Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20130926_KERNEL_ON_SL5_X.NASL
HistorySep 28, 2013 - 12:00 a.m.

Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20130926)

2013-09-2800:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
27
JSON

This update fixes the following security issues :

  • A use-after-free flaw was found in the madvise() system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges.
    (CVE-2012-3511, Moderate)

  • A flaw was found in the way the Linux kernel’s TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service.
    (CVE-2013-4162, Moderate)

  • An information leak flaw in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2013-2141, Low)

This update also fixes the following bugs :

  • A bug in the be2net driver prevented communication between NICs using be2net. This update applies a patch addressing this problem along with several other upstream patches that fix various other problems.
    Traffic between NICs using the be2net driver now proceeds as expected.

  • A recent patch fixing a problem that prevented communication between NICs using the be2net driver caused the firmware of NICs to become unresponsive, and thus triggered a kernel panic. The problem was caused by unnecessary usage of a hardware workaround that allows skipping VLAN tag insertion. A patch has been applied and the workaround is now used only when the multi-channel configuration is enabled on the NIC. Note that the bug only affected the NICs with firmware version 4.2.xxxx.

  • A bug in the autofs4 mount expiration code could cause the autofs4 module to falsely report a busy tree of NFS mounts as ‘not in use’. Consequently, automount attempted to unmount the tree and failed with a ‘failed to umount offset’ error, leaving the mount tree to appear as empty directories. A patch has been applied to remove an incorrectly used autofs dentry mount check and the aforementioned problem no longer occurs.

  • A race condition in the be_open function in the be2net driver could trigger the BUG_ON() macro, which resulted in a kernel panic. A patch addressing this problem has been applied and the race condition is now avoided by enabling polling before enabling interrupts globally.
    The kernel no longer panics in this situation.

The system must be rebooted for this update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(70188);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2012-3511", "CVE-2013-2141", "CVE-2013-4162");

  script_name(english:"Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20130926)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update fixes the following security issues :

  - A use-after-free flaw was found in the madvise() system
    call implementation in the Linux kernel. A local,
    unprivileged user could use this flaw to cause a denial
    of service or, potentially, escalate their privileges.
    (CVE-2012-3511, Moderate)

  - A flaw was found in the way the Linux kernel's TCP/IP
    protocol suite implementation handled IPv6 sockets that
    used the UDP_CORK option. A local, unprivileged user
    could use this flaw to cause a denial of service.
    (CVE-2013-4162, Moderate)

  - An information leak flaw in the Linux kernel could allow
    a local, unprivileged user to leak kernel memory to
    user-space. (CVE-2013-2141, Low)

This update also fixes the following bugs :

  - A bug in the be2net driver prevented communication
    between NICs using be2net. This update applies a patch
    addressing this problem along with several other
    upstream patches that fix various other problems.
    Traffic between NICs using the be2net driver now
    proceeds as expected.

  - A recent patch fixing a problem that prevented
    communication between NICs using the be2net driver
    caused the firmware of NICs to become unresponsive, and
    thus triggered a kernel panic. The problem was caused by
    unnecessary usage of a hardware workaround that allows
    skipping VLAN tag insertion. A patch has been applied
    and the workaround is now used only when the
    multi-channel configuration is enabled on the NIC. Note
    that the bug only affected the NICs with firmware
    version 4.2.xxxx.

  - A bug in the autofs4 mount expiration code could cause
    the autofs4 module to falsely report a busy tree of NFS
    mounts as 'not in use'. Consequently, automount
    attempted to unmount the tree and failed with a 'failed
    to umount offset' error, leaving the mount tree to
    appear as empty directories. A patch has been applied to
    remove an incorrectly used autofs dentry mount check and
    the aforementioned problem no longer occurs.

  - A race condition in the be_open function in the be2net
    driver could trigger the BUG_ON() macro, which resulted
    in a kernel panic. A patch addressing this problem has
    been applied and the race condition is now avoided by
    enabling polling before enabling interrupts globally.
    The kernel no longer panics in this situation.

The system must be rebooted for this update to take effect."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1309&L=scientific-linux-errata&T=0&P=1828
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?3b8f4250"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/09/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/28");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"kernel-2.6.18-348.18.1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-2.6.18-348.18.1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-debuginfo-2.6.18-348.18.1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-348.18.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-2.6.18-348.18.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-debuginfo-2.6.18-348.18.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-devel-2.6.18-348.18.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debuginfo-2.6.18-348.18.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debuginfo-common-2.6.18-348.18.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-devel-2.6.18-348.18.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-doc-2.6.18-348.18.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-headers-2.6.18-348.18.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-2.6.18-348.18.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-debuginfo-2.6.18-348.18.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-devel-2.6.18-348.18.1.el5")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxkernelp-cpe:/a:fermilab:scientific_linux:kernel
fermilabscientific_linuxkernel-paep-cpe:/a:fermilab:scientific_linux:kernel-pae
fermilabscientific_linuxkernel-pae-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-pae-debuginfo
fermilabscientific_linuxkernel-pae-develp-cpe:/a:fermilab:scientific_linux:kernel-pae-devel
fermilabscientific_linuxkernel-debugp-cpe:/a:fermilab:scientific_linux:kernel-debug
fermilabscientific_linuxkernel-debug-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo
fermilabscientific_linuxkernel-debug-develp-cpe:/a:fermilab:scientific_linux:kernel-debug-devel
fermilabscientific_linuxkernel-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debuginfo
fermilabscientific_linuxkernel-debuginfo-commonp-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common
fermilabscientific_linuxkernel-develp-cpe:/a:fermilab:scientific_linux:kernel-devel
Rows per page:
1-10 of 161

Related

nessus 45
oraclelinux 10
openvas 70
redhat 9
centos 4
veracode 12
debiancve 3
cve 3
prion 3
cvelist 3
amazon 2
ubuntucve 3
seebug 1
altlinux 2
threatpost 1
ubuntu 22
securityvulns 4
debian 1
osv 1
nessus
nessus
RHEL 5 : kernel (RHSA-2013:1292)
2013-09-27 00:00:00
Oracle Linux 5 : kernel (ELSA-2013-1292-1)
2013-09-28 00:00:00
Oracle Linux 5 : kernel (ELSA-2013-1292)
2013-09-28 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2013-09-27 00:00:00
kernel security and bug fix update
2013-09-26 00:00:00
unbreakable enterprise kernel security update
2013-10-18 00:00:00
openvas
openvas
CentOS Update for kernel CESA-2013:1292 centos5
2013-10-03 00:00:00
CentOS Update for kernel CESA-2013:1292 centos5
2013-10-03 00:00:00
Oracle: Security Advisory (ELSA-2013-1292-1)
2015-10-06 00:00:00
redhat
redhat
(RHSA-2013:1292) Moderate: kernel security and bug fix update
2013-09-26 00:00:00
(RHSA-2013:1436) Moderate: kernel security and bug fix update
2013-10-16 00:00:00
(RHSA-2013:1520) Moderate: kernel security, bug fix, and enhancement update
2013-11-14 00:00:00
centos
centos
kernel security update
2013-09-27 13:27:33
kernel, perf, python security update
2013-10-17 16:14:23
kernel, perf, python security update
2013-12-13 00:18:44
veracode
veracode
Information Disclosure
2019-05-02 04:52:18
Denial Of Service (DoS)
2019-05-02 04:41:23
Information Disclosure
2019-05-02 04:52:18
debiancve
debiancve
CVE-2013-2141
2013-06-07 14:03:00
CVE-2013-4162
2013-07-29 13:59:00
CVE-2012-3511
2012-10-04 03:28:00
cve
cve
CVE-2013-2141
2013-06-07 14:03:00
CVE-2013-4162
2013-07-29 13:59:00
CVE-2012-3511
2012-10-04 03:28:00
prion
prion
Design/Logic Flaw
2013-06-07 14:03:00
Information disclosure
2013-07-29 13:59:00
Race condition
2012-10-04 03:28:00
cvelist
cvelist
CVE-2013-4162
2013-07-28 18:00:00
CVE-2013-2141
2013-06-07 10:00:00
CVE-2012-3511
2012-10-03 10:00:00
amazon
amazon
Medium: kernel
2013-10-16 20:53:00
Medium: kernel
2012-11-20 06:34:00
ubuntucve
ubuntucve
CVE-2013-2141
2013-06-04 00:00:00
CVE-2013-4162
2013-07-29 00:00:00
CVE-2012-3511
2012-08-24 00:00:00
seebug
seebug
Linux Kernel 'madvise_remove()'函数本地拒绝服务漏洞
2012-08-26 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt12
2013-10-25 00:00:00
Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt16
2013-12-20 00:00:00
threatpost
threatpost
Linux Kernel Update Fixes DoS, Leakage Bugs
2013-09-30 16:35:10
ubuntu
ubuntu
Linux kernel vulnerabilities
2012-09-19 00:00:00
Linux kernel (EC2) vulnerabilities
2012-09-19 00:00:00
Linux kernel vulnerabilities
2013-07-04 00:00:00
securityvulns
securityvulns
[USN-1939-1] Linux kernel vulnerabilities
2013-09-09 00:00:00
[USN-1567-1] Linux kernel vulnerabilities
2012-09-18 00:00:00
Linux kernel multiple security vulnerabilities
2012-09-18 00:00:00
debian
debian
[SECURITY] [DSA 2745-1] linux security update
2013-08-29 05:16:38
osv
osv
linux - several
2013-08-28 00:00:00
JSON
Related for SL_20130926_KERNEL_ON_SL5_X.NASL
nessus45oraclelinux10openvas70redhat9centos4veracode12debiancve3cve3prion3cvelist3amazon2ubuntucve3seebug1altlinux2threatpost1ubuntu22securityvulns4debian1osv1