Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20160623_KERNEL_ON_SL7_X.NASL
HistoryJun 27, 2016 - 12:00 a.m.

Scientific Linux Security Update : kernel on SL7.x x86_64 (20160623)

2016-06-2700:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
48
JSON

To see the complete list of bug fixes, users are directed to the related Knowledge Article :

Security Fixes :

  • A flaw was found in the way certain interfaces of the Linux kernel’s Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system. (CVE-2016-4565, Important)

  • A race condition flaw was found in the way the Linux kernel’s SCTP implementation handled sctp_accept() during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a denial of service.
    (CVE-2015-8767, Moderate)

Bug Fixes :

  • When Small Computer System Interface (SCSI) devices were removed or deleted, a system crash could occur due to a race condition between listing all SCSI devices and SCSI device removal. The provided patch ensures that the starting node for the klist_iter_init_node() function is actually a member of the list before using it. As a result, a system crash no longer occurs in the described scenario.

  • This update offers a reworked series of patches for the resizable hash table (rhashtable) including a number of backported bug fixes and enhancements from upstream.

  • Previously, the same value of the mperf Model-Specific Register (MSR) read twice in a row could lead to a kernel panic due to the divide-by-zero error. The provided patch fixes this bug, and the kernel now handles two identical values of mperf gracefully.

  • When a transparent proxy application was running and the number of established connections on the computer exceeded one million, unrelated processes, such as curl or ssh, were unable to bind to a local IP on the box to initiate a connection. The provided patch fixes the cooperation of the REUSEADDR/NOREUSEADDR socket option, and thus prevents the local port from being exhausted.
    As a result, the aforementioned bug no longer occurs in the described scenario.

  • Previously, the kernel support for non-local bind for the IPv6 protocol was incomplete. As a consequence, an attempt to bind a socket to an IPv6 address that is not assigned to the host could fail. The provided patch includes changes in the ip_nonlocal_bind variable, which is now set to allow binding to an IPv6 address that is not assigned to the host. As a result, Linux servers are now able to bind to non-local IPv6 addresses as expected.

  • On some servers with a faster CPU, USB initialization could previously lead to a kernel hang during boot. If this inconvenience occurred when booting the second kernel during the kdump operation, the kdump service failed and the vmcore was lost. The provided upstream patch fixes this bug, and the kernel no longer hangs after USB initialization.

  • Previously, when running iperf servers using the mlx4_en module, a kernel panic occurred. The underlying source code has been fixed, and the kernel panic no longer occurs in the described scenario.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(91853);
  script_version("2.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2015-8767", "CVE-2016-4565");

  script_name(english:"Scientific Linux Security Update : kernel on SL7.x x86_64 (20160623)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"To see the complete list of bug fixes, users are directed to the
related Knowledge Article :

Security Fixes :

  - A flaw was found in the way certain interfaces of the
    Linux kernel's Infiniband subsystem used write() as
    bi-directional ioctl() replacement, which could lead to
    insufficient memory security checks when being invoked
    using the splice() system call. A local unprivileged
    user on a system with either Infiniband hardware present
    or RDMA Userspace Connection Manager Access module
    explicitly loaded, could use this flaw to escalate their
    privileges on the system. (CVE-2016-4565, Important)

  - A race condition flaw was found in the way the Linux
    kernel's SCTP implementation handled sctp_accept()
    during the processing of heartbeat timeout events. A
    remote attacker could use this flaw to prevent further
    connections to be accepted by the SCTP server running on
    the system, resulting in a denial of service.
    (CVE-2015-8767, Moderate)

Bug Fixes :

  - When Small Computer System Interface (SCSI) devices were
    removed or deleted, a system crash could occur due to a
    race condition between listing all SCSI devices and SCSI
    device removal. The provided patch ensures that the
    starting node for the klist_iter_init_node() function is
    actually a member of the list before using it. As a
    result, a system crash no longer occurs in the described
    scenario.

