Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20150609_KERNEL_ON_SL6_X.NASL
HistoryJun 10, 2015 - 12:00 a.m.

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20150609)

2015-06-1000:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
JSON

  • It was found that the Linux kernel’s implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1805, Important)

  • A buffer overflow flaw was found in the way the Linux kernel’s Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AES-GCM mode IPSec security association. (CVE-2015-3331, Important)

  • An information leak flaw was found in the way the Linux kernel changed certain segment registers and thread-local storage (TLS) during a context switch. A local, unprivileged user could use this flaw to leak the user space TLS base address of an arbitrary process.
    (CVE-2014-9419, Low)

  • It was found that the Linux kernel’s ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service. (CVE-2014-9420, Low)

  • An information leak flaw was found in the way the Linux kernel’s Virtual Dynamic Shared Object (vDSO) implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space. (CVE-2014-9585, Low)

The system must be rebooted for this update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(84078);
  script_version("2.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2014-9419", "CVE-2014-9420", "CVE-2014-9585", "CVE-2015-1805", "CVE-2015-3331");

  script_name(english:"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20150609)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"* It was found that the Linux kernel's implementation of vectored pipe
read and write functionality did not take into account the I/O vectors
that were already processed when retrying after a failed atomic access
operation, potentially resulting in memory corruption due to an I/O
vector array overrun. A local, unprivileged user could use this flaw
to crash the system or, potentially, escalate their privileges on the
system. (CVE-2015-1805, Important)

* A buffer overflow flaw was found in the way the Linux kernel's Intel
AES-NI instructions optimized version of the RFC4106 GCM mode
decryption functionality handled fragmented packets. A remote attacker
could use this flaw to crash, or potentially escalate their privileges
on, a system over a connection with an active AES-GCM mode IPSec
security association. (CVE-2015-3331, Important)

* An information leak flaw was found in the way the Linux kernel
changed certain segment registers and thread-local storage (TLS)
during a context switch. A local, unprivileged user could use this
flaw to leak the user space TLS base address of an arbitrary process.
(CVE-2014-9419, Low)

* It was found that the Linux kernel's ISO file system implementation
did not correctly limit the traversal of Rock Ridge extension
Continuation Entries (CE). An attacker with physical access to the
system could use this flaw to trigger an infinite loop in the kernel,
resulting in a denial of service. (CVE-2014-9420, Low)

* An information leak flaw was found in the way the Linux kernel's
Virtual Dynamic Shared Object (vDSO) implementation performed address
randomization. A local, unprivileged user could use this flaw to leak
kernel memory addresses to user-space. (CVE-2014-9585, Low)

The system must be rebooted for this update to take effect."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1506&L=scientific-linux-errata&F=&S=&P=5447
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?8604f960"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/06/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/10");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL6", reference:"kernel-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-abi-whitelists-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debug-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debug-debuginfo-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debug-devel-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debuginfo-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"SL6", cpu:"i386", reference:"kernel-debuginfo-common-i686-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"SL6", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-devel-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-doc-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-firmware-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-headers-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"SL6", reference:"perf-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"SL6", reference:"perf-debuginfo-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"SL6", reference:"python-perf-2.6.32-504.23.4.el6")) flag++;
if (rpm_check(release:"SL6", reference:"python-perf-debuginfo-2.6.32-504.23.4.el6")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxkernelp-cpe:/a:fermilab:scientific_linux:kernel
fermilabscientific_linuxkernel-abi-whitelistsp-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists
fermilabscientific_linuxkernel-debugp-cpe:/a:fermilab:scientific_linux:kernel-debug
fermilabscientific_linuxkernel-debug-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo
fermilabscientific_linuxkernel-debug-develp-cpe:/a:fermilab:scientific_linux:kernel-debug-devel
fermilabscientific_linuxkernel-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debuginfo
fermilabscientific_linuxkernel-debuginfo-common-i686p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686
fermilabscientific_linuxkernel-debuginfo-common-x86_64p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64
fermilabscientific_linuxkernel-develp-cpe:/a:fermilab:scientific_linux:kernel-devel
fermilabscientific_linuxkernel-docp-cpe:/a:fermilab:scientific_linux:kernel-doc
Rows per page:
1-10 of 171

