Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2017-3622.NASL
HistorySep 22, 2017 - 12:00 a.m.

Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3622)

2017-09-2200:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
42
JSON

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3622 advisory.

  • The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.
    (CVE-2017-12134)

  • The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.
    (CVE-2017-1000365)

  • The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. (CVE-2017-1000251)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2017-3622.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(103402);
  script_version("3.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/09/08");

  script_cve_id("CVE-2017-12134", "CVE-2017-1000251", "CVE-2017-1000365");
  script_xref(name:"IAVB", value:"2017-B-0108-S");
  script_xref(name:"IAVA", value:"2017-A-0253-S");

  script_name(english:"Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3622)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2017-3622 advisory.

  - The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users
    to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial
    of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation.
    (CVE-2017-12134)

  - The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through
    RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into
    account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and
    earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.
    (CVE-2017-1000365)

  - The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up
    to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP
    configuration responses resulting in Remote code execution in kernel space. (CVE-2017-1000251)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2017-3622.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-1000251");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/06/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/09/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Oracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("linux_alt_patch_detect.nasl", "ssh_get_info.nasl");
  script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");

  exit(0);
}


include('audit.inc');
include('global_settings.inc');
include('ksplice.inc');
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
var os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);

var machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');
if (machine_uptrack_level)
{
  var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:"\.(x86_64|i[3-6]86|aarch64)$", replace:'');
  var fixed_uptrack_levels = ['2.6.39-400.297.8.el6uek'];
  foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {
    if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)
    {
      audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3622');
    }
  }
  __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\n\n';
}

var kernel_major_minor = get_kb_item('Host/uname/major_minor');
if (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');
var expected_kernel_major_minor = '2.6';
if (kernel_major_minor != expected_kernel_major_minor)
  audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);

var pkgs = [
    {'reference':'kernel-uek-2.6.39-400.297.8.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},
    {'reference':'kernel-uek-2.6.39-400.297.8.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},
    {'reference':'kernel-uek-debug-2.6.39-400.297.8.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},
    {'reference':'kernel-uek-debug-2.6.39-400.297.8.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},
    {'reference':'kernel-uek-debug-devel-2.6.39-400.297.8.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},
    {'reference':'kernel-uek-debug-devel-2.6.39-400.297.8.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},
    {'reference':'kernel-uek-devel-2.6.39-400.297.8.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},
    {'reference':'kernel-uek-devel-2.6.39-400.297.8.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},
    {'reference':'kernel-uek-doc-2.6.39-400.297.8.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},
    {'reference':'kernel-uek-firmware-2.6.39-400.297.8.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var release = NULL;
  var sp = NULL;
  var cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && release) {
    if (exists_check) {
        if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    } else {
        if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    }
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');
}
VendorProductVersionCPE
oraclelinux5cpe:/o:oracle:linux:5
oraclelinux6cpe:/o:oracle:linux:6
oraclelinuxkernel-uekp-cpe:/a:oracle:linux:kernel-uek
oraclelinuxkernel-uek-debugp-cpe:/a:oracle:linux:kernel-uek-debug
oraclelinuxkernel-uek-debug-develp-cpe:/a:oracle:linux:kernel-uek-debug-devel
oraclelinuxkernel-uek-develp-cpe:/a:oracle:linux:kernel-uek-devel
oraclelinuxkernel-uek-docp-cpe:/a:oracle:linux:kernel-uek-doc
oraclelinuxkernel-uek-firmwarep-cpe:/a:oracle:linux:kernel-uek-firmware

