RHEL 7 : v8 (RHSA-2017:0880)

🗓️ 04 Nov 2024 00:00:00Reported by TenableType

RHEL 7 has a vulnerable V8 package that can lead to crashes or arbitrary code execution.

Reporter	Title	Published	Views	Family All 106
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Business Process Manager shipped with IBM Cloud Orchestrator and IBM SmartCloud Orchestrator	17 Jun 201822:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM® SDK for Node.js™ in IBM Bluemix may be affected by CVE-2016-1669	9 Aug 201804:20	–	ibm
IBM Security Bulletins	Security Bulletin: Buffer overflow in V8 in Node.js affects IBM Rational Application Developer for WebSphere Software included in Rational Developer for i and Rational Developer for AIX and Linux	3 Aug 201804:23	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in node.js processing affect IBM DataPower Gateways	15 Jun 201807:06	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2014-9748, CVE-2016-1669)	15 Jun 201807:06	–	ibm
IBM Security Bulletins	Security Bulletin: IBM® SDK for Node.js™ may be affected by CVE-2016-1669	9 Aug 201804:20	–	ibm
IBM Security Bulletins	Security Bulletin: Buffer overflow in V8	17 Jun 201805:14	–	ibm
FreeBSD	chromium -- multiple vulnerabilities	11 May 201600:00	–	freebsd
Apple	About the security content of Xcode 8.1	27 Oct 201600:00	–	apple
Apple	About the security content of Xcode 8.1 - Apple Support	23 Jan 201705:36	–	apple

Source	Link
access	www.access.redhat.com/security/updates/classification/
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nessus	www.nessus.org/u
access	www.access.redhat.com/errata/RHSA-2017:0880
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2017:0880. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(210151);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/04/15");

  script_cve_id("CVE-2016-1669");
  script_xref(name:"RHSA", value:"2017:0880");

  script_name(english:"RHEL 7 : v8 (RHSA-2017:0880)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing a security update for v8.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in
the RHSA-2017:0880 advisory.

    V8 is Google's open source JavaScript engine. V8 is written in C++ and is used in Google Chrome, the open
    source browser from Google. V8 implements ECMAScript as specified in ECMA-262, 3rd edition.

    Security Fix(es):

    * An integer-overflow flaw was found in V8's Zone class when allocating new memory (Zone::New() and
    Zone::NewExpand()). An attacker with the ability to manipulate a large zone could crash the application
    or, potentially, execute arbitrary code with the application privileges. (CVE-2016-1669)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1335449");
  # https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_0880.json
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fe429b96");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2017:0880");
  script_set_attribute(attribute:"solution", value:
"Update the RHEL v8 package based on the guidance in RHSA-2017:0880.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-1669");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(190);
  script_set_attribute(attribute:"vendor_severity", value:"Moderate");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/04/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/11/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:v8");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'repo_relative_urls': [
      'content/dist/rhel/client/7/7Client/x86_64/openstack-tools/9/debug',
      'content/dist/rhel/client/7/7Client/x86_64/openstack-tools/9/os',
      'content/dist/rhel/client/7/7Client/x86_64/openstack-tools/9/source/SRPMS',
      'content/dist/rhel/server/7/7Server/x86_64/openstack-tools/9/debug',
      'content/dist/rhel/server/7/7Server/x86_64/openstack-tools/9/os',
      'content/dist/rhel/server/7/7Server/x86_64/openstack-tools/9/source/SRPMS',
      'content/dist/rhel/server/7/7Server/x86_64/openstack/9/debug',
      'content/dist/rhel/server/7/7Server/x86_64/openstack/9/os',
      'content/dist/rhel/server/7/7Server/x86_64/openstack/9/source/SRPMS',
      'content/dist/rhel/workstation/7/7Workstation/x86_64/openstack-tools/9/debug',
      'content/dist/rhel/workstation/7/7Workstation/x86_64/openstack-tools/9/os',
      'content/dist/rhel/workstation/7/7Workstation/x86_64/openstack-tools/9/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'v8-3.14.5.10-19.el7ost', 'cpu':'x86_64', 'release':'7', 'el_string':'el7ost', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'openstack-'}
    ]
  }
];

var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);

var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
  foreach var pkg ( constraint_array['pkgs'] ) {
    var reference = NULL;
    var _release = NULL;
    var sp = NULL;
    var _cpu = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var epoch = NULL;
    var allowmaj = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        _release &&
        rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
        (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
        rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
  else extra = rpm_report_get();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'v8');
}

15 Apr 2025 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 3.18.8

CVSS 29.3

EPSS0.01626

rhel 7 v8 package security vulnerability integer overflow arbitrary code execution cve-2016-1669.