Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20150722_KERNEL_ON_SL6_X.NASL
HistoryAug 04, 2015 - 12:00 a.m.

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20150722)

2015-08-0400:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21
JSON

  • A flaw was found in the way Linux kernel’s Transparent Huge Pages (THP) implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugepages. (CVE-2014-3940, Moderate)

  • A buffer overflow flaw was found in the way the Linux kernel’s eCryptfs implementation decoded encrypted file names. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-9683, Moderate)

  • A race condition flaw was found between the chown and execve system calls. When changing the owner of a setuid user binary to root, the race condition could momentarily make the binary setuid root. A local, unprivileged user could potentially use this flaw to escalate their privileges on the system. (CVE-2015-3339, Moderate)

  • Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled HID reports with an invalid report descriptor size. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer. (CVE-2014-3184, Low)

  • An information leak flaw was found in the way the Linux kernel’s Advanced Linux Sound Architecture (ALSA) implementation handled access of the user control’s state. A local, privileged user could use this flaw to leak kernel memory to user space. (CVE-2014-4652, Low)

  • It was found that the espfix functionality could be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks), and using that segment on the stack. A local, unprivileged user could potentially use this flaw to leak kernel stack addresses. (CVE-2014-8133, Low)

  • An information leak flaw was found in the Linux kernel’s IEEE 802.11 wireless networking implementation. When software encryption was used, a remote attacker could use this flaw to leak up to 8 bytes of plaintext. (CVE-2014-8709, Low)

  • It was found that the Linux kernel KVM subsystem’s sysenter instruction emulation was not sufficient. An unprivileged guest user could use this flaw to escalate their privileges by tricking the hypervisor to emulate a SYSENTER instruction in 16-bit mode, if the guest OS did not initialize the SYSENTER model-specific registers (MSRs). Note: Certified guest operating systems for Scientific Linux with KVM do initialize the SYSENTER MSRs and are thus not vulnerable to this issue when running on a KVM hypervisor. (CVE-2015-0239, Low)

The system must be rebooted for this update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(85198);
  script_version("2.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2014-3184", "CVE-2014-3940", "CVE-2014-4652", "CVE-2014-8133", "CVE-2014-8709", "CVE-2014-9683", "CVE-2015-0239", "CVE-2015-3339");

  script_name(english:"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20150722)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"* A flaw was found in the way Linux kernel's Transparent Huge Pages
(THP) implementation handled non-huge page migration. A local,
unprivileged user could use this flaw to crash the kernel by migrating
transparent hugepages. (CVE-2014-3940, Moderate)

* A buffer overflow flaw was found in the way the Linux kernel's
eCryptfs implementation decoded encrypted file names. A local,
unprivileged user could use this flaw to crash the system or,
potentially, escalate their privileges on the system. (CVE-2014-9683,
Moderate)

* A race condition flaw was found between the chown and execve system
calls. When changing the owner of a setuid user binary to root, the
race condition could momentarily make the binary setuid root. A local,
unprivileged user could potentially use this flaw to escalate their
privileges on the system. (CVE-2015-3339, Moderate)

* Multiple out-of-bounds write flaws were found in the way the Cherry
Cymotion keyboard driver, KYE/Genius device drivers, Logitech device
drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote
control driver, and Sunplus wireless desktop driver handled HID
reports with an invalid report descriptor size. An attacker with
physical access to the system could use either of these flaws to write
data past an allocated memory buffer. (CVE-2014-3184, Low)

* An information leak flaw was found in the way the Linux kernel's
Advanced Linux Sound Architecture (ALSA) implementation handled access
of the user control's state. A local, privileged user could use this
flaw to leak kernel memory to user space. (CVE-2014-4652, Low)

* It was found that the espfix functionality could be bypassed by
installing a 16-bit RW data segment into GDT instead of LDT (which
espfix checks), and using that segment on the stack. A local,
unprivileged user could potentially use this flaw to leak kernel stack
addresses. (CVE-2014-8133, Low)

* An information leak flaw was found in the Linux kernel's IEEE 802.11
wireless networking implementation. When software encryption was used,
a remote attacker could use this flaw to leak up to 8 bytes of
plaintext. (CVE-2014-8709, Low)

* It was found that the Linux kernel KVM subsystem's sysenter
instruction emulation was not sufficient. An unprivileged guest user
could use this flaw to escalate their privileges by tricking the
hypervisor to emulate a SYSENTER instruction in 16-bit mode, if the
guest OS did not initialize the SYSENTER model-specific registers
(MSRs). Note: Certified guest operating systems for Scientific Linux
with KVM do initialize the SYSENTER MSRs and are thus not vulnerable
to this issue when running on a KVM hypervisor. (CVE-2015-0239, Low)

