Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20160512_KERNEL_ON_SL7_X.NASL
HistoryMay 18, 2016 - 12:00 a.m.

Scientific Linux Security Update : kernel on SL7.x x86_64 (20160512)

2016-05-1800:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
86
JSON

Security Fix(es) :

  • A flaw was found in the way the Linux kernel’s ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system. (CVE-2016-0758, Important)

Bug Fix(es) :

  • Under certain conditions, the migration threads could race with the CPU hotplug, which could cause a deadlock.
    A set of patches has been provided to fix this bug, and the deadlock no longer occurs in the system.

  • A bug in the code that cleans up revoked delegations could previously cause a soft lockup in the NFS server.
    This patch fixes the underlying source code, so the lockup no longer occurs.

  • The second attempt to reload Common Application Programming Interface (CAPI) devices on the little-endian variant of IBM Power Systems previously failed. The provided set of patches fixes this bug, and reloading works as intended.

  • Due to inconsistencies in page size of IOMMU, the NVMe device, and the kernel, the BUG_ON signal previously occurred in the nvme_setup_prps() function, leading to the system crash while setting up the DMA transfer. The provided patch sets the default NVMe page size to 4k, thus preventing the system crash.

  • Previously, on a system using the Infiniband mlx5 driver used for the SRP stack, a hard lockup previously occurred after the kernel exceeded time with lock held with interrupts blocked. As a consequence, the system panicked. This update fixes this bug, and the system no longer panics in this situation.

  • On the little-endian variant of IBM Power Systems, the kernel previously crashed in the bitmap_weight() function while running the memory affinity script. The provided patch fortifies the topology setup and prevents sd->child from being set to NULL when it is already NULL. As a result, the memory affinity script runs successfully.

  • When a KVM guest wrote random values to the special-purpose registers (SPR) Instruction Authority Mask Register (IAMR), the guest and the corresponding QEMU process previously hung. This update adds the code which sets SPRs to a suitable neutral value on guest exit, thus fixing this bug.

  • Under heavy iSCSI traffic load, the system previously panicked due to a race in the locking code leading to a list corruption. This update fixes this bug, and the system no longer panics in this situation.

  • During SCSI exception handling (triggered by some irregularities), the driver could previously use an already retired SCSI command. As a consequence, a kernel panic or data corruption occurred. The provided patches fix this bug, and exception handling now proceeds successfully.

  • When the previously opened /dev/tty, which pointed to a pseudo terminal (pty) pair, was the last file closed, a kernel crash could previously occur. The underlying source code has been fixed, preventing this bug.

  • Previously, when using VPLEX and FCoE via the bnx2fc driver, different degrees of data corruption occurred.
    The provided patch fixes the FCP Response (RSP) residual parsing in bnx2fc, which prevents the aforementioned corruption.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(91215);
  script_version("2.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2016-0758");

  script_name(english:"Scientific Linux Security Update : kernel on SL7.x x86_64 (20160512)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Security Fix(es) :

  - A flaw was found in the way the Linux kernel's ASN.1 DER
    decoder processed certain certificate files with tags of
    indefinite length. A local, unprivileged user could use
    a specially crafted X.509 certificate DER file to crash
    the system or, potentially, escalate their privileges on
    the system. (CVE-2016-0758, Important)

Bug Fix(es) :

  - Under certain conditions, the migration threads could
    race with the CPU hotplug, which could cause a deadlock.
    A set of patches has been provided to fix this bug, and
    the deadlock no longer occurs in the system.

  - A bug in the code that cleans up revoked delegations
    could previously cause a soft lockup in the NFS server.
    This patch fixes the underlying source code, so the
    lockup no longer occurs.

  - The second attempt to reload Common Application
    Programming Interface (CAPI) devices on the
    little-endian variant of IBM Power Systems previously
    failed. The provided set of patches fixes this bug, and
    reloading works as intended.

  - Due to inconsistencies in page size of IOMMU, the NVMe
    device, and the kernel, the BUG_ON signal previously
    occurred in the nvme_setup_prps() function, leading to
    the system crash while setting up the DMA transfer. The
    provided patch sets the default NVMe page size to 4k,
    thus preventing the system crash.

