Scientific Linux Security Update: Kernel CVE-2014-7822 (20150210) fixes file system flaw, race condition, and metadata corruption bug
Reporter | Title | Published | Views | Family All 99 |
---|---|---|---|---|
Tenable Nessus | Oracle Linux 5 : ELSA-2015-0164-1: / kernel (ELSA-2015-01641) | 7 Sep 202300:00 | – | nessus |
Tenable Nessus | RHEL 5 : kernel (RHSA-2015:0164) | 11 Feb 201500:00 | – | nessus |
Tenable Nessus | F5 Networks BIG-IP : Linux kernel vulnerability (SOL17237) | 9 Sep 201500:00 | – | nessus |
Tenable Nessus | CentOS 5 : kernel (CESA-2015:0164) | 11 Feb 201500:00 | – | nessus |
Tenable Nessus | Amazon Linux AMI : kernel (ALAS-2015-476) | 13 Feb 201500:00 | – | nessus |
Tenable Nessus | Oracle Linux 5 : kernel (ELSA-2015-0164) | 12 Feb 201500:00 | – | nessus |
Tenable Nessus | Ubuntu 12.04 LTS : linux vulnerabilities (USN-2541-1) | 25 Mar 201500:00 | – | nessus |
Tenable Nessus | Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2543-1) | 25 Mar 201500:00 | – | nessus |
Tenable Nessus | Oracle Linux 6 : kernel (ELSA-2015-0674) | 12 Mar 201500:00 | – | nessus |
Tenable Nessus | Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20150311) | 13 Mar 201500:00 | – | nessus |
Source | Link |
---|---|
cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
nessus | www.nessus.org/u |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(81308);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2014-7822");
script_name(english:"Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20150210)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
" - A flaw was found in the way the Linux kernel's splice()
system call validated its parameters. On certain file
systems, a local, unprivileged user could use this flaw
to write past the maximum file size, and thus crash the
system. (CVE-2014-7822, Moderate)
This update also fixes the following bugs :
- Previously, hot-unplugging of a virtio-blk device could
in some cases lead to a kernel panic, for example during
in-flight I/O requests. This update fixes race condition
in the hot-unplug code in the virtio_blk.ko module. As a
result, hot unplugging of the virtio-blk device no
longer causes the guest kernel oops when there are
in-flight I/O requests.
- Before this update, due to a bug in the error-handling
path, a corrupted metadata block could be used as a
valid block. With this update, the error handling path
has been fixed and more checks have been added to verify
the metadata block. Now, when a corrupted metadata block
is encountered, it is properly marked as corrupted and
handled accordingly.
- Previously, an incorrectly initialized variable resulted
in a random value being stored in the variable that
holds the number of default ACLs, and is sent in the
SET_PATH_INFO data structure. Consequently, the setfacl
command could, under certain circumstances, fail with an
'Invalid argument' error. With this update, the variable
is correctly initialized to zero, thus fixing the bug.
The system must be rebooted for this update to take effect."
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1502&L=scientific-linux-errata&T=0&P=901
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?173e2366"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-devel");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/03/16");
script_set_attribute(attribute:"patch_publication_date", value:"2015/02/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL5", reference:"kernel-2.6.18-402.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-2.6.18-402.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-debuginfo-2.6.18-402.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-402.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-2.6.18-402.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-debuginfo-2.6.18-402.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-devel-2.6.18-402.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debuginfo-2.6.18-402.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debuginfo-common-2.6.18-402.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-devel-2.6.18-402.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-doc-2.6.18-402.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-headers-2.6.18-402.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-2.6.18-402.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-debuginfo-2.6.18-402.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-devel-2.6.18-402.el5")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo