Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20131121_KERNEL_ON_SL6_X.NASL
HistoryDec 17, 2013 - 12:00 a.m.

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20131121)

2013-12-1700:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
36
JSON

This update fixes the following security issues :

  • A flaw was found in the way the Linux kernel’s IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload (UFO) feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-4387, Important)

  • A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled (/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to ‘2’), an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. (CVE-2013-0343, Moderate)

  • A flaw was found in the way the Linux kernel handled HID (Human Interface Device) reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system.
    (CVE-2013-2888, Moderate)

  • An off-by-one flaw was found in the way the ANSI CPRNG implementation in the Linux kernel processed non-block size aligned requests. This could lead to random numbers being generated with less bits of entropy than expected when ANSI CPRNG was used. (CVE-2013-4345, Moderate)

  • It was found that the fix for CVE-2012-2375 released via SLSA-2012:1580 accidentally removed a check for small-sized result buffers. A local, unprivileged user with access to an NFSv4 mount with ACL support could use this flaw to crash the system or, potentially, escalate their privileges on the system . (CVE-2013-4591, Moderate)

  • A flaw was found in the way IOMMU memory mappings were handled when moving memory slots. A malicious user on a KVM host who has the ability to assign a device to a guest could use this flaw to crash the host.
    (CVE-2013-4592, Moderate)

  • Heap-based buffer overflow flaws were found in the way the Zeroplus and Pantherlord/GreenAsia game controllers handled HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system.
    (CVE-2013-2889, CVE-2013-2892, Moderate)

  • Two information leak flaws were found in the logical link control (LLC) implementation in the Linux kernel. A local, unprivileged user could use these flaws to leak kernel stack memory to user space. (CVE-2012-6542, CVE-2013-3231, Low)

  • A heap-based buffer overflow in the way the tg3 Ethernet driver parsed the vital product data (VPD) of devices could allow an attacker with physical access to a system to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1929, Low)

  • Information leak flaws in the Linux kernel could allow a privileged, local user to leak kernel memory to user space. (CVE-2012-6545, CVE-2013-1928, CVE-2013-2164, CVE-2013-2234, Low)

  • A format string flaw was found in the Linux kernel’s block layer. A privileged, local user could potentially use this flaw to escalate their privileges to kernel level (ring0). (CVE-2013-2851, Low)

The system must be rebooted for this update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(71490);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2012-2375", "CVE-2012-6542", "CVE-2012-6545", "CVE-2013-0343", "CVE-2013-1928", "CVE-2013-1929", "CVE-2013-2164", "CVE-2013-2234", "CVE-2013-2851", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2892", "CVE-2013-3231", "CVE-2013-4345", "CVE-2013-4387", "CVE-2013-4591", "CVE-2013-4592");

  script_name(english:"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20131121)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update fixes the following security issues :

  - A flaw was found in the way the Linux kernel's IPv6
    implementation handled certain UDP packets when the UDP
    Fragmentation Offload (UFO) feature was enabled. A
    remote attacker could use this flaw to crash the system
    or, potentially, escalate their privileges on the
    system. (CVE-2013-4387, Important)

  - A flaw was found in the way the Linux kernel handled the
    creation of temporary IPv6 addresses. If the IPv6
    privacy extension was enabled
    (/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'),
    an attacker on the local network could disable IPv6
    temporary address generation, leading to a potential
    information disclosure. (CVE-2013-0343, Moderate)

  - A flaw was found in the way the Linux kernel handled HID
    (Human Interface Device) reports with an out-of-bounds
    Report ID. An attacker with physical access to the
    system could use this flaw to crash the system or,
    potentially, escalate their privileges on the system.
    (CVE-2013-2888, Moderate)

  - An off-by-one flaw was found in the way the ANSI CPRNG
    implementation in the Linux kernel processed non-block
    size aligned requests. This could lead to random numbers
    being generated with less bits of entropy than expected
    when ANSI CPRNG was used. (CVE-2013-4345, Moderate)

  - It was found that the fix for CVE-2012-2375 released via
    SLSA-2012:1580 accidentally removed a check for
    small-sized result buffers. A local, unprivileged user
    with access to an NFSv4 mount with ACL support could use
    this flaw to crash the system or, potentially, escalate
    their privileges on the system . (CVE-2013-4591,
    Moderate)

  - A flaw was found in the way IOMMU memory mappings were
    handled when moving memory slots. A malicious user on a
    KVM host who has the ability to assign a device to a
    guest could use this flaw to crash the host.
    (CVE-2013-4592, Moderate)

  - Heap-based buffer overflow flaws were found in the way
    the Zeroplus and Pantherlord/GreenAsia game controllers
    handled HID reports. An attacker with physical access to
    the system could use these flaws to crash the system or,
    potentially, escalate their privileges on the system.
    (CVE-2013-2889, CVE-2013-2892, Moderate)

  - Two information leak flaws were found in the logical
    link control (LLC) implementation in the Linux kernel. A
    local, unprivileged user could use these flaws to leak
    kernel stack memory to user space. (CVE-2012-6542,
    CVE-2013-3231, Low)

  - A heap-based buffer overflow in the way the tg3 Ethernet
    driver parsed the vital product data (VPD) of devices
    could allow an attacker with physical access to a system
    to cause a denial of service or, potentially, escalate
    their privileges. (CVE-2013-1929, Low)

  - Information leak flaws in the Linux kernel could allow a
    privileged, local user to leak kernel memory to user
    space. (CVE-2012-6545, CVE-2013-1928, CVE-2013-2164,
    CVE-2013-2234, Low)

  - A format string flaw was found in the Linux kernel's
    block layer. A privileged, local user could potentially
    use this flaw to escalate their privileges to kernel
    level (ring0). (CVE-2013-2851, Low)

The system must be rebooted for this update to take effect."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1312&L=scientific-linux-errata&T=0&P=4785
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?25b616af"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/11/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/17");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL6", reference:"kernel-2.6.32-431.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-abi-whitelists-2.6.32-431.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debug-2.6.32-431.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debug-debuginfo-2.6.32-431.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debug-devel-2.6.32-431.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debuginfo-2.6.32-431.el6")) flag++;
if (rpm_check(release:"SL6", cpu:"i386", reference:"kernel-debuginfo-common-i686-2.6.32-431.el6")) flag++;
if (rpm_check(release:"SL6", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-431.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-devel-2.6.32-431.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-doc-2.6.32-431.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-firmware-2.6.32-431.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-headers-2.6.32-431.el6")) flag++;
if (rpm_check(release:"SL6", reference:"perf-2.6.32-431.el6")) flag++;
if (rpm_check(release:"SL6", reference:"perf-debuginfo-2.6.32-431.el6")) flag++;
if (rpm_check(release:"SL6", reference:"python-perf-2.6.32-431.el6")) flag++;
if (rpm_check(release:"SL6", reference:"python-perf-debuginfo-2.6.32-431.el6")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxkernelp-cpe:/a:fermilab:scientific_linux:kernel
fermilabscientific_linuxkernel-abi-whitelistsp-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists
fermilabscientific_linuxkernel-debugp-cpe:/a:fermilab:scientific_linux:kernel-debug
fermilabscientific_linuxkernel-debug-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo
fermilabscientific_linuxkernel-debug-develp-cpe:/a:fermilab:scientific_linux:kernel-debug-devel
fermilabscientific_linuxkernel-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debuginfo
fermilabscientific_linuxkernel-debuginfo-common-i686p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686
fermilabscientific_linuxkernel-debuginfo-common-x86_64p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64
fermilabscientific_linuxkernel-develp-cpe:/a:fermilab:scientific_linux:kernel-devel
fermilabscientific_linuxkernel-docp-cpe:/a:fermilab:scientific_linux:kernel-doc
Rows per page:
1-10 of 171