Related

nessus 57
redhat 15
centos 5
openvas 39
oraclelinux 9
securityvulns 1
suse 5
f5 11
debiancve 6
prion 6
veracode 9
ubuntucve 6
cve 6
threatpost 3
android 2
androidsecurity 1
mageia 1
osv 1
debian 1
ubuntu 10
amazon 1
thn 1
fedora 2
ibm 1
nessus
nessus
CentOS 6 : kernel (CESA-2015:1081)
2015-06-11 00:00:00
RHEL 6 : kernel (RHSA-2015:1081)
2015-06-10 00:00:00
Oracle Linux 6 : kernel (ELSA-2015-1081)
2015-06-10 00:00:00
redhat
redhat
(RHSA-2015:1081) Important: kernel security, bug fix, and enhancement update
2015-06-09 00:00:00
(RHSA-2015:1199) Important: kernel security and bug fix update
2015-06-30 00:00:00
(RHSA-2015:1042) Important: kernel security and bug fix update
2015-06-02 00:00:00
centos
centos
kernel, perf, python security update
2015-06-10 09:06:44
kernel, perf, python security update
2015-05-13 16:57:56
kernel security update
2015-06-03 01:55:17
openvas
openvas
RedHat Update for kernel RHSA-2015:1081-01
2015-06-10 00:00:00
CentOS Update for kernel CESA-2015:1081 centos6
2015-06-11 00:00:00
Oracle: Security Advisory (ELSA-2015-1081)
2015-10-06 00:00:00
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2015-06-09 00:00:00
Unbreakable Enterprise kernel security update
2015-06-10 00:00:00
Unbreakable Enterprise kernel security update
2015-06-10 00:00:00
securityvulns
securityvulns
Linux kernel multiple security vulnerabilities
2015-01-18 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2015-01-30 11:04:56
Security update for the Linux Kernel (important)
2015-04-13 14:17:21
Security update for Linux Kernel (important)
2015-04-13 14:04:48
f5
f5
SOL17543 - Linux kernel vulnerability CVE-2014-9420
2015-11-04 00:00:00
K17543 : Linux kernel vulnerability CVE-2014-9420
2015-11-05 00:00:00
SOL17241 - Linux kernel vulnerability CVE-2014-9585
2015-09-08 00:00:00
debiancve
debiancve
CVE-2014-9420
2014-12-26 00:59:00
CVE-2014-9585
2015-01-09 21:59:00
CVE-2014-9419
2014-12-26 00:59:00
prion
prion
Design/Logic Flaw
2014-12-26 00:59:00
Design/Logic Flaw
2014-12-26 00:59:00
Memory corruption
2015-01-09 21:59:00
veracode
veracode
Denial Of Service
2019-01-15 09:06:12
ASLR Bypass
2019-01-15 09:07:42
Denial Of Service (DoS)
2019-01-15 09:05:52
ubuntucve
ubuntucve
CVE-2014-9420
2014-12-25 00:00:00
CVE-2014-9419
2014-12-25 00:00:00
CVE-2014-9585
2015-01-09 00:00:00
cve
cve
CVE-2014-9419
2014-12-26 00:59:00
CVE-2014-9420
2014-12-26 00:59:00
CVE-2014-9585
2015-01-09 21:59:00
threatpost
threatpost
Android Rooting Application Emergency Patch
2016-03-23 07:00:46
April 2016 Google Android Nexus Security Bulletin
2016-04-04 14:00:22
Google Detects and Boots Tizi Spyware Off Google Play
2017-11-28 12:40:09
android
android
pipe inatomic
2015-06-06 00:00:00
CVE-2015-1805
2016-04-02 00:00:00
androidsecurity
androidsecurity
Android Security Advisory&hairsp;—&hairsp;2016-03-18
2016-03-18 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2015-01-07 18:14:58
osv
osv
linux-2.6 - security update
2015-02-18 00:00:00
debian
debian
[SECURITY] [DLA 155-1] linux-2.6 security update
2015-02-18 23:22:13
ubuntu
ubuntu
Linux kernel (Trusty HWE) vulnerabilities regression
2015-03-04 00:00:00
Linux kernel vulnerabilities regression
2015-03-04 00:00:00
Linux kernel vulnerability regression
2015-02-28 00:00:00
amazon
amazon
Medium: kernel
2015-05-14 14:27:00
thn
thn
First Android Malware Found Exploiting Dirty COW Linux Flaw to Gain Root Privileges
2017-09-26 02:52:00
fedora
fedora
[SECURITY] Fedora 21 Update: kernel-3.17.8-300.fc21
2015-01-11 02:58:06
[SECURITY] Fedora 21 Update: kernel-3.18.3-201.fc21
2015-01-26 02:31:22
ibm
ibm
Security Bulletin: PowerKVM is affected by Linux Kernel vulnerabilities (multiple CVEs)
2018-06-18 01:28:49
JSON
Related for SL_20150609_KERNEL_ON_SL6_X.NASL
nessus57redhat15centos5openvas39oraclelinux9securityvulns1suse5f511debiancve6prion6veracode9ubuntucve6cve6threatpost3android2androidsecurity1mageia1osv1debian1ubuntu10amazon1thn1fedora2ibm1