Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2017-2732.NASL
HistorySep 15, 2017 - 12:00 a.m.

RHEL 6 : kernel (RHSA-2017:2732) (BlueBorne)

2017-09-1500:00:00
This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27
JSON

An update for kernel is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es) :

  • The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)

  • A stack-based buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges.
    (CVE-2017-1000251, Important)

Red Hat would like to thank Ari Kauppi for reporting CVE-2017-7895 and Armis Labs for reporting CVE-2017-1000251.

Bug Fix(es) :

  • Previously, while the MAP_GROWSDOWN flag was set, writing to the memory which was mapped with the mmap system call failed with the SIGBUS signal. This update fixes memory management in the Linux kernel by backporting an upstream patch that enlarges the stack guard page gap. As a result, mmap now works as expected under the described circumstances. (BZ#1474720)
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2017:2732. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(103243);
  script_version("3.11");
  script_cvs_date("Date: 2019/10/24 15:35:43");

  script_cve_id("CVE-2017-1000251", "CVE-2017-7895");
  script_xref(name:"RHSA", value:"2017:2732");

  script_name(english:"RHEL 6 : kernel (RHSA-2017:2732) (BlueBorne)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An update for kernel is now available for Red Hat Enterprise Linux 6.2
Advanced Update Support.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es) :

* The NFSv2 and NFSv3 server implementations in the Linux kernel
through 4.10.13 lacked certain checks for the end of a buffer. A
remote attacker could trigger a pointer-arithmetic error or possibly
cause other unspecified impacts using crafted requests related to
fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)

* A stack-based buffer overflow flaw was found in the way the
Bluetooth subsystem of the Linux kernel processed pending L2CAP
configuration responses from a client. On systems with the stack
protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y,
which is enabled on all architectures other than s390x and ppc64[le]),
an unauthenticated attacker able to initiate a connection to a system
via Bluetooth could use this flaw to crash the system. Due to the
nature of the stack protection feature, code execution cannot be fully
ruled out, although we believe it is unlikely. On systems without the
stack protection feature (ppc64[le]; the Bluetooth modules are not
built on s390x), an unauthenticated attacker able to initiate a
connection to a system via Bluetooth could use this flaw to remotely
execute arbitrary code on the system with ring 0 (kernel) privileges.
(CVE-2017-1000251, Important)

Red Hat would like to thank Ari Kauppi for reporting CVE-2017-7895 and
Armis Labs for reporting CVE-2017-1000251.

Bug Fix(es) :

* Previously, while the MAP_GROWSDOWN flag was set, writing to the
memory which was mapped with the mmap system call failed with the
SIGBUS signal. This update fixes memory management in the Linux kernel
by backporting an upstream patch that enlarges the stack guard page
gap. As a result, mmap now works as expected under the described
circumstances. (BZ#1474720)"
  );
  # https://access.redhat.com/security/vulnerabilities/CVE-2017-1000251
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/vulnerabilities/blueborne"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2017:2732"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-1000251"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-7895"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.2");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/09/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/09/15");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
include("ksplice.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^6\.2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.2", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
  rm_kb_item(name:"Host/uptrack-uname-r");
  cve_list = make_list("CVE-2017-1000251", "CVE-2017-7895");
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2017:2732");
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2017:2732";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-2.6.32-220.75.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-debug-2.6.32-220.75.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-debug-debuginfo-2.6.32-220.75.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-debug-devel-2.6.32-220.75.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-debuginfo-2.6.32-220.75.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-220.75.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-devel-2.6.32-220.75.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"2", reference:"kernel-doc-2.6.32-220.75.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"2", reference:"kernel-firmware-2.6.32-220.75.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"kernel-headers-2.6.32-220.75.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"perf-2.6.32-220.75.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"perf-debuginfo-2.6.32-220.75.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"python-perf-2.6.32-220.75.1.el6")) flag++;
  if (rpm_check(release:"RHEL6", sp:"2", cpu:"x86_64", reference:"python-perf-debuginfo-2.6.32-220.75.1.el6")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debug / kernel-debug-debuginfo / kernel-debug-devel / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxkernelp-cpe:/a:redhat:enterprise_linux:kernel
redhatenterprise_linuxkernel-debugp-cpe:/a:redhat:enterprise_linux:kernel-debug
redhatenterprise_linuxkernel-debug-debuginfop-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo
redhatenterprise_linuxkernel-debug-develp-cpe:/a:redhat:enterprise_linux:kernel-debug-devel
redhatenterprise_linuxkernel-debuginfop-cpe:/a:redhat:enterprise_linux:kernel-debuginfo
redhatenterprise_linuxkernel-debuginfo-common-x86_64p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64
redhatenterprise_linuxkernel-develp-cpe:/a:redhat:enterprise_linux:kernel-devel
redhatenterprise_linuxkernel-docp-cpe:/a:redhat:enterprise_linux:kernel-doc
redhatenterprise_linuxkernel-firmwarep-cpe:/a:redhat:enterprise_linux:kernel-firmware
redhatenterprise_linuxkernel-headersp-cpe:/a:redhat:enterprise_linux:kernel-headers
Rows per page:
1-10 of 151

