Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT_UNPATCHED_KERNEL-RHEL5.NASL
HistoryJun 03, 2024 - 12:00 a.m.

RHEL 5 : kernel (Unpatched Vulnerability)

2024-06-0300:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
rhel 5
kernel
unpatched
vulnerability
netfilter
ia64
subsystem
videobuf-vmalloc
driver
denial of service
cve-2017-18017
cve-2006-3635
cve-2007-6761

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.954 High

EPSS

Percentile

99.4%

JSON

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  • kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017)

  • The ia64 subsystem in the Linux kernel before 2.6.26 allows local users to cause a denial of service (stack consumption and system crash) via a crafted application that leverages the mishandling of invalid Register Stack Engine (RSE) state. (CVE-2006-3635)

  • drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobuf_mapping data structures, which allows local users to trigger an incorrect count value and videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321. (CVE-2007-6761)

Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory kernel. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(199257);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/04");

  script_cve_id(
    "CVE-2006-3635",
    "CVE-2007-6761",
    "CVE-2010-5328",
    "CVE-2010-5329",
    "CVE-2012-0056",
    "CVE-2012-6701",
    "CVE-2013-4312",
    "CVE-2013-6380",
    "CVE-2013-6382",
    "CVE-2013-7266",
    "CVE-2013-7267",
    "CVE-2013-7268",
    "CVE-2013-7269",
    "CVE-2013-7270",
    "CVE-2013-7271",
    "CVE-2013-7446",
    "CVE-2014-3673",
    "CVE-2014-5471",
    "CVE-2014-5472",
    "CVE-2014-6410",
    "CVE-2014-8133",
    "CVE-2014-8709",
    "CVE-2014-9419",
    "CVE-2014-9420",
    "CVE-2014-9584",
    "CVE-2014-9585",
    "CVE-2014-9731",
    "CVE-2015-1350",
    "CVE-2015-2042",
    "CVE-2015-2150",
    "CVE-2015-2877",
    "CVE-2015-3288",
    "CVE-2015-3339",
    "CVE-2015-4167",
    "CVE-2015-5156",
    "CVE-2015-5157",
    "CVE-2015-5257",
    "CVE-2015-5275",
    "CVE-2015-5283",
    "CVE-2015-6937",
    "CVE-2015-7509",
    "CVE-2015-7515",
    "CVE-2015-7550",
    "CVE-2015-7799",
    "CVE-2015-7990",
    "CVE-2015-8215",
    "CVE-2015-8543",
    "CVE-2015-8553",
    "CVE-2015-8575",
    "CVE-2015-8767",
    "CVE-2015-8812",
    "CVE-2015-8952",
    "CVE-2015-8956",
    "CVE-2015-8964",
    "CVE-2015-1142857",
    "CVE-2016-0723",
    "CVE-2016-0774",
    "CVE-2016-0821",
    "CVE-2016-2069",
    "CVE-2016-2184",
    "CVE-2016-2185",
    "CVE-2016-2186",
    "CVE-2016-2543",
    "CVE-2016-2544",
    "CVE-2016-2545",
    "CVE-2016-2546",
    "CVE-2016-2547",
    "CVE-2016-2550",
    "CVE-2016-2847",
    "CVE-2016-3134",
    "CVE-2016-3138",
    "CVE-2016-3139",
    "CVE-2016-3140",
    "CVE-2016-3156",
    "CVE-2016-3157",
    "CVE-2016-3672",
    "CVE-2016-3951",
    "CVE-2016-4482",
    "CVE-2016-4486",
    "CVE-2016-4569",
    "CVE-2016-4578",
    "CVE-2016-4580",
    "CVE-2016-4913",
    "CVE-2016-5244",
    "CVE-2016-5829",
    "CVE-2016-6130",
    "CVE-2016-6480",
    "CVE-2016-7042",
    "CVE-2016-7097",
    "CVE-2016-7425",
    "CVE-2016-7915",
    "CVE-2016-8405",
    "CVE-2016-9685",
    "CVE-2016-9794",
    "CVE-2016-10741",
    "CVE-2017-0627",
    "CVE-2017-0630",
    "CVE-2017-0861",
    "CVE-2017-5549",
    "CVE-2017-5551",
    "CVE-2017-5986",
    "CVE-2017-6348",
    "CVE-2017-7542",
    "CVE-2017-7616",
    "CVE-2017-7889",
    "CVE-2017-8890",
    "CVE-2017-8924",
    "CVE-2017-8925",
    "CVE-2017-9074",
    "CVE-2017-9075",
    "CVE-2017-9076",
    "CVE-2017-9077",
    "CVE-2017-11473",
    "CVE-2017-12190",
    "CVE-2017-12762",
    "CVE-2017-13166",
    "CVE-2017-13167",
    "CVE-2017-13693",
    "CVE-2017-13694",
    "CVE-2017-13695",
    "CVE-2017-14051",
    "CVE-2017-14140",
    "CVE-2017-15102",
    "CVE-2017-15274",
    "CVE-2017-16532",
    "CVE-2017-16534",
    "CVE-2017-16536",
    "CVE-2017-16537",
    "CVE-2017-16644",
    "CVE-2017-16646",
    "CVE-2017-16647",
    "CVE-2017-16649",
    "CVE-2017-16650",
    "CVE-2017-17558",
    "CVE-2017-17807",
    "CVE-2017-18017",
    "CVE-2017-18079",
    "CVE-2017-18360",
    "CVE-2017-1000370",
    "CVE-2017-1000371",
    "CVE-2017-1000380",
    "CVE-2018-1092",
    "CVE-2018-1120",
    "CVE-2018-1130",
    "CVE-2018-5333",
    "CVE-2018-5390",
    "CVE-2018-5391",
    "CVE-2018-5803",
    "CVE-2018-6927",
    "CVE-2018-7492",
    "CVE-2018-7757",
    "CVE-2018-9516",
    "CVE-2018-9568",
    "CVE-2018-10675",
    "CVE-2018-10902",
    "CVE-2018-10940",
    "CVE-2018-12126",
    "CVE-2018-12127",
    "CVE-2018-12130",
    "CVE-2018-12207",
    "CVE-2018-12928",
    "CVE-2018-13405",
    "CVE-2018-14617",
    "CVE-2018-14734",
    "CVE-2018-16658",
    "CVE-2018-16885",
    "CVE-2018-17977",
    "CVE-2018-18710",
    "CVE-2018-20169",
    "CVE-2018-20836",
    "CVE-2018-1000004",
    "CVE-2019-0154",
    "CVE-2019-3459",
    "CVE-2019-11091",
    "CVE-2019-11184"
  );
  script_xref(name:"IAVA", value:"2018-A-0174-S");
  script_xref(name:"IAVA", value:"2019-A-0166");
  script_xref(name:"CEA-ID", value:"CEA-2019-0324");
  script_xref(name:"CEA-ID", value:"CEA-2019-0547");

