Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2016-1541.NASL
HistoryAug 03, 2016 - 12:00 a.m.

RHEL 7 : kernel-rt (RHSA-2016:1541)

2016-08-0300:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23
JSON

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

  • A flaw was found in the Linux kernel’s keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important)

  • The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.
    (CVE-2015-8660, Moderate)

Red Hat would like to thank Nathan Williams for reporting CVE-2015-8660. The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).

The kernel-rt packages have been upgraded to the kernel-3.10.0-327.28.2.el7 source tree, which provides a number of bug fixes over the previous version. (BZ#1350307)

This update also fixes the following bugs :

  • Previously, use of the get/put_cpu_var() function in function refill_stock () from the memcontrol cgroup code lead to a ‘scheduling while atomic’ warning. With this update, refill_stock() uses the get/put_cpu_light() function instead, and the warnings no longer appear. (BZ#1347171)

  • Prior to this update, if a real time task pinned to a given CPU was taking 100% of the CPU time, then calls to the lru_add_drain_all() function on other CPUs blocked for an undetermined amount of time.
    This caused latencies and undesired side effects. With this update, lru_add_drain_all() has been changed to drain the LRU pagevecs of remote CPUs. (BZ#1348523)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2016:1541. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(92695);
  script_version("2.13");
  script_cvs_date("Date: 2019/10/24 15:35:41");

  script_cve_id("CVE-2015-8660", "CVE-2016-4470");
  script_xref(name:"RHSA", value:"2016:1541");

  script_name(english:"RHEL 7 : kernel-rt (RHSA-2016:1541)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An update for kernel-rt is now available for Red Hat Enterprise Linux
7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The kernel-rt packages provide the Real Time Linux Kernel, which
enables fine-tuning for systems with extremely high determinism
requirements.

* A flaw was found in the Linux kernel's keyring handling code, where
in key_reject_and_link() an uninitialised variable would eventually
lead to arbitrary free address which could allow attacker to use a
use-after-free style attack. (CVE-2016-4470, Important)

* The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel
through 4.3.3 attempts to merge distinct setattr operations, which
allows local users to bypass intended access restrictions and modify
the attributes of arbitrary overlay files via a crafted application.
(CVE-2015-8660, Moderate)

Red Hat would like to thank Nathan Williams for reporting
CVE-2015-8660. The CVE-2016-4470 issue was discovered by David Howells
(Red Hat Inc.).

The kernel-rt packages have been upgraded to the
kernel-3.10.0-327.28.2.el7 source tree, which provides a number of bug
fixes over the previous version. (BZ#1350307)

This update also fixes the following bugs :

* Previously, use of the get/put_cpu_var() function in function
refill_stock () from the memcontrol cgroup code lead to a 'scheduling
while atomic' warning. With this update, refill_stock() uses the
get/put_cpu_light() function instead, and the warnings no longer
appear. (BZ#1347171)

