Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2017-1647.NASL
HistoryJun 29, 2017 - 12:00 a.m.

RHEL 6 : MRG (RHSA-2017:1647) (Stack Clash)

2017-06-2900:00:00
This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
34
JSON

An update for kernel-rt is now available for Red Hat Enterprise MRG 2.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es) :

  • A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult.
    (CVE-2017-1000364, Important)

  • The NFS2/3 RPC client could send long arguments to the NFS server.
    These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel, resulting in denial of service. (CVE-2017-7645, Important)

  • The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)

  • A flaw was found in the Linux kernel’s handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely. (CVE-2017-6214, Moderate)

Red Hat would like to thank Qualys Research Labs for reporting CVE-2017-1000364 and Ari Kauppi for reporting CVE-2017-7895.

Bug Fix(es) :

  • kernel-rt packages have been upgraded to the 3.10.0-514 source tree, which provides a number of bug fixes over the previous version.
    (BZ#1452745)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2017:1647. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(101103);
  script_version("3.15");
  script_cvs_date("Date: 2019/10/24 15:35:43");

  script_cve_id("CVE-2017-1000364", "CVE-2017-1000379", "CVE-2017-6214", "CVE-2017-7645", "CVE-2017-7895");
  script_xref(name:"RHSA", value:"2017:1647");

  script_name(english:"RHEL 6 : MRG (RHSA-2017:1647) (Stack Clash)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An update for kernel-rt is now available for Red Hat Enterprise MRG 2.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The kernel-rt packages provide the Real Time Linux Kernel, which
enables fine-tuning for systems with extremely high determinism
requirements.

Security Fix(es) :

* A flaw was found in the way memory was being allocated on the stack
for user space binaries. If heap (or different memory region) and
stack memory regions were adjacent to each other, an attacker could
use this flaw to jump over the stack guard gap, cause controlled
memory corruption on process stack or the adjacent memory region, and
thus increase their privileges on the system. This is a kernel-side
mitigation which increases the stack guard gap size from one page to 1
MiB to make successful exploitation of this issue more difficult.
(CVE-2017-1000364, Important)

* The NFS2/3 RPC client could send long arguments to the NFS server.
These encoded arguments are stored in an array of memory pages, and
accessed using pointer variables. Arbitrarily long arguments could
make these pointers point outside the array and cause an out-of-bounds
memory access. A remote user or program could use this flaw to crash
the kernel, resulting in denial of service. (CVE-2017-7645, Important)

* The NFSv2 and NFSv3 server implementations in the Linux kernel
through 4.10.13 lacked certain checks for the end of a buffer. A
remote attacker could trigger a pointer-arithmetic error or possibly
cause other unspecified impacts using crafted requests related to
fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)

* A flaw was found in the Linux kernel's handling of packets with the
URG flag. Applications using the splice() and tcp_splice_read()
functionality could allow a remote attacker to force the kernel to
enter a condition in which it could loop indefinitely. (CVE-2017-6214,
Moderate)

Red Hat would like to thank Qualys Research Labs for reporting
CVE-2017-1000364 and Ari Kauppi for reporting CVE-2017-7895.

Bug Fix(es) :

* kernel-rt packages have been upgraded to the 3.10.0-514 source tree,
which provides a number of bug fixes over the previous version.
(BZ#1452745)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2017:1647"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-1000364"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-1000379"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-6214"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-7645"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-7895"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'rsh_stack_clash_priv_esc.rb');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/02/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/06/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/29");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
include("ksplice.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2017-1000364", "CVE-2017-1000379", "CVE-2017-6214", "CVE-2017-7645", "CVE-2017-7895");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2017:1647");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2017:1647";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;

  if (! (rpm_exists(release:"RHEL6", rpm:"mrg-release"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "MRG");