  script_name(english:"RHEL 5 : kernel (Unpatched Vulnerability)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 5 host is affected by multiple vulnerabilities that will not be patched.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c
    (CVE-2017-18017)

  - The ia64 subsystem in the Linux kernel before 2.6.26 allows local users to cause a denial of service
    (stack consumption and system crash) via a crafted application that leverages the mishandling of invalid
    Register Stack Engine (RSE) state. (CVE-2006-3635)

  - drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize
    videobuf_mapping data structures, which allows local users to trigger an incorrect count value and
    videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321. (CVE-2007-6761)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
  script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-18017");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');
include('ksplice.inc');

if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '5')) audit(AUDIT_OS_NOT, 'Red Hat 5.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'pkgs': [
      {'reference':'kernel', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'kernel'}
    ]
  }
];


var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
  foreach var pkg ( constraint_array['pkgs'] ) {
    var unpatched_pkg = NULL;
    var _release = NULL;
    var sp = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (unpatched_pkg &&
        _release &&
        (!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
        unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : unpatched_packages_report()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');
}
VendorProductVersionCPE
redhatenterprise_linuxkernelp-cpe:/a:redhat:enterprise_linux:kernel
redhatenterprise_linux5cpe:/o:redhat:enterprise_linux:5

References

Related

nvd 1
cve 1
prion 1
ubuntu 17
virtuozzo 5
openvas 46
nessus 66
fedora 13
suse 9
oraclelinux 8
debian 6
osv 5
myhack58 4
seebug 1
huawei 1
cloudfoundry 1
mageia 1
intel 1
redhat 6
centos 2
ibm 1
thn 1
threatpost 1
amazon 1
nvd
nvd
CVE-2013-6463
2014-01-06 16:55:09
cve
cve
CVE-2013-6463
2014-01-06 16:55:09
prion
prion
Design/Logic Flaw
2014-01-06 16:55:00
ubuntu
ubuntu
Linux kernel (OMAP4) vulnerabilities
2016-05-09 00:00:00
Linux kernel vulnerabilities
2016-05-09 00:00:00
Linux kernel (Utopic HWE) vulnerabilities
2016-03-14 00:00:00
virtuozzo
virtuozzo
Kernel security update: CVE-2017-9077 and other; new kernel 2.6.32-042stab123.4, Virtuozzo 6.0 Update 12 Hotfix 10 (6.0.12-3677)
2017-06-13 00:00:00
Kernel security update: CVE-2017-9077 and other; Virtuozzo ReadyKernel patch 22.0 for Virtuozzo 7.0.3
2017-06-02 00:00:00
Kernel security update: CVE-2017-9077 and other; Virtuozzo ReadyKernel patch 22.0 for Virtuozzo 7.0.4
2017-06-02 00:00:00
openvas
openvas
Fedora Update for kernel FEDORA-2017-6554692044
2017-06-14 00:00:00
Fedora Update for kernel FEDORA-2017-6f06be3fe9
2017-06-02 00:00:00
Ubuntu: Security Advisory (USN-2967-1)
2016-05-10 00:00:00
nessus
nessus
Ubuntu 12.04 LTS : linux vulnerabilities (USN-2967-1)
2016-05-12 00:00:00
Fedora 24 : kernel (2017-6554692044)
