Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2014-3041.NASLHistoryJun 23, 2014 - 12:00 a.m.
Oracle Linux 6 : unbreakable enterprise kernel (ELSA-2014-3041)
2014-06-2300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
35
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3041 advisory.
-
The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. (CVE-2014-1737)
-
The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. (CVE-2014-1738)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2014-3041.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(76184);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/09/08");
script_cve_id("CVE-2014-1737", "CVE-2014-1738");
script_bugtraq_id(67300, 67302);
script_name(english:"Oracle Linux 6 : unbreakable enterprise kernel (ELSA-2014-3041)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2014-3041 advisory.
- The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly
handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger
kfree operations and gain privileges by leveraging write access to a /dev/fd device. (CVE-2014-1737)
- The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not
properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows
local users to obtain sensitive information from kernel heap memory by leveraging write access to a
/dev/fd device. (CVE-2014-1738)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2014-3041.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-1737");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/09");
script_set_attribute(attribute:"patch_publication_date", value:"2014/06/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/23");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-35.1.2.el6uek");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("linux_alt_patch_detect.nasl", "ssh_get_info.nasl");
script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('ksplice.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
var os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
if ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);
var machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');
if (machine_uptrack_level)
{
var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:"\.(x86_64|i[3-6]86|aarch64)$", replace:'');
var fixed_uptrack_levels = ['3.8.13-35.1.2.el6uek'];
foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {
if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)
{
audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2014-3041');
}
}
__rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\n\n';
}
var kernel_major_minor = get_kb_item('Host/uname/major_minor');
if (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');
var expected_kernel_major_minor = '3.8';
if (kernel_major_minor != expected_kernel_major_minor)
audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);
var pkgs = [
{'reference':'dtrace-modules-3.8.13-35.1.2.el6uek-0.4.3-4.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-uek-3.8.13-35.1.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},
{'reference':'kernel-uek-debug-3.8.13-35.1.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},
{'reference':'kernel-uek-debug-devel-3.8.13-35.1.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},
{'reference':'kernel-uek-devel-3.8.13-35.1.2.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},
{'reference':'kernel-uek-doc-3.8.13-35.1.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},
{'reference':'kernel-uek-firmware-3.8.13-35.1.2.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var release = NULL;
var sp = NULL;
var cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && release) {
if (exists_check) {
if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
} else {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-35.1.2.el6uek / kernel-uek / kernel-uek-debug / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | linux | 6 | cpe:/o:oracle:linux:6 |
| oracle | linux | dtrace-modules-3.8.13-35.1.2.el6uek | p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-35.1.2.el6uek |
| oracle | linux | kernel-uek | p-cpe:/a:oracle:linux:kernel-uek |
| oracle | linux | kernel-uek-debug | p-cpe:/a:oracle:linux:kernel-uek-debug |
| oracle | linux | kernel-uek-debug-devel | p-cpe:/a:oracle:linux:kernel-uek-debug-devel |
| oracle | linux | kernel-uek-devel | p-cpe:/a:oracle:linux:kernel-uek-devel |
| oracle | linux | kernel-uek-doc | p-cpe:/a:oracle:linux:kernel-uek-doc |
| oracle | linux | kernel-uek-firmware | p-cpe:/a:oracle:linux:kernel-uek-firmware |
Related
oraclelinux
oraclelinux
unbreakable enterprise kernel security update
2014-06-20 00:00:00
kernel security and bug fix update
2014-06-11 00:00:00
kernel security and bug fix update
2014-06-11 00:00:00
redhat
redhat
(RHSA-2014:0801) Important: kernel security update
2014-06-26 00:00:00
(RHSA-2014:0772) Important: kernel security and bug fix update
2014-06-19 00:00:00
(RHSA-2014:0800) Important: kernel security update
2014-06-26 00:00:00
nessus
nessus
RHEL 5 : kernel (RHSA-2014:0801)
2014-11-17 00:00:00
RHEL 6 : kernel (RHSA-2014:0800)
2014-11-08 00:00:00
RHEL 6 : kernel (RHSA-2014:0900)
2014-11-08 00:00:00
securityvulns
securityvulns
[oss-security] Linux kernel floppy ioctl kernel code execution
2014-05-10 00:00:00
[SECURITY] [DSA 2926-1] linux security update
2014-05-15 00:00:00
[USN-2228-1] Linux kernel vulnerabilities
2014-05-29 00:00:00
openvas
openvas
Oracle Linux Local Check: ELSA-2014-3041
2015-10-06 00:00:00
CentOS Update for kernel CESA-2014:0740 centos5
2014-06-17 00:00:00
RedHat Update for kernel RHSA-2014:0740-01
2014-06-17 00:00:00
centos
centos
kernel security update
2014-06-11 11:01:17
kernel, perf, python security update
2014-06-20 10:10:41
debian
debian
[SECURITY] [DSA 2928-1] linux-2.6 security update
2014-05-14 18:21:22
[SECURITY] [DSA 2926-1] linux security update
2014-05-12 15:59:46
suse
suse
Security update for Linux kernel (important)
2014-05-20 19:04:37
Security update for Linux Kernel (important)
2014-05-16 03:04:20
kernel: security and bugfix update (important)
2014-05-19 14:04:14
osv
osv
linux-2.6 - security update
2014-05-14 00:00:00
linux - security update
2014-05-12 00:00:00
mageia
mageia
Updated kernel-linus packages fix multiple vulnerabilities
2014-05-19 22:30:17
Updated kernel packages fix multiple vulnerabilities
2014-05-18 03:41:52
Updated kernel-rt packages fix multiple vulnerabilities
2014-05-19 22:30:17
ubuntu
ubuntu
Linux kernel (EC2) vulnerabilities
2014-05-26 00:00:00
Linux kernel vulnerabilities
2014-05-26 00:00:00
Linux kernel vulnerabilities
2014-05-27 00:00:00
debiancve
debiancve
CVE-2014-1738
2014-05-11 21:55:00
CVE-2014-1737
2014-05-11 21:55:00
cve
cve
CVE-2014-1738
2014-05-11 21:55:00
CVE-2014-1737
2014-05-11 21:55:00
ubuntucve
ubuntucve
CVE-2014-1738
2014-05-11 00:00:00
CVE-2014-1737
2014-05-11 00:00:00
prion
prion
Design/Logic Flaw
2014-05-11 21:55:00
Input validation
2014-05-11 21:55:00
veracode
veracode
Improper Access Control
2019-05-02 05:03:25
Denial Of Service (DoS)
2019-05-02 05:03:26
Denial Of Service (DoS)
2019-05-02 05:03:26
altlinux
altlinux
fedora
fedora
[SECURITY] Fedora 20 Update: kernel-3.14.4-200.fc20
2014-05-16 10:04:40
[SECURITY] Fedora 20 Update: kernel-3.14.6-200.fc20
2014-06-11 16:31:10
[SECURITY] Fedora 20 Update: kernel-3.14.5-200.fc20
2014-06-05 21:52:16
Related for ORACLELINUX_ELSA-2014-3041.NASL