The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2029 advisory.
arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594)
An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. (CVE-2018-16658)
drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free). (CVE-2018-14734)
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755)
An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. (CVE-2018-13094)
In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation.
Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.
(CVE-2018-9363)
In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580. (CVE-2018-9516)
The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (CVE-2019-5489)
The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. (CVE-2018-13053)
The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. (CVE-2019-7222)
An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.
This causes a Denial of Service, related to a use-after-free. (CVE-2019-11810)
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. (CVE-2019-3459)
fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem. (CVE-2019-11833)
Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case. (CVE-2018-8087)
In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931. (CVE-2018-9517)
A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. (CVE-2018-10853)
An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation. (CVE-2018-13093)
An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork. (CVE-2018-13095)
A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel- memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients. (CVE-2018-14625)
A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in certain cases causing a memory access fault and a system halt by accessing invalid memory address. This issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7. (CVE-2018-16885)
Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.
If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions:
4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1. (CVE-2019-3460)
A flaw was found in the Linux kernel’s vfio interface implementation that permits violation of the user’s locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. (CVE-2019-3882)
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2019-2029.
##
include('compat.inc');
if (description)
{
script_id(180763);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/08");
script_cve_id(
"CVE-2018-7755",
"CVE-2018-8087",
"CVE-2018-9363",
"CVE-2018-9516",
"CVE-2018-9517",
"CVE-2018-10853",
"CVE-2018-13053",
"CVE-2018-13093",
"CVE-2018-13094",
"CVE-2018-13095",
"CVE-2018-14625",
"CVE-2018-14734",
"CVE-2018-15594",
"CVE-2018-16658",
"CVE-2018-16885",
"CVE-2018-18281",
"CVE-2019-3459",
"CVE-2019-3460",
"CVE-2019-3882",
"CVE-2019-3900",
"CVE-2019-5489",
"CVE-2019-7222",
"CVE-2019-11599",
"CVE-2019-11810",
"CVE-2019-11833"
);
script_xref(name:"CEA-ID", value:"CEA-2021-0025");
script_name(english:"Oracle Linux 7 : kernel (ELSA-2019-2029)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2019-2029 advisory.
- arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which
makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594)
- An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status
in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from
unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. (CVE-2018-16658)
- drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a
certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial
of service (use-after-free). (CVE-2018-14734)
- An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel
through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM
ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the
location of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755)
- An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may
occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. (CVE-2018-13094)
- In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds
write with no additional execution privileges needed. User interaction is not needed for exploitation.
Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel.
(CVE-2018-9363)
- In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a
missing bounds check. This could lead to local escalation of privilege with System execution privileges
needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android
ID: A-71361580. (CVE-2018-9516)
- The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers
to observe page cache access patterns of other processes on the same system, potentially allowing sniffing
of secret information. (Fixing this affects the output of the fincore program.) Limited remote
exploitation may be possible, as demonstrated by latency differences in accessing public files from an
Apache HTTP Server. (CVE-2019-5489)
- The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an
integer overflow via a large relative timeout because ktime_add_safe is not used. (CVE-2018-13053)
- The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. (CVE-2019-7222)
- An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when
megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.
This causes a Denial of Service, related to a use-after-free. (CVE-2019-11810)
- A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before
5.1-rc1. (CVE-2019-3459)
- fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the
extent tree block, which might allow local users to obtain sensitive information by reading uninitialized
data in the filesystem. (CVE-2019-11833)
- Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux
kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering
an out-of-array error case. (CVE-2018-8087)
- In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local
escalation of privilege with System execution privileges needed. User interaction is not needed for
exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931. (CVE-2018-9517)
- A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as
sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged
instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges
inside guest. (CVE-2018-10853)
- An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3. There is a NULL pointer
dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted
xfs image. This occurs because of a lack of proper validation that cached inodes are free during
allocation. (CVE-2018-13093)
- An issue was discovered in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.17.3. A denial of
service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is
in extent format, but has more extents than fit in the inode fork. (CVE-2018-13095)
- A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-
memory from within a vm guest. A race condition between connect() and close() function may allow an
attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt
AF_VSOCK messages destined to other clients. (CVE-2018-14625)
- A flaw was found in the Linux kernel that allows the userspace to call memcpy_fromiovecend() and similar
functions with a zero offset and buffer length which causes the read beyond the buffer boundaries, in
certain cases causing a memory access fault and a system halt by accessing invalid memory address. This
issue only affects kernel version 3.10.x as shipped with Red Hat Enterprise Linux 7. (CVE-2018-16885)
- Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks.