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-3.10.0-514.rt56.228.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-3.10.0-514.rt56.228.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-debuginfo-3.10.0-514.rt56.228.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debug-devel-3.10.0-514.rt56.228.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debuginfo-3.10.0-514.rt56.228.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-debuginfo-common-x86_64-3.10.0-514.rt56.228.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-devel-3.10.0-514.rt56.228.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"kernel-rt-doc-3.10.0-514.rt56.228.el6")) flag++;
  if (rpm_check(release:"RHEL6", reference:"kernel-rt-firmware-3.10.0-514.rt56.228.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-3.10.0-514.rt56.228.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-debuginfo-3.10.0-514.rt56.228.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-trace-devel-3.10.0-514.rt56.228.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-3.10.0-514.rt56.228.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-debuginfo-3.10.0-514.rt56.228.el6")) flag++;
  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"kernel-rt-vanilla-devel-3.10.0-514.rt56.228.el6")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxkernel-rtp-cpe:/a:redhat:enterprise_linux:kernel-rt
redhatenterprise_linuxkernel-rt-debugp-cpe:/a:redhat:enterprise_linux:kernel-rt-debug
redhatenterprise_linuxkernel-rt-debug-debuginfop-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo
redhatenterprise_linuxkernel-rt-debug-develp-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel
redhatenterprise_linuxkernel-rt-debuginfop-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo
redhatenterprise_linuxkernel-rt-debuginfo-common-x86_64p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64
redhatenterprise_linuxkernel-rt-develp-cpe:/a:redhat:enterprise_linux:kernel-rt-devel
redhatenterprise_linuxkernel-rt-docp-cpe:/a:redhat:enterprise_linux:kernel-rt-doc
redhatenterprise_linuxkernel-rt-firmwarep-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware
redhatenterprise_linuxkernel-rt-tracep-cpe:/a:redhat:enterprise_linux:kernel-rt-trace
Rows per page:
1-10 of 161