Related

redhat 19
f5 3
prion 3
centos 3
cve 3
oraclelinux 8
fedora 2
nessus 65
openvas 33
ubuntucve 3
veracode 3
debiancve 2
suse 35
archlinux 4
osv 2
exploitpack 1
ubuntu 2
redhatcve 1
slackware 1
virtuozzo 5
exploitdb 1
redhat
redhat
(RHSA-2017:2732) Important: kernel security and bug fix update
2017-09-14 13:27:03
(RHSA-2017:2412) Important: kernel security and bug fix update
2017-08-02 09:01:31
(RHSA-2017:2428) Important: kernel security update
2017-08-08 09:44:39
f5
f5
K15004519 : NFS vulnerability CVE-2017-7895
2017-07-20 00:00:00
K63131370 : Linux kernel vulnerability CVE-2017-1000251
2017-10-27 00:00:00
K58928452 : Kernel vulnerability CVE-2017-1000410
2020-12-17 00:00:00
prion
prion
Null pointer dereference
2017-04-28 10:59:00
Stack overflow
2017-09-12 17:29:00
Design/Logic Flaw
2017-12-07 19:29:00
centos
centos
kernel, perf, python security update
2017-07-12 17:45:55
kernel, perf, python security update
2017-09-12 23:15:02
kernel, perf, python security update
2017-09-13 21:20:33
cve
cve
CVE-2017-7895
2017-04-28 10:59:00
CVE-2017-1000251
2017-09-12 17:29:00
CVE-2017-1000410
2017-12-07 19:29:00
oraclelinux
oraclelinux
kernel security update
2017-09-08 00:00:00
kernel security and bug fix update
2017-09-13 00:00:00
kernel security update
2017-09-12 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: kernel-4.10.14-200.fc25
2017-05-10 04:03:34
[SECURITY] Fedora 24 Update: kernel-4.10.14-100.fc24
2017-05-10 03:56:15
nessus
nessus
RHEL 6 : kernel (RHSA-2017:1715)
2017-07-12 00:00:00
RHEL 6 : kernel (RHSA-2017:1798)
2017-07-25 00:00:00
CentOS 6 : kernel (CESA-2017:1723)
2017-07-13 00:00:00
openvas
openvas
Fedora Update for kernel FEDORA-2017-b9b1ac0d15
2017-05-10 00:00:00
RedHat Update for kernel RHSA-2017:1723-01
2017-07-12 00:00:00
Fedora Update for kernel FEDORA-2017-ad045f80ac
2017-05-10 00:00:00
ubuntucve
ubuntucve
CVE-2017-7895
2017-04-28 00:00:00
CVE-2017-1000251
2017-09-12 00:00:00
CVE-2017-1000410
2017-12-07 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:17:57
Remote Code Execution (RCE)
2019-01-15 09:19:10
Remote Code Execution (RCE)
2019-01-15 09:21:39
debiancve
debiancve
CVE-2017-7895
2017-04-28 10:59:00
CVE-2017-1000251
2017-09-12 17:29:00
suse
suse
Security update for the Linux Kernel (important)
2017-09-21 21:16:32
Security update for the Linux Kernel (important)
2017-09-20 21:07:50
Security update for the Linux Kernel (important)
2017-09-18 18:10:04
archlinux
archlinux
[ASA-201709-4] linux-hardened: arbitrary code execution
2017-09-13 00:00:00
[ASA-201709-9] linux: arbitrary code execution
2017-09-15 00:00:00
[ASA-201709-12] linux-zen: arbitrary code execution
2017-09-18 00:00:00
osv
osv
CVE-2017-1000251
2017-09-12 17:29:00
CVE-2017-1000410
2017-12-07 19:29:00
exploitpack
exploitpack
Linux Kernel 4.13.1 - BlueTooth Buffer Overflow (PoC)
2017-09-21 00:00:00
ubuntu
ubuntu
Linux kernel vulnerability
2017-09-18 00:00:00
Linux kernel vulnerabilities
2017-09-18 00:00:00
redhatcve
redhatcve
CVE-2017-1000251
2019-10-31 10:30:53
slackware
slackware
[slackware-security] kernel
2017-09-15 20:17:20
virtuozzo
virtuozzo
Important kernel security update: CVE-2017-7645 and other; Virtuozzo ReadyKernel patch 21.0 for Virtuozzo 7.0.x
2017-05-23 00:00:00
Kernel security update: CVE-2017-7645 and other; new kernel 2.6.32-042stab123.3, Virtuozzo 6.0 Update 12 Hotfix 9 (6.0.12-3676)
2017-05-11 00:00:00
Kernel security update: CVE-2017-7645 and other; new kernel 2.6.32-042stab123.3 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0
2017-05-11 00:00:00
exploitdb
exploitdb
Linux Kernel &lt; 4.13.1 - BlueTooth Buffer Overflow (PoC)
2017-09-21 00:00:00
JSON
Related for REDHAT-RHSA-2017-2732.NASL
redhat19f53prion3centos3cve3oraclelinux8fedora2nessus65openvas33ubuntucve3veracode3debiancve2suse35archlinux4osv2exploitpack1ubuntu2redhatcve1slackware1virtuozzo5exploitdb1