-devel-2.6.39-400.21.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},
    {'reference':'kernel-uek-debug-devel-2.6.39-400.21.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},
    {'reference':'kernel-uek-devel-2.6.39-400.21.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},
    {'reference':'kernel-uek-devel-2.6.39-400.21.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},
    {'reference':'kernel-uek-doc-2.6.39-400.21.1.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},
    {'reference':'kernel-uek-firmware-2.6.39-400.21.1.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'},
    {'reference':'kernel-uek-2.6.39-400.21.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},
    {'reference':'kernel-uek-2.6.39-400.21.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},
    {'reference':'kernel-uek-debug-2.6.39-400.21.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},
    {'reference':'kernel-uek-debug-2.6.39-400.21.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},
    {'reference':'kernel-uek-debug-devel-2.6.39-400.21.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},
    {'reference':'kernel-uek-debug-devel-2.6.39-400.21.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},
    {'reference':'kernel-uek-devel-2.6.39-400.21.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},
    {'reference':'kernel-uek-devel-2.6.39-400.21.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},
    {'reference':'kernel-uek-doc-2.6.39-400.21.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},
    {'reference':'kernel-uek-firmware-2.6.39-400.21.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var release = NULL;
  var sp = NULL;
  var cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && release) {
    if (exists_check) {
        if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    } else {
        if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    }
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');
}
VendorProductVersionCPE
oraclelinux5cpe:/o:oracle:linux:5
oraclelinux6cpe:/o:oracle:linux:6
oraclelinuxkernel-uekp-cpe:/a:oracle:linux:kernel-uek
oraclelinuxkernel-uek-debugp-cpe:/a:oracle:linux:kernel-uek-debug
oraclelinuxkernel-uek-debug-develp-cpe:/a:oracle:linux:kernel-uek-debug-devel
oraclelinuxkernel-uek-develp-cpe:/a:oracle:linux:kernel-uek-devel
oraclelinuxkernel-uek-docp-cpe:/a:oracle:linux:kernel-uek-doc
oraclelinuxkernel-uek-firmwarep-cpe:/a:oracle:linux:kernel-uek-firmware

Related

oraclelinux 8
openvas 66
nessus 55
centos 3
redhat 11
ubuntu 15
cve 4
checkpoint_advisories 1
prion 4
debiancve 4
zdt 2
veracode 4
packetstorm 1
ubuntucve 4
suse 3
canvas 2
securityvulns 4
vmware 2
fedora 1
chrome 1
osv 1
debian 1
amazon 1
altlinux 1
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security and bugfix update
2013-04-11 00:00:00
kernel security update
2013-03-11 00:00:00
1
2013-03-11 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2013-2513)
2015-10-06 00:00:00
CentOS Update for kernel CESA-2013:0621 centos5
2013-03-15 00:00:00
Oracle: Security Advisory (ELSA-2013-0621-1)
2015-10-06 00:00:00
nessus
nessus
Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20130311)
2013-03-13 00:00:00
Oracle Linux 5 : kernel (ELSA-2013-0621)
2013-07-12 00:00:00
Oracle Linux 5 : kernel (ELSA-2013-0621-1)
2013-07-12 00:00:00
centos
centos
kernel security update
2013-03-12 05:51:58
kernel, perf, python security update
2013-02-27 20:10:11
kernel, perf, python security update
2013-03-13 11:49:36
redhat
redhat
(RHSA-2013:0621) Important: kernel security update
2013-03-11 00:00:00
(RHSA-2013:0622) Important: kernel-rt security and bug fix update
2013-03-11 00:00:00
(RHSA-2013:0695) Important: kernel security update
2013-04-02 00:00:00
ubuntu
ubuntu
Linux kernel (EC2) vulnerabilities
2013-03-22 00:00:00
Linux kernel vulnerabilities
2013-03-22 00:00:00
Linux kernel (OMAP4) vulnerabilities
2013-03-22 00:00:00
cve
cve
CVE-2013-1773
2013-02-28 19:55:00
CVE-2013-0268
2013-02-18 04:41:00
CVE-2013-0913
2013-03-18 15:55:00
checkpoint_advisories
checkpoint_advisories
Android 26 Kernel Level SD card Write Denial of Service - Ver2 (CVE-2013-1773)
2014-12-28 00:00:00
prion
prion
Buffer overflow
2013-02-28 19:55:00
Integer overflow
2013-03-18 15:55:00
Security feature bypass
2013-02-18 04:41:00
debiancve
debiancve
CVE-2013-1773
2013-02-28 19:55:00
CVE-2013-0268
2013-02-18 04:41:00
CVE-2013-0913
2013-03-18 15:55:00
zdt
zdt
Linux Kernel 'MSR' Driver Local Privilege Escalation
2013-08-03 00:00:00
Linux Kernel MSR Driver Privilege Escalation Vulnerability
2013-08-05 00:00:00
veracode
veracode
Privilege Escalation
2019-05-02 04:53:23
Authorization Bypass
2019-05-02 04:54:03
Denial Of Service (DoS)
2019-01-15 08:53:05
packetstorm
packetstorm
Linux Kernel MSR Driver Privilege Escalation
2013-08-04 00:00:00
ubuntucve
ubuntucve
CVE-2013-0268
2013-02-17 00:00:00
CVE-2013-1773
2013-02-26 00:00:00
CVE-2013-0913
2013-03-18 00:00:00
suse
suse
Security update for Linux kernel (important)
2013-02-25 16:04:22
Security update for Linux kernel (important)
2013-04-13 01:04:40
kernel: security and bugfix update (important)
2013-03-05 18:04:24
canvas
canvas
Immunity Canvas: LINUX_PTRACE_SETREGS
2013-02-18 04:41:00
Immunity Canvas: FS_PIPE_RACE_TO_NULL
2013-02-18 04:41:00
securityvulns
securityvulns
[USN-1739-1] Linux kernel vulnerability
2013-02-24 00:00:00
[USN-1756-1] Linux kernel vulnerabilities
2013-03-11 00:00:00
Linux kernel multiple security vulnerabilities
2013-03-19 00:00:00
vmware
vmware
VMware vSphere, ESX and ESXi updates to third party libraries
2013-07-31 00:00:00
VMware vSphere, ESX and ESXi updates to third party libraries
2013-07-31 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: kernel-3.7.6-201.fc18
2013-02-08 16:56:42
chrome
chrome
Stable Channel Update for Chrome OS
2013-03-15 00:00:00
osv
osv
linux-2.6 - several vulnerabilities
2013-02-25 00:00:00
debian
debian
[SECURITY] [DSA 2632-1] linux-2.6 security update
2013-02-26 04:07:41
amazon
amazon
Medium: kernel
2013-03-02 16:54:00
altlinux
altlinux
Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt13
2013-11-24 00:00:00
JSON
Related for ORACLELINUX_ELSA-2013-2513.NASL
oraclelinux8openvas66nessus55centos3redhat11ubuntu15cve4checkpoint_advisories1prion4debiancve4zdt2veracode4packetstorm1ubuntucve4suse3canvas2securityvulns4vmware2fedora1chrome1osv1debian1amazon1altlinux1