References

Related

nessus 38
veracode 17
centos 3
redhat 6
openvas 69
oraclelinux 8
securityvulns 1
ubuntu 20
altlinux 1
osv 1
debian 1
threatpost 1
fedora 7
suse 2
prion 6
ubuntucve 7
cve 5
debiancve 6
nessus
nessus
RHEL 6 : kernel (RHSA-2013:1645)
2013-11-21 00:00:00
CentOS 6 : kernel (CESA-2013:1645)
2014-11-12 00:00:00
Oracle Linux 6 : Oracle / Linux / 6 / kernel (ELSA-2013-1645)
2013-11-27 00:00:00
veracode
veracode
Sensitive Information Disclosure
2019-05-02 04:59:00
Denial Of Service (DoS)
2019-05-02 04:59:08
Denial Of Service (DoS)
2019-05-02 04:59:09
centos
centos
kernel, perf, python security update
2013-11-26 13:32:01
kernel security update
2013-10-23 00:10:49
kernel security update
2013-07-10 15:50:41
redhat
redhat
(RHSA-2013:1645) Important: Red Hat Enterprise Linux 6 kernel update
2013-11-21 00:00:00
(RHSA-2013:1527) Important: rhev-hypervisor6 security and bug fix update
2013-11-21 00:00:00
(RHSA-2014:0284) Important: kernel security and bug fix update
2014-03-11 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2013-1645)
2015-10-06 00:00:00
Oracle: Security Advisory (ELSA-2013-2585)
2015-10-06 00:00:00
Oracle: Security Advisory (ELSA-2013-2584)
2015-10-06 00:00:00
oraclelinux
oraclelinux
Oracle Linux 6 kernel update
2013-11-25 00:00:00
Unbreakable Enterprise Kernel security update
2013-11-28 00:00:00
Unbreakable Enterprise Kernel security update
2013-11-28 00:00:00
securityvulns
securityvulns
USN-1976-1] Linux kernel vulnerabilities
2013-10-01 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2013-09-30 00:00:00
Linux kernel (EC2) vulnerabilities
2013-09-30 00:00:00
Linux kernel vulnerabilities
2013-07-29 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt13
2013-11-24 00:00:00
osv
osv
linux-2.6 - several
2013-09-27 00:00:00
debian
debian
[SECURITY] [DSA 2766-1] linux-2.6 security update
2013-09-27 23:24:02
threatpost
threatpost
Linux Kernel Update Fixes DoS, Leakage Bugs
2013-09-30 16:35:10
fedora
fedora
[SECURITY] Fedora 19 Update: kernel-3.11.4-201.fc19
2013-10-14 07:12:01
[SECURITY] Fedora 19 Update: kernel-3.11.4-201.fc19
2013-10-14 17:18:54
[SECURITY] Fedora 19 Update: kernel-3.11.6-201.fc19
2013-11-05 02:59:47
suse
suse
Security update for Linux kernel (important)
2013-09-21 01:04:16
Security update for Linux kernel (important)
2013-09-21 00:04:17
prion
prion
Buffer overflow
2013-11-20 13:19:00
Memory corruption
2013-11-20 13:19:00
Design/Logic Flaw
2013-03-15 20:55:00
ubuntucve
ubuntucve
CVE-2013-4591
2013-11-20 00:00:00
CVE-2013-4592
2013-11-20 00:00:00
CVE-2012-6542
2013-03-07 00:00:00
cve
cve
CVE-2013-4591
2013-11-20 13:19:00
CVE-2013-4592
2013-11-20 13:19:00
CVE-2012-6542
2013-03-15 20:55:00
debiancve
debiancve
CVE-2013-4591
2013-11-20 13:19:00
CVE-2012-6545
2013-03-15 20:55:00
CVE-2013-4592
2013-11-20 13:19:00
JSON
Related for SL_20131121_KERNEL_ON_SL6_X.NASL
nessus38veracode17centos3redhat6openvas69oraclelinux8securityvulns1ubuntu20altlinux1osv1debian1threatpost1fedora7suse2prion6ubuntucve7cve5debiancve6