  - This update offers a reworked series of patches for the
    resizable hash table (rhashtable) including a number of
    backported bug fixes and enhancements from upstream.

  - Previously, the same value of the mperf Model-Specific
    Register (MSR) read twice in a row could lead to a
    kernel panic due to the divide-by-zero error. The
    provided patch fixes this bug, and the kernel now
    handles two identical values of mperf gracefully.

  - When a transparent proxy application was running and the
    number of established connections on the computer
    exceeded one million, unrelated processes, such as curl
    or ssh, were unable to bind to a local IP on the box to
    initiate a connection. The provided patch fixes the
    cooperation of the REUSEADDR/NOREUSEADDR socket option,
    and thus prevents the local port from being exhausted.
    As a result, the aforementioned bug no longer occurs in
    the described scenario.

  - Previously, the kernel support for non-local bind for
    the IPv6 protocol was incomplete. As a consequence, an
    attempt to bind a socket to an IPv6 address that is not
    assigned to the host could fail. The provided patch
    includes changes in the ip_nonlocal_bind variable, which
    is now set to allow binding to an IPv6 address that is
    not assigned to the host. As a result, Linux servers are
    now able to bind to non-local IPv6 addresses as
    expected.

  - On some servers with a faster CPU, USB initialization
    could previously lead to a kernel hang during boot. If
    this inconvenience occurred when booting the second
    kernel during the kdump operation, the kdump service
    failed and the vmcore was lost. The provided upstream
    patch fixes this bug, and the kernel no longer hangs
    after USB initialization.

  - Previously, when running iperf servers using the mlx4_en
    module, a kernel panic occurred. The underlying source
    code has been fixed, and the kernel panic no longer
    occurs in the described scenario."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1606&L=scientific-linux-errata&F=&S=&P=8312
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?99c37aad"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/06/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/27");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-3.10.0-327.22.2.el7")) flag++;
if (rpm_check(release:"SL7", reference:"kernel-abi-whitelists-3.10.0-327.22.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-327.22.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.10.0-327.22.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-327.22.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-3.10.0-327.22.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.0-327.22.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-327.22.2.el7")) flag++;
if (rpm_check(release:"SL7", reference:"kernel-doc-3.10.0-327.22.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-327.22.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-327.22.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-debuginfo-3.10.0-327.22.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-327.22.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-327.22.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-3.10.0-327.22.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-debuginfo-3.10.0-327.22.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-3.10.0-327.22.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-debuginfo-3.10.0-327.22.2.el7")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxkernelp-cpe:/a:fermilab:scientific_linux:kernel
fermilabscientific_linuxkernel-abi-whitelistsp-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists
fermilabscientific_linuxkernel-debugp-cpe:/a:fermilab:scientific_linux:kernel-debug
fermilabscientific_linuxkernel-debug-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo
fermilabscientific_linuxkernel-debug-develp-cpe:/a:fermilab:scientific_linux:kernel-debug-devel
fermilabscientific_linuxkernel-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debuginfo
fermilabscientific_linuxkernel-debuginfo-common-x86_64p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64
fermilabscientific_linuxkernel-develp-cpe:/a:fermilab:scientific_linux:kernel-devel
fermilabscientific_linuxkernel-docp-cpe:/a:fermilab:scientific_linux:kernel-doc
fermilabscientific_linuxkernel-headersp-cpe:/a:fermilab:scientific_linux:kernel-headers
Rows per page:
1-10 of 191