Related

oraclelinux 6
nessus 68
mageia 6
redhatcve 3
xen 1
cve 5
prion 4
ubuntucve 4
debiancve 5
suse 45
f5 4
amazon 1
openvas 12
exploitpack 1
osv 2
veracode 2
archlinux 4
redhat 11
centos 2
ubuntu 4
slackware 4
virtuozzo 3
exploitdb 1
cloudfoundry 1
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2017-09-20 00:00:00
Unbreakable Enterprise kernel security update
2017-09-20 00:00:00
kernel security and bug fix update
2017-09-13 00:00:00
nessus
nessus
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3621)
2017-09-22 00:00:00
OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0152) (BlueBorne) (Stack Clash)
2017-09-22 00:00:00
Amazon Linux AMI : kernel (ALAS-2017-897)
2017-09-19 00:00:00
mageia
mageia
Updated kernel-tmb packages fix security vulnerabilities
2017-09-16 11:24:57
Updated kernel-tmb packages fix security vulnerabilities
2017-09-16 11:24:57
Updated kernel-linus packages fix security vulnerabilities
2017-09-16 11:24:57
redhatcve
redhatcve
CVE-2017-12134
2017-08-15 12:49:14
CVE-2017-1000365
2017-06-19 16:18:24
CVE-2017-1000251
2019-10-31 10:30:53
xen
xen
linux: Fix Xen block IO merge-ability calculation
2017-08-15 12:00:00
cve
cve
CVE-2017-12134
2017-08-24 14:29:00
CVE-2017-1000365
2017-06-19 16:29:00
CVE-2017-1000251
2017-09-12 17:29:00
prion
prion
Design/Logic Flaw
2017-08-24 14:29:00
Design/Logic Flaw
2017-06-19 16:29:00
Stack overflow
2017-09-12 17:29:00
ubuntucve
ubuntucve
CVE-2017-12134
2017-08-24 00:00:00
CVE-2017-1000365
2017-06-19 00:00:00
CVE-2017-1000251
2017-09-12 00:00:00
debiancve
debiancve
CVE-2017-12134
2017-08-24 14:29:00
CVE-2017-1000365
2017-06-19 16:29:00
CVE-2017-1000251
2017-09-12 17:29:00
suse
suse
Security update for the Linux Kernel (important)
2017-09-15 15:12:43
Security update for the Linux Kernel (important)
2017-09-21 21:16:32
Security update for the Linux Kernel (important)
2017-09-20 21:07:50
f5
f5
K15412203 : Linux kernel vulnerability CVE-2017-1000365
2017-07-11 00:00:00
K63131370 : Linux kernel vulnerability CVE-2017-1000251
2017-10-27 00:00:00
K58928452 : Kernel vulnerability CVE-2017-1000410
2020-12-17 00:00:00
amazon
amazon
Medium: kernel
2017-09-18 15:41:00
openvas
openvas
openSUSE: Security Advisory for kernel (openSUSE-SU-2017:2495-1)
2017-09-16 00:00:00
RedHat Update for kernel RHSA-2017:2679-01
2017-09-13 00:00:00
RedHat Update for kernel RHSA-2017:2681-01
2017-09-13 00:00:00
exploitpack
exploitpack
Linux Kernel 4.13.1 - BlueTooth Buffer Overflow (PoC)
2017-09-21 00:00:00
osv
osv
CVE-2017-1000251
2017-09-12 17:29:00
CVE-2017-1000410
2017-12-07 19:29:00
veracode
veracode
Remote Code Execution (RCE)
2019-01-15 09:19:10
Remote Code Execution (RCE)
2019-01-15 09:21:39
archlinux
archlinux
[ASA-201709-9] linux: arbitrary code execution
2017-09-15 00:00:00
[ASA-201709-4] linux-hardened: arbitrary code execution
2017-09-13 00:00:00
[ASA-201709-12] linux-zen: arbitrary code execution
2017-09-18 00:00:00
redhat
redhat
(RHSA-2017:2707) Important: kernel security and bug fix update
2017-09-13 13:15:37
(RHSA-2017:2681) Important: kernel security update
2017-09-12 13:03:08
(RHSA-2017:2705) Important: kernel-rt security update
2017-09-13 13:15:19
centos
centos
kernel, perf, python security update
2017-09-12 23:15:02
kernel, perf, python security update
2017-09-13 21:20:33
ubuntu
ubuntu
Linux kernel vulnerability
2017-09-18 00:00:00
Linux kernel vulnerabilities
2017-09-18 00:00:00
Linux kernel (HWE) vulnerabilities
2017-09-18 00:00:00
slackware
slackware
[slackware-security] kernel
2017-09-15 20:17:20
[slackware-security] kernel
2017-06-26 21:45:24
[slackware-security] kernel
2017-06-30 22:18:05
virtuozzo
virtuozzo
Important kernel security update: Virtuozzo ReadyKernel patch 62.2 for Virtuozzo 7.0.4 to 7.0.8 HF1
2018-09-28 00:00:00
Important kernel security update: CVE-2017-1000251 and other; new kernel 2.6.32-042stab125.1, Virtuozzo 6.0 Update 12 Hotfix 15 (6.0.12-3684)
2017-09-26 00:00:00
Important kernel security update: CVE-2017-1000251 and other; new kernel 2.6.32-042stab125.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
2017-09-26 00:00:00
exploitdb
exploitdb
Linux Kernel &lt; 4.13.1 - BlueTooth Buffer Overflow (PoC)
2017-09-21 00:00:00
cloudfoundry
cloudfoundry
USN-3444-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2017-11-01 00:00:00
JSON
Related for ORACLELINUX_ELSA-2017-3622.NASL
oraclelinux6nessus68mageia6redhatcve3xen1cve5prion4ubuntucve4debiancve5suse45f54amazon1openvas12exploitpack1osv2veracode2archlinux4redhat11centos2ubuntu4slackware4virtuozzo3exploitdb1cloudfoundry1