Related

redhat 21
nessus 67
oraclelinux 7
centos 5
virtuozzo 5
myhack58 1
openvas 33
mageia 1
cve 4
veracode 3
prion 4
ubuntucve 4
debiancve 3
fedora 4
ibm 6
f5 3
redhatcve 1
suse 19
debian 1
ubuntu 6
thn 1
redhat
redhat
(RHSA-2017:1647) Important: kernel-rt security and bug fix update
2017-06-28 15:41:10
(RHSA-2017:1616) Important: kernel-rt security and bug fix update
2017-06-28 15:09:04
(RHSA-2017:1486) Important: kernel security update
2017-06-19 15:07:37
nessus
nessus
RHEL 7 : kernel-rt (RHSA-2017:1616) (Stack Clash)
2017-06-29 00:00:00
Oracle Linux 7 : kernel (ELSA-2017-1615-1) (Stack Clash)
2017-06-30 00:00:00
RHEL 7 : kernel (RHSA-2017:1484) (Stack Clash)
2017-06-20 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2017-06-28 00:00:00
kernel security and bug fix update
2017-06-28 00:00:00
kernel security and bug fix update
2017-07-11 00:00:00
centos
centos
kernel, perf, python security update
2017-06-20 15:31:20
kernel, perf, python security update
2017-06-20 08:37:49
kernel, perf, python security update
2017-06-29 21:03:21
virtuozzo
virtuozzo
Kernel security update: CVE-2017-7645 and other; new kernel 2.6.32-042stab123.3 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
2017-05-11 00:00:00
Important kernel security update: CVE-2017-7645 and other; Virtuozzo ReadyKernel patch 21.0 for Virtuozzo 7.0.x
2017-05-23 00:00:00
Kernel security update: CVE-2017-7645 and other; new kernel 2.6.32-042stab123.3, Virtuozzo 6.0 Update 12 Hotfix 9 (6.0.12-3676)
2017-05-11 00:00:00
myhack58
myhack58
CentOS 7 released a kernel security update that fixes five vulnerabilities-vulnerability warning-the black bar safety net
2017-07-02 00:00:00
openvas
openvas
CentOS Update for kernel CESA-2017:1615 centos7
2017-06-30 00:00:00
RedHat Update for kernel RHSA-2017:1615-01
2017-06-29 00:00:00
Mageia: Security Advisory (MGASA-2017-0149)
2022-01-28 00:00:00
mageia
mageia
Updated kernel packages fixes security vulnerabilities
2017-05-26 09:54:58
cve
cve
CVE-2017-1000379
2017-06-19 16:29:00
CVE-2017-6214
2017-02-23 17:59:00
CVE-2017-7895
2017-04-28 10:59:00
veracode
veracode
Denial Of Service (DOS)
2019-05-02 06:12:55
Denial Of Service (DoS)
2019-01-15 09:17:01
Arbitrary Code Execution
2019-01-15 09:17:57
prion
prion
Heap overflow
2017-06-19 16:29:00
Null pointer dereference
2017-04-28 10:59:00
Code injection
2017-02-23 17:59:00
ubuntucve
ubuntucve
CVE-2017-1000379
2017-06-19 00:00:00
CVE-2017-7895
2017-04-28 00:00:00
CVE-2017-6214
2017-02-23 00:00:00
debiancve
debiancve
CVE-2017-1000379
2017-06-19 16:29:00
CVE-2017-7895
2017-04-28 10:59:00
CVE-2017-6214
2017-02-23 17:59:00
fedora
fedora
[SECURITY] Fedora 25 Update: kernel-4.10.14-200.fc25
2017-05-10 04:03:34
[SECURITY] Fedora 24 Update: kernel-4.10.14-100.fc24
2017-05-10 03:56:15
[SECURITY] Fedora 24 Update: kernel-4.11.6-101.fc24
2017-06-23 19:53:44
ibm
ibm
Security Bulletin: The Linux Kernel as used in IBM QRadar SIEM is vulnerable to denial service. (CVE-2017-6214)
2018-06-16 22:04:36
Security Bulletin: Vulnerability in Linux Kernel affects IBM RackSwitch Products (CVE-2017-6214)
2019-01-31 02:25:02
Security Bulletin: Vulnerability in Linux Kernel affects IBM Flex System Networking Switch Products (CVE-2017-6214)
2019-01-31 02:25:02
f5
f5
K15004519 : NFS vulnerability CVE-2017-7895
2017-07-20 00:00:00
K48281956 : NFSv2/3 kernel vulnerability CVE-2017-7645
2017-07-18 00:00:00
K81211720 : Linux kernel vulnerability CVE-2017-6214
2017-04-13 00:00:00
redhatcve
redhatcve
CVE-2017-6214
2017-02-24 09:18:13
suse
suse
Security update for the Linux Kernel (critical)
2017-06-19 21:15:28
Security update for Linux Kernel Live Patch 8 for SLE 12 SP1 (important)
2017-07-20 21:12:25
Security update for Linux Kernel Live Patch 9 for SLE 12 SP1 (important)
2017-07-20 21:10:49
debian
debian
[SECURITY] [DSA 3886-2] linux regression update
2017-06-27 19:31:22
ubuntu
ubuntu
Linux kernel (Raspberry Pi 2) vulnerability
2017-06-22 00:00:00
Linux kernel (Raspberry Pi 2) vulnerability
2017-06-22 00:00:00
Linux kernel (Trusty HWE) vulnerability
2017-06-21 00:00:00
thn
thn
A Decade Old Unix/Linux/BSD Root Privilege-Escalation Bug Discovered
2017-06-19 20:49:00
JSON
Related for REDHAT-RHSA-2017-1647.NASL
redhat21nessus67oraclelinux7centos5virtuozzo5myhack581openvas33mageia1cve4veracode3prion4ubuntucve4debiancve3fedora4ibm6f53redhatcve1suse19debian1ubuntu6thn1