  - Previously, on a system using the Infiniband mlx5 driver
    used for the SRP stack, a hard lockup previously
    occurred after the kernel exceeded time with lock held
    with interrupts blocked. As a consequence, the system
    panicked. This update fixes this bug, and the system no
    longer panics in this situation.

  - On the little-endian variant of IBM Power Systems, the
    kernel previously crashed in the bitmap_weight()
    function while running the memory affinity script. The
    provided patch fortifies the topology setup and prevents
    sd->child from being set to NULL when it is already
    NULL. As a result, the memory affinity script runs
    successfully.

  - When a KVM guest wrote random values to the
    special-purpose registers (SPR) Instruction Authority
    Mask Register (IAMR), the guest and the corresponding
    QEMU process previously hung. This update adds the code
    which sets SPRs to a suitable neutral value on guest
    exit, thus fixing this bug.

  - Under heavy iSCSI traffic load, the system previously
    panicked due to a race in the locking code leading to a
    list corruption. This update fixes this bug, and the
    system no longer panics in this situation.

  - During SCSI exception handling (triggered by some
    irregularities), the driver could previously use an
    already retired SCSI command. As a consequence, a kernel
    panic or data corruption occurred. The provided patches
    fix this bug, and exception handling now proceeds
    successfully.

  - When the previously opened /dev/tty, which pointed to a
    pseudo terminal (pty) pair, was the last file closed, a
    kernel crash could previously occur. The underlying
    source code has been fixed, preventing this bug.

  - Previously, when using VPLEX and FCoE via the bnx2fc
    driver, different degrees of data corruption occurred.
    The provided patch fixes the FCP Response (RSP) residual
    parsing in bnx2fc, which prevents the aforementioned
    corruption."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1605&L=scientific-linux-errata&F=&S=&P=5024
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?7cb3f1a8"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/05/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/18");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-3.10.0-327.18.2.el7")) flag++;
if (rpm_check(release:"SL7", reference:"kernel-abi-whitelists-3.10.0-327.18.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-327.18.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.10.0-327.18.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-327.18.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-3.10.0-327.18.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.0-327.18.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-327.18.2.el7")) flag++;
if (rpm_check(release:"SL7", reference:"kernel-doc-3.10.0-327.18.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-327.18.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-327.18.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-debuginfo-3.10.0-327.18.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-327.18.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-327.18.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-3.10.0-327.18.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-debuginfo-3.10.0-327.18.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-3.10.0-327.18.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-debuginfo-3.10.0-327.18.2.el7")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxkernelp-cpe:/a:fermilab:scientific_linux:kernel
fermilabscientific_linuxkernel-abi-whitelistsp-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists
fermilabscientific_linuxkernel-debugp-cpe:/a:fermilab:scientific_linux:kernel-debug
fermilabscientific_linuxkernel-debug-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo
fermilabscientific_linuxkernel-debug-develp-cpe:/a:fermilab:scientific_linux:kernel-debug-devel
fermilabscientific_linuxkernel-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debuginfo
fermilabscientific_linuxkernel-debuginfo-common-x86_64p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64
fermilabscientific_linuxkernel-develp-cpe:/a:fermilab:scientific_linux:kernel-devel
fermilabscientific_linuxkernel-docp-cpe:/a:fermilab:scientific_linux:kernel-doc
fermilabscientific_linuxkernel-headersp-cpe:/a:fermilab:scientific_linux:kernel-headers
Rows per page:
1-10 of 191