* Prior to this update, if a real time task pinned to a given CPU was
taking 100% of the CPU time, then calls to the lru_add_drain_all()
function on other CPUs blocked for an undetermined amount of time.
This caused latencies and undesired side effects. With this update,
lru_add_drain_all() has been changed to drain the LRU pagevecs of
remote CPUs. (BZ#1348523)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2016:1541"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2015-8660"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2016-4470"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Overlayfs Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/12/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/08/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/03");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
include("ksplice.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2015-8660", "CVE-2016-4470");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2016:1541");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2016:1541";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debug-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debug-debuginfo-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debug-devel-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debug-kvm-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debug-kvm-debuginfo-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debuginfo-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-debuginfo-common-x86_64-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-devel-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
  if (rpm_check(release:"RHEL7", reference:"kernel-rt-doc-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-kvm-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-kvm-debuginfo-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-trace-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-trace-debuginfo-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-trace-devel-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-trace-kvm-3.10.0-327.28.2.rt56.234.el7_2")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kernel-rt-trace-kvm-debuginfo-3.10.0-327.28.2.rt56.234.el7_2")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxkernel-rtp-cpe:/a:redhat:enterprise_linux:kernel-rt
redhatenterprise_linuxkernel-rt-debugp-cpe:/a:redhat:enterprise_linux:kernel-rt-debug
redhatenterprise_linuxkernel-rt-debug-debuginfop-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo
redhatenterprise_linuxkernel-rt-debug-develp-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel
redhatenterprise_linuxkernel-rt-debug-kvmp-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm
redhatenterprise_linuxkernel-rt-debug-kvm-debuginfop-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo
redhatenterprise_linuxkernel-rt-debuginfop-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo
redhatenterprise_linuxkernel-rt-debuginfo-common-x86_64p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64
redhatenterprise_linuxkernel-rt-develp-cpe:/a:redhat:enterprise_linux:kernel-rt-devel
redhatenterprise_linuxkernel-rt-docp-cpe:/a:redhat:enterprise_linux:kernel-rt-doc
Rows per page:
1-10 of 181