2017-06-15 00:00:00
Virtuozzo 7 : readykernel-patch (VZA-2017-044)
2017-06-05 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: kernel-4.11.3-200.fc25
2017-06-01 05:13:39
[SECURITY] Fedora 24 Update: kernel-4.11.4-100.fc24
2017-06-13 19:58:48
[SECURITY] Fedora 25 Update: kernel-4.12.11-200.fc25
2017-09-13 05:21:25
suse
suse
Security update for the Linux Kernel (important)
2016-08-15 16:08:51
Security update for the Linux Kernel (important)
2016-04-19 19:07:56
kernel update for Evergreen 11.4 (important)
2016-10-26 18:07:11
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2016-05-16 00:00:00
Unbreakable Enterprise kernel security update
2016-05-20 00:00:00
Unbreakable Enterprise kernel security update
2016-05-20 00:00:00
debian
debian
[SECURITY] [DLA 516-1] linux security update
2016-06-17 12:12:11
[SECURITY] [DSA 3503-1] linux security update
2016-03-03 20:56:20
[SECURITY] [DSA 3503-1] linux security update
2016-03-03 20:56:20
osv
osv
linux - security update
2016-06-17 00:00:00
linux - security update
2016-03-03 00:00:00
linux-2.6 - security update
2016-01-05 00:00:00
myhack58
myhack58
“Phoenix Talon”in the Linux Kernel —lurking for over 11 years, the kernel vulnerability-vulnerability warning-the black bar safety net
2017-06-17 00:00:00
Lurking for over 11 years, the Linux kernel vulnerability”Phoenix Talon”exposure-vulnerability warning-the black bar safety net
2017-06-17 00:00:00
Intel official for 5 on 15, the aeration out of the CPU side channel vulnerabilities“ZombieLoad”detailed technical analysis on-the vulnerability warning-the black bar safety net
2019-05-20 00:00:00
seebug
seebug
"Phoenix Talon" in Linux Kernel (Phoenix Talon)
2017-06-16 00:00:00
huawei
huawei
Security Advisory - 'Phoenix Talon' Vulnerabilities in Linux Kernel
2017-08-02 00:00:00
cloudfoundry
cloudfoundry
USN-2970-1 Linux kernel (Vivid HWE) vulnerabilities | Cloud Foundry
2016-06-03 00:00:00
mageia
mageia
Updated acpica-tools packages fix security vulnerabilities
2018-04-03 21:48:20
intel
intel
Microarchitectural Data Sampling Advisory
2021-05-11 00:00:00
redhat
redhat
(RHSA-2019:1186) Important: libvirt security update
2019-05-14 20:13:20
(RHSA-2019:1155) Important: kernel security update
2019-05-14 18:08:40
(RHSA-2019:1171) Important: kernel security and bug fix update
2019-05-14 20:13:04
centos
centos
qemu security update
2019-05-15 20:31:32
libvirt security update
2019-05-15 15:41:00
ibm
ibm
Security Bulletin: IBM Netezza Firmware Diagnostics Support Tool is affected by the vulnerabilities known as Microarchitectural Data Sampling (MDS) Side Channel Vulnerabilities
2019-12-30 14:48:58
thn
thn
New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011
2019-05-14 20:20:00
threatpost
threatpost
Intel CPUs Impacted By New Class of Spectre-Like Attacks
2019-05-14 18:01:49
amazon
amazon
Important: kernel
2019-05-07 22:54:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.954 High

EPSS

Percentile

99.4%

JSON
Related for REDHAT_UNPATCHED_KERNEL-RHEL5.NASL
nvd1cve1prion1ubuntu17virtuozzo5openvas46nessus66fedora13suse9oraclelinux8debian6osv5myhack584seebug1huawei1cloudfoundry1mageia1intel1redhat6centos2ibm1thn1threatpost1amazon1