The system must be rebooted for this update to take effect."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1508&L=scientific-linux-errata&F=&S=&P=7966
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?e432e14d"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/06/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/07/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL6", reference:"kernel-2.6.32-573.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-abi-whitelists-2.6.32-573.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debug-2.6.32-573.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debug-debuginfo-2.6.32-573.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debug-devel-2.6.32-573.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debuginfo-2.6.32-573.el6")) flag++;
if (rpm_check(release:"SL6", cpu:"i386", reference:"kernel-debuginfo-common-i686-2.6.32-573.el6")) flag++;
if (rpm_check(release:"SL6", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-573.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-devel-2.6.32-573.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-doc-2.6.32-573.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-firmware-2.6.32-573.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-headers-2.6.32-573.el6")) flag++;
if (rpm_check(release:"SL6", reference:"perf-2.6.32-573.el6")) flag++;
if (rpm_check(release:"SL6", reference:"perf-debuginfo-2.6.32-573.el6")) flag++;
if (rpm_check(release:"SL6", reference:"python-perf-2.6.32-573.el6")) flag++;
if (rpm_check(release:"SL6", reference:"python-perf-debuginfo-2.6.32-573.el6")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxkernelp-cpe:/a:fermilab:scientific_linux:kernel
fermilabscientific_linuxkernel-abi-whitelistsp-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists
fermilabscientific_linuxkernel-debugp-cpe:/a:fermilab:scientific_linux:kernel-debug
fermilabscientific_linuxkernel-debug-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo
fermilabscientific_linuxkernel-debug-develp-cpe:/a:fermilab:scientific_linux:kernel-debug-devel
fermilabscientific_linuxkernel-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debuginfo
fermilabscientific_linuxkernel-debuginfo-common-i686p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686
fermilabscientific_linuxkernel-debuginfo-common-x86_64p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64
fermilabscientific_linuxkernel-develp-cpe:/a:fermilab:scientific_linux:kernel-devel
fermilabscientific_linuxkernel-docp-cpe:/a:fermilab:scientific_linux:kernel-doc
Rows per page:
1-10 of 171

Related

redhat 2
openvas 46
nessus 49
veracode 7
centos 2
oraclelinux 6
f5 13
debiancve 8
prion 8
cve 8
ubuntucve 8
ubuntu 23
securityvulns 3
fedora 6
suse 2
osv 3
debian 3
mageia 2
redhat
redhat
(RHSA-2015:1272) Moderate: kernel security, bug fix, and enhancement update
2015-07-22 00:00:00
(RHSA-2015:0290) Important: kernel security, bug fix, and enhancement update
2015-03-05 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2015-1272)
2015-10-06 00:00:00
RedHat Update for kernel RHSA-2015:1272-01
2015-07-23 00:00:00
Oracle: Security Advisory (ELSA-2015-3054)
2015-10-06 00:00:00
nessus
nessus
RHEL 6 : kernel (RHSA-2015:1272)
2015-07-23 00:00:00
CentOS 6 : kernel (CESA-2015:1272)
2015-07-28 00:00:00
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2015-3054)
2015-08-03 00:00:00
veracode
veracode
Privilege Escalation
2019-05-02 05:40:59
Buffer Overflow
2019-05-02 05:40:58
Privilege Escalation
2019-05-02 05:40:58
centos
centos
kernel, perf, python security update
2015-07-26 14:10:53
kernel, perf, python security update
2015-03-17 13:28:28
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2015-07-28 00:00:00
Unbreakable Enterprise kernel security update
2015-07-31 00:00:00
Unbreakable Enterprise kernel security update
2015-07-31 00:00:00
f5
f5
K16381 : Linux kernel vulnerability CVE-2014-9683
2015-04-09 00:00:00
SOL16381 - Linux kernel vulnerability CVE-2014-9683
2015-04-09 00:00:00
SOL15908 - Linux kernel mac80211 vulnerability CVE-2014-8709
2014-12-15 00:00:00
debiancve
debiancve
CVE-2014-9683
2015-03-03 11:59:00
CVE-2014-8709
2014-11-10 11:55:00
CVE-2014-4652
2014-07-03 04:22:00
prion
prion
Buffer overflow
2015-03-03 11:59:00
Race condition
2014-07-03 04:22:00
Race condition
2014-06-05 17:55:00
cve
cve
CVE-2014-9683
2015-03-03 11:59:00
CVE-2014-8709
2014-11-10 11:55:00
CVE-2014-8133
2014-12-17 11:59:00
ubuntucve
ubuntucve
CVE-2014-9683
2014-12-31 00:00:00
CVE-2014-8709
2014-11-10 00:00:00
CVE-2014-3184
2014-09-28 00:00:00
ubuntu
ubuntu
Linux kernel (Trusty HWE) vulnerability
2015-05-05 00:00:00
Linux kernel vulnerability
2015-05-05 00:00:00
Linux kernel (EC2) vulnerability
2015-04-30 00:00:00
securityvulns
securityvulns
[oss-security] CVE-2014-3940 - Linux kernel - missing check during hugepage migration
2014-06-17 00:00:00
[USN-2583-1] Linux kernel vulnerability
2015-05-05 00:00:00
[SECURITY] [DSA 3170-1] linux security update
2015-03-07 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: kernel-4.0.1-300.fc22
2015-05-03 17:22:47
[SECURITY] Fedora 21 Update: kernel-3.18.5-201.fc21
2015-02-06 04:00:35
[SECURITY] Fedora 21 Update: kernel-3.19.7-200.fc21
2015-05-12 20:41:10
suse
suse
kernel update for Evergreen 11.4 (important)
2014-12-31 11:06:28
Security update for Linux kernel (important)
2014-12-24 08:05:54
osv
osv
linux-2.6 - security update
2015-06-17 00:00:00
linux-2.6 - security update
2015-06-17 00:00:00
linux - security update
2015-02-23 00:00:00
debian
debian
[SECURITY] [DLA 246-1] linux-2.6 security update
2015-06-17 11:25:00
[SECURITY] [DLA 246-2] linux-2.6 regression update
2015-06-17 19:06:53
[SECURITY] [DSA 3170-1] linux security update
2015-02-23 17:42:49
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2015-05-13 20:18:54
Updated kernel packages fix security vulnerabilities
2015-05-11 23:10:38
JSON
Related for SL_20150722_KERNEL_ON_SL6_X.NASL
redhat2openvas46nessus49veracode7centos2oraclelinux6f513debiancve8prion8cve8ubuntucve8ubuntu23securityvulns3fedora6suse2osv3debian3mageia2