Related

nessus 63
oraclelinux 6
redhat 9
veracode 2
openvas 34
centos 2
zdt 4
ubuntucve 2
canvas 1
packetstorm 2
exploitpack 1
ubuntu 14
debiancve 2
cve 2
seebug 1
prion 2
suse 27
android 1
f5 4
redhatcve 1
exploitdb 2
metasploit 1
fedora 3
cloudfoundry 1
amazon 1
mageia 6
ibm 1
debian 3
osv 1
nessus
nessus
OracleVM 3.4 : Unbreakable / etc (OVMSA-2016-0094)
2016-08-08 00:00:00
RHEL 6 : MRG (RHSA-2016:1532)
2016-08-03 00:00:00
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3593)
2016-08-08 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2016-08-04 00:00:00
kernel security and bug fix update
2016-08-02 00:00:00
Unbreakable Enterprise kernel security update
2016-08-04 00:00:00
redhat
redhat
(RHSA-2016:1532) Important: kernel-rt security and bug fix update
2016-08-02 13:34:07
(RHSA-2016:1541) Important: kernel-rt security and bug fix update
2016-08-02 13:46:48
(RHSA-2016:1539) Important: kernel security and bug fix update
2016-08-02 13:46:40
veracode
veracode
Use-After-Free
2019-05-02 06:01:56
Authorization Bypass
2019-01-15 09:12:37
openvas
openvas
RedHat Update for kernel RHSA-2016:1539-01
2016-08-04 00:00:00
CentOS Update for kernel CESA-2016:1539 centos7
2016-08-08 00:00:00
Ubuntu Update for linux-lts-vivid USN-2857-2
2016-01-07 00:00:00
centos
centos
kernel, perf, python security update
2016-08-03 14:05:49
kernel, perf, python security update
2016-10-05 14:03:13
zdt
zdt
Linux Kernel 4.3.3 - 'overlayfs' Privilege Escalation (2)
2016-01-12 00:00:00
Linux Kernel 4.3.3 (Ubuntu 14.04/15.10) - 'overlayfs' Privilege Escalation (1)
2016-01-05 00:00:00
Overlayfs Privilege Escalation Exploit
2016-11-02 00:00:00
ubuntucve
ubuntucve
CVE-2015-8660
2015-12-28 00:00:00
CVE-2016-4470
2016-06-27 00:00:00
canvas
canvas
Immunity Canvas: OVERLAYFS_SETATTR
2015-12-28 11:59:00
packetstorm
packetstorm
Ubuntu 14.04 LTS / 15.10 overlayfs Local Root
2016-01-06 00:00:00
Overlayfs Privilege Escalation
2016-11-01 00:00:00
exploitpack
exploitpack
Linux Kernel 4.3.3 (Ubuntu 14.0415.10) - overlayfs Local Privilege Escalation (1)
2016-01-05 00:00:00
ubuntu
ubuntu
Linux kernel (Raspberry Pi 2) vulnerability
2016-01-05 00:00:00
Linux kernel (Wily HWE) vulnerability
2016-01-05 00:00:00
Linux kernel (Vivid HWE) vulnerability
2016-01-05 00:00:00
debiancve
debiancve
CVE-2015-8660
2015-12-28 11:59:00
CVE-2016-4470
2016-06-27 10:59:00
cve
cve
CVE-2015-8660
2015-12-28 11:59:00
CVE-2016-4470
2016-06-27 10:59:00
seebug
seebug
Ubuntu 14.04 LTS, 15.10 overlayfs - Local Root Exploit
2016-01-18 00:00:00
prion
prion
Design/Logic Flaw
2015-12-28 11:59:00
Command injection
2016-06-27 10:59:00
suse
suse
Security update for Linux Kernel Live Patch 15 for SLE 12 (important)
2016-08-09 17:17:48
Security update for Linux Kernel Live Patch 14 for SLE 12 (important)
2016-08-09 17:18:11
Security update for kernel live patch 1 (important)
2016-03-14 18:17:42
android
android
CVE-2016-4470
2016-09-01 00:00:00
f5
f5
SOL55672042 - Linux kernel vulnerability CVE-2016-4470
2016-10-22 00:00:00
K55672042 : Linux kernel vulnerability CVE-2016-4470
2016-10-23 00:00:00
K07560020 : Linux kernel vulnerabilities CVE-2015-7884, CVE-2015-7885, CVE-2015-8543, CVE-2015-8569, and CVE-2015-8660
2016-01-29 00:00:00
redhatcve
redhatcve
CVE-2016-4470
2016-06-15 06:18:27
exploitdb
exploitdb
Linux Kernel 4.3.3 (Ubuntu 14.04/15.10) - &#039;overlayfs&#039; Local Privilege Escalation (1)
2016-01-05 00:00:00
Linux Kernel (Ubuntu / Fedora / RedHat) - &#039;Overlayfs&#039; Local Privilege Escalation (Metasploit)
2016-11-02 00:00:00
metasploit
metasploit
Overlayfs Privilege Escalation
2016-10-05 03:21:53
fedora
fedora
[SECURITY] Fedora 22 Update: kernel-4.4.14-200.fc22
2016-07-19 07:20:52
[SECURITY] Fedora 24 Update: kernel-4.6.3-300.fc24
2016-06-30 21:30:47
[SECURITY] Fedora 23 Update: kernel-4.5.7-202.fc23
2016-07-02 19:33:02
cloudfoundry
cloudfoundry
USN-3053-1/USN-3037-1 Linux kernel (Vivid HWE) vulnerability | Cloud Foundry
2016-08-25 00:00:00
amazon
amazon
Medium: kernel
2016-08-01 13:30:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2016-01-11 13:44:41
Updated kernel-linus packages fix security vulnerabilities
2016-08-31 18:32:33
Updated kernel-linus packages fix security vulnerabilities
2016-01-14 04:44:39
ibm
ibm
Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM
2018-06-18 01:33:24
debian
debian
[SECURITY] [DLA 609-1] linux security update
2016-09-03 11:53:47
[SECURITY] [DSA 3607-1] linux security update
2016-06-28 09:56:48
[SECURITY] [DSA 3607-1] linux security update
2016-06-28 09:56:48
osv
osv
linux - security update
2016-09-03 00:00:00
JSON
Related for REDHAT-RHSA-2016-1541.NASL
nessus63oraclelinux6redhat9veracode2openvas34centos2zdt4ubuntucve2canvas1packetstorm2exploitpack1ubuntu14debiancve2cve2seebug1prion2suse27android1f54redhatcve1exploitdb2metasploit1fedora3cloudfoundry1amazon1mageia6ibm1debian3osv1