Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2019-1873.NASL
HistoryAug 12, 2019 - 12:00 a.m.

Oracle Linux 7 : kernel (ELSA-2019-1873)

2019-08-1200:00:00
This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
JSON

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-1873 advisory.

  • A flaw was found in the Linux kernel’s NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS server. Any outstanding disk writes to the NFS server will be lost. (CVE-2018-16871)

  • A flaw was found in the Linux kernel’s NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after- free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)

  • Insufficient input validation in Kernel Mode Driver in Intel® i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
    (CVE-2019-11085)

  • An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2019-1873.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(127603);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/19");

  script_cve_id(
    "CVE-2018-16871",
    "CVE-2018-16884",
    "CVE-2019-11085",
    "CVE-2019-11811"
  );
  script_xref(name:"RHSA", value:"2019:1873");

  script_name(english:"Oracle Linux 7 : kernel (ELSA-2019-1873)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2019-1873 advisory.

  - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to
    4.20. An attacker, who is able to mount an exported NFS filesystem, is able to trigger a null pointer
    dereference by using an invalid NFS sequence. This can panic the machine and deny access to the NFS
    server. Any outstanding disk writes to the NFS server will be lost. (CVE-2018-16871)

  - A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network
    namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-
    free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system
    panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)

  - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0
    may allow an authenticated user to potentially enable escalation of privilege via local access.
    (CVE-2019-11085)

  - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read
    access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c,
    drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2019-1873.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-11811");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-16884");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bpftool");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Oracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("linux_alt_patch_detect.nasl", "ssh_get_info.nasl");
  script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");

  exit(0);
}


include('audit.inc');
include('global_settings.inc');
include('ksplice.inc');
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
var os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
if ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);

var machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');
if (machine_uptrack_level)
{
  var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:"\.(x86_64|i[3-6]86|aarch64)$", replace:'');
  var fixed_uptrack_levels = ['3.10.0-957.27.2.el7'];
  foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {
    if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)
    {
      audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-1873');
    }
  }
  __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\n\n';
}

var kernel_major_minor = get_kb_item('Host/uname/major_minor');
if (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');
var expected_kernel_major_minor = '3.10';
if (kernel_major_minor != expected_kernel_major_minor)
  audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);

var pkgs = [
    {'reference':'bpftool-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},
    {'reference':'kernel-abi-whitelists-3.10.0-957.27.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},
    {'reference':'kernel-debug-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},
    {'reference':'kernel-debug-devel-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},
    {'reference':'kernel-devel-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},
    {'reference':'kernel-headers-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},
    {'reference':'kernel-tools-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},
    {'reference':'kernel-tools-libs-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},
    {'reference':'kernel-tools-libs-devel-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},
    {'reference':'perf-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'python-perf-3.10.0-957.27.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var release = NULL;
  var sp = NULL;
  var cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && release) {
    if (exists_check) {
        if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    } else {
        if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    }
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');
}
VendorProductVersionCPE
oraclelinux7cpe:/o:oracle:linux:7
oraclelinuxbpftoolp-cpe:/a:oracle:linux:bpftool
oraclelinuxkernelp-cpe:/a:oracle:linux:kernel
oraclelinuxkernel-abi-whitelistsp-cpe:/a:oracle:linux:kernel-abi-whitelists
oraclelinuxkernel-debugp-cpe:/a:oracle:linux:kernel-debug
oraclelinuxkernel-debug-develp-cpe:/a:oracle:linux:kernel-debug-devel
oraclelinuxkernel-develp-cpe:/a:oracle:linux:kernel-devel
oraclelinuxkernel-headersp-cpe:/a:oracle:linux:kernel-headers
oraclelinuxkernel-toolsp-cpe:/a:oracle:linux:kernel-tools
oraclelinuxkernel-tools-libsp-cpe:/a:oracle:linux:kernel-tools-libs
Rows per page:
1-10 of 131

Related

nessus 82
redhat 16
openvas 26
centos 1
oraclelinux 7
redhatcve 4
virtuozzo 3
ibm 2
f5 4
debiancve 4
prion 4
veracode 4
cve 4
osv 3
ubuntucve 4
intel 1
fedora 2
amazon 2
ubuntu 8
cloudfoundry 3
suse 6
mageia 3
threatpost 1
debian 3
photon 2
nessus
nessus
CentOS 7 : kernel (CESA-2019:1873)
2019-08-12 00:00:00
RHEL 7 : kernel (RHSA-2019:1873)
2019-08-12 00:00:00
Scientific Linux Security Update : kernel on SL7.x x86_64 (20190729)
2019-08-12 00:00:00
redhat
redhat
(RHSA-2019:1891) Important: kernel-rt security and bug fix update
2019-07-29 12:49:37
(RHSA-2019:1873) Important: kernel security, bug fix, and enhancement update
2019-07-29 12:49:26
(RHSA-2019:1971) Important: kernel-rt security and bug fix update
2019-07-30 10:55:07
openvas
openvas
CentOS Update for kernel CESA-2019:1873 centos7
2019-08-01 00:00:00
Fedora Update for kernel-tools FEDORA-2019-20a89ca9af
2019-01-22 00:00:00
Fedora Update for kernel-headers FEDORA-2019-20a89ca9af
2019-01-22 00:00:00
centos
centos
bpftool, kernel, perf, python security update
2019-07-31 13:31:33
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2019-07-30 00:00:00
kernel security, bug fix, and enhancement update
2019-08-19 00:00:00
Unbreakable Enterprise kernel security update
2020-09-10 00:00:00
redhatcve
redhatcve
CVE-2018-16871
2020-04-09 10:13:43
CVE-2019-11085
2019-10-27 12:25:54
CVE-2019-11811
2020-04-01 20:13:30
virtuozzo
virtuozzo
Kernel security update: Virtuozzo ReadyKernel patch 85.0 for Virtuozzo 7.0 and Virtuozzo Infrastructure Platform 3.0
2019-08-13 00:00:00
Important kernel security update: Virtuozzo ReadyKernel patch 69.0 for Virtuozzo 7.0.4 HF3 to 7.0.8 HF1
2018-12-24 00:00:00
Important kernel security update: Virtuozzo ReadyKernel patch 85.0 for Virtuozzo 7.0.7 to 7.0.10 HF1 and Virtuozzo Infrastructure Platform 2.5
2019-08-20 00:00:00
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities
2020-10-06 20:44:37
Security Bulletin: IBM QRadar SIEM is vulnerable to multiple Kernel vulnerabilities
2019-11-06 19:05:13
f5
f5
K18657134 : Linux kernel vulnerability CVE-2018-16871
2019-10-07 00:00:00
K09376613 : INTEL-SA-00249 - Intel i915 Graphics for Linux vulnerability CVE-2019-11085
2019-05-19 00:00:00
K21430012 : Linux kernel vulnerability CVE-2018-16884
2019-04-09 00:00:00
debiancve
debiancve
CVE-2018-16871
2019-07-30 17:15:00
CVE-2019-11085
2019-05-17 16:29:00
CVE-2018-16884
2018-12-18 22:29:00
prion
prion
Null pointer dereference
2019-07-30 17:15:00
Input validation
2019-05-17 16:29:00
Double free
2019-05-07 14:29:00
veracode
veracode
Denial Of Service (DoS)
2019-08-05 00:16:14
Privilege Escalation
2019-08-05 00:16:14
Denial Of Service (DoS)
2019-08-05 00:16:15
cve
cve
CVE-2018-16871
2019-07-30 17:15:00
CVE-2019-11085
2019-05-17 16:29:00
CVE-2019-11811
2019-05-07 14:29:00
osv
osv
CVE-2018-16871
2019-07-30 17:15:12
linux-4.9 - security update
2019-04-29 00:00:00
linux - security update
2019-03-26 00:00:00
ubuntucve
ubuntucve
CVE-2018-16871
2019-07-30 00:00:00
CVE-2019-11085
2019-05-17 00:00:00
CVE-2018-16884
2018-12-18 00:00:00
intel
intel
Intel® i915 Graphics for Linux Advisory
2019-05-14 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: kernel-tools-4.19.16-200.fc28
2019-01-22 01:35:57
[SECURITY] Fedora 28 Update: kernel-headers-4.19.16-200.fc28
2019-01-22 01:35:57
amazon
amazon
Important: kernel
2019-01-25 02:26:00
Important: kernel
2019-01-23 23:20:00
ubuntu
ubuntu
Linux kernel (HWE) vulnerabilities
2019-07-23 00:00:00
Linux kernel vulnerabilities
2019-07-23 00:00:00
Linux kernel (HWE) vulnerabilities
2019-05-15 00:00:00
cloudfoundry
cloudfoundry
USN-4068-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry
2019-08-29 00:00:00
USN-3981-2: Linux kernel (HWE) vulnerabilities (AKA ZombieLoad Attack) | Cloud Foundry
2019-05-20 00:00:00
USN-3932-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2019-04-12 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2019-05-31 00:00:00
Security update for the Linux Kernel (important)
2019-07-19 00:00:00
Security update for the Linux Kernel (important)
2019-07-20 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2019-02-21 02:50:36
Updated kernel-linus packages fix security vulnerabilities
2019-02-21 02:50:36
Updated kernel-tmb packages fixes security vulnerabilities
2019-05-16 11:25:22
threatpost
threatpost
Intel Fixes Critical, High-Severity Flaws Across Several Products
2019-05-21 21:02:56
debian
debian
[SECURITY] [DLA 1771-1] linux-4.9 security update
2019-05-03 10:07:46
[SECURITY] [DLA 1731-1] linux security update
2019-03-27 16:39:16
[SECURITY] [DLA 1731-2] linux regression update
2019-04-01 18:39:17
photon
photon
Critical Photon OS Security Update - PHSA-2019-0009
2019-04-12 00:00:00
Critical Photon OS Security Update - PHSA-2019-3.0-0009
2019-04-13 00:00:00
JSON
Related for ORACLELINUX_ELSA-2019-1873.NASL
nessus82redhat16openvas26centos1oraclelinux7redhatcve4virtuozzo3ibm2f54debiancve4prion4veracode4cve4osv3ubuntucve4intel1fedora2amazon2ubuntu8cloudfoundry3suse6mageia3threatpost1debian3photon2