Related

prion 1
openvas 24
nessus 44
android 1
ubuntu 11
veracode 1
cve 1
debiancve 1
hp 2
oraclelinux 4
redhatcve 1
cloudfoundry 1
redhat 3
ubuntucve 1
centos 1
fedora 3
suse 23
amazon 1
mageia 3
ibm 1
androidsecurity 1
lenovo 1
prion
prion
Integer overflow
2016-06-27 10:59:00
openvas
openvas
CentOS Update for kernel CESA-2016:1033 centos7
2016-05-17 00:00:00
Ubuntu Update for linux-lts-vivid USN-2977-1
2016-05-17 00:00:00
Ubuntu Update for linux-lts-trusty USN-2975-2
2016-05-17 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : Linux kernel vulnerability (USN-2975-1)
2016-05-17 00:00:00
Ubuntu 15.10 : linux-raspi2 vulnerability (USN-2978-3)
2016-05-17 00:00:00
Ubuntu 12.04 LTS : linux-lts-trusty vulnerability (USN-2975-2)
2016-05-17 00:00:00
android
android
CVE-2016-0758
2016-10-01 00:00:00
ubuntu
ubuntu
Linux kernel (Utopic HWE) vulnerability
2016-05-16 00:00:00
Linux kernel (Trusty HWE) vulnerability
2016-05-16 00:00:00
Linux kernel (Raspberry Pi 2) vulnerability
2016-05-16 00:00:00
veracode
veracode
Privilege Escalation
2019-01-15 09:11:38
cve
cve
CVE-2016-0758
2016-06-27 10:59:00
debiancve
debiancve
CVE-2016-0758
2016-06-27 10:59:00
hp
hp
HPSBHF3548 rev.2 - Linux Kernel Flaw, ASN.1 DER decoder for x509 certificate DER files
2016-06-01 00:00:00
HPSBHF03436 rev.2 - HP Thin Client with ThinPro OS, running Linux, Local Elevated Privileges
2016-02-26 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2016-05-12 00:00:00
Unbreakable Enterprise kernel security update
2016-05-16 00:00:00
kernel security and bug fix update
2016-06-23 00:00:00
redhatcve
redhatcve
CVE-2016-0758
2016-05-12 07:18:20
cloudfoundry
cloudfoundry
USN-2977-1 Linux kernel (Vivid HWE) vulnerabilities | Cloud Foundry
2016-05-19 00:00:00
redhat
redhat
(RHSA-2016:1055) Important: kernel-rt security and bug fix update
2016-05-12 07:36:33
(RHSA-2016:1051) Important: kernel-rt security, bug fix, and enhancement update
2016-05-12 07:29:41
(RHSA-2016:1033) Important: kernel security and bug fix update
2016-05-12 07:29:32
ubuntucve
ubuntucve
CVE-2016-0758
2016-05-12 00:00:00
centos
centos
kernel, perf, python security update
2016-05-13 00:44:04
fedora
fedora
[SECURITY] Fedora 24 Update: kernel-4.5.5-300.fc24
2016-05-24 18:08:16
[SECURITY] Fedora 22 Update: kernel-4.4.10-200.fc22
2016-05-25 00:54:31
[SECURITY] Fedora 23 Update: kernel-4.5.5-201.fc23
2016-06-02 15:04:03
suse
suse
Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 (important)
2016-08-09 17:34:25
Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 (important)
2016-08-09 17:22:29
Security update for Linux Kernel Live Patch 13 for SLE 12 (important)
2016-08-09 17:19:35
amazon
amazon
Medium: kernel
2016-05-18 14:00:00
mageia
mageia
Update request kernel-linus-4.4.26-1 fixes security issues
2016-11-04 10:58:56
Updated kernel packages fix security vulnerabilities
2016-06-13 18:55:41
Updated kernel-tmb packages fix security vulnerabilities
2016-06-22 22:08:04
ibm
ibm
Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM
2018-06-18 01:33:24
androidsecurity
androidsecurity
Android Security Bulletinβ€”October 2016
2016-10-03 00:00:00
lenovo
lenovo
AMI MegaRAC SP-X BMC Vulnerabilities - Lenovo Support US
2020-04-13 19:22:04
JSON
Related for SL_20160512_KERNEL_ON_SL7_X.NASL
prion1openvas24nessus44android1ubuntu11veracode1cve1debiancve1hp2oraclelinux4redhatcve1cloudfoundry1redhat3ubuntucve1centos1fedora3suse23amazon1mageia3ibm1androidsecurity1lenovo1