If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of
mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it
has been released back to the page allocator and reused. This is fixed in the following kernel versions:
4.9.135, 4.14.78, 4.18.16, 4.19. (CVE-2018-18281)
- A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel
before 5.1-rc1. (CVE-2019-3460)
- A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's
locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is
administratively granted ownership of the device, it may cause a system memory exhaustion and thus a
denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. (CVE-2019-3882)
- An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including
v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster
than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the
vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)
- The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to
prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive
information, cause a denial of service, or possibly have unspecified other impact by triggering a race
condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c,
fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c. (CVE-2019-11599)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2019-2029.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-9517");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-9363");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/18");
script_set_attribute(attribute:"patch_publication_date", value:"2019/08/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:bpftool");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-abi-whitelists");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-tools-libs-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("linux_alt_patch_detect.nasl", "ssh_get_info.nasl");
script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");
exit(0);
}
include('ksplice.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_release = get_kb_item("Host/RedHat/release");
if (isnull(os_release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
if ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);
var machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');
if (machine_uptrack_level)
{
var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:"\.(x86_64|i[3-6]86|aarch64)$", replace:'');
var fixed_uptrack_levels = ['3.10.0-1062.el7'];
foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {
if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)
{
audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-2029');
}
}
__rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\n\n';
}
var kernel_major_minor = get_kb_item('Host/uname/major_minor');
if (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');
var expected_kernel_major_minor = '3.10';
if (kernel_major_minor != expected_kernel_major_minor)
audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);
var pkgs = [
{'reference':'kernel-abi-whitelists-3.10.0-1062.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},
{'reference':'bpftool-3.10.0-1062.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kernel-3.10.0-1062.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},
{'reference':'kernel-debug-3.10.0-1062.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},
{'reference':'kernel-debug-devel-3.10.0-1062.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},
{'reference':'kernel-devel-3.10.0-1062.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},
{'reference':'kernel-headers-3.10.0-1062.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},
{'reference':'kernel-tools-3.10.0-1062.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},
{'reference':'kernel-tools-libs-3.10.0-1062.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},
{'reference':'kernel-tools-libs-devel-3.10.0-1062.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},
{'reference':'perf-3.10.0-1062.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-perf-3.10.0-1062.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release) {
if (exists_check) {
if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
} else {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
oracle | linux | kernel-abi-whitelists | p-cpe:/a:oracle:linux:kernel-abi-whitelists |
oracle | linux | kernel-tools-libs-devel | p-cpe:/a:oracle:linux:kernel-tools-libs-devel |
oracle | linux | python-perf | p-cpe:/a:oracle:linux:python-perf |
oracle | linux | kernel-debug | p-cpe:/a:oracle:linux:kernel-debug |
oracle | linux | kernel-tools-libs | p-cpe:/a:oracle:linux:kernel-tools-libs |
oracle | linux | kernel | p-cpe:/a:oracle:linux:kernel |
oracle | linux | kernel-devel | p-cpe:/a:oracle:linux:kernel-devel |
oracle | linux | 7 | cpe:/o:oracle:linux:7 |
oracle | linux | kernel-debug-devel | p-cpe:/a:oracle:linux:kernel-debug-devel |
oracle | linux | kernel-tools | p-cpe:/a:oracle:linux:kernel-tools |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10853
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13053
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13093
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13094
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13095
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14625
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14734
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15594
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16658
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16885
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18281
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7755
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8087
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9363
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9516
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9517
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11599
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11810
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11833
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3459
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3460
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3882
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5489
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7222
linux.oracle.com/errata/ELSA-2019-2029.html