Related

redhat 11
centos 3
openvas 40
nessus 71
oraclelinux 14
cve 3
debiancve 2
prion 3
veracode 2
ubuntucve 2
redhatcve 1
f5 2
cloudfoundry 2
ubuntu 18
amazon 2
debian 3
osv 2
suse 16
ibm 1
fedora 1
redhat
redhat
(RHSA-2016:1277) Important: kernel security and bug fix update
2016-06-23 14:50:06
(RHSA-2016:1341) Important: kernel-rt security and bug fix update
2016-06-27 09:46:21
(RHSA-2016:1301) Important: kernel-rt security, bug fix, and enhancement update
2016-06-23 14:50:17
centos
centos
kernel, perf, python security update
2016-06-23 23:41:38
kernel, perf, python security update
2016-07-12 19:12:15
kernel, perf, python security update
2016-05-04 03:07:19
openvas
openvas
RedHat Update for kernel RHSA-2016:1277-01
2016-06-24 00:00:00
CentOS Update for kernel CESA-2016:1277 centos7
2016-06-24 00:00:00
Oracle Linux Local Check: ELSA-2016-3553
2016-05-09 00:00:00
nessus
nessus
RHEL 7 : kernel (RHSA-2016:1277)
2016-06-24 00:00:00
CentOS 7 : kernel (CESA-2016:1277)
2016-06-24 00:00:00
Oracle Linux 7 : kernel (ELSA-2016-1277)
2016-06-24 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2016-06-23 00:00:00
Unbreakable Enterprise kernel security update
2016-05-05 00:00:00
Unbreakable Enterprise kernel security update
2016-05-04 00:00:00
cve
cve
CVE-2015-8767
2016-02-08 03:59:00
CVE-2016-4565
2016-05-23 10:59:00
CVE-2016-2189
2016-05-17 15:59:00
debiancve
debiancve
CVE-2015-8767
2016-02-08 03:59:00
CVE-2016-4565
2016-05-23 10:59:00
prion
prion
Code injection
2016-02-08 03:59:00
Design/Logic Flaw
2016-05-23 10:59:00
Design/Logic Flaw
2016-05-17 15:59:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:12:31
Denial Of Service (DoS)
2019-05-02 05:35:00
ubuntucve
ubuntucve
CVE-2015-8767
2016-02-07 00:00:00
CVE-2016-4565
2016-05-23 00:00:00
redhatcve
redhatcve
CVE-2016-4565
2016-05-09 08:18:20
f5
f5
K02254805 : InfiniBand vulnerability in the Linux kernel CVE-2016-4565
2016-11-07 00:00:00
SOL02254805 - InfiniBand vulnerability in the Linux Kernel CVE-2016-4565
2016-11-07 00:00:00
cloudfoundry
cloudfoundry
USN-3083-1 Linux kernel vulnerabilities | Cloud Foundry
2016-09-28 00:00:00
USN-3001-1 Linux kernel (Vivid HWE) vulnerabilities | Cloud Foundry
2016-06-15 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2016-09-19 00:00:00
Linux kernel (Trusty HWE) vulnerabilities
2016-09-19 00:00:00
Linux kernel (OMAP4) vulnerabilities
2016-06-27 00:00:00
amazon
amazon
Medium: kernel
2016-02-09 13:30:00
Medium: kernel
2016-05-18 14:00:00
debian
debian
[SECURITY] [DSA 3448-1] linux security update
2016-01-19 12:40:10
[SECURITY] [DSA 3448-1] linux security update
2016-01-19 12:40:10
[SECURITY] [DLA 412-1] linux-2.6 security update
2016-02-06 15:28:06
osv
osv
linux-2.6 - security update
2016-02-06 00:00:00
linux - security update
2016-01-19 00:00:00
suse
suse
Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 (important)
2016-08-09 17:22:29
Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 (important)
2016-08-09 17:34:25
Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 (important)
2016-08-09 17:18:31
ibm
ibm
Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM
2018-06-18 01:33:24
fedora
fedora
[SECURITY] Fedora 22 Update: kernel-4.3.4-200.fc22
2016-02-01 06:34:15
JSON
Related for SL_20160623_KERNEL_ON_SL7_X.NASL
redhat11centos3openvas40nessus71oraclelinux14cve3debiancve2prion3veracode2ubuntucve2redhatcve1f52cloudfoundry2ubuntu18amazon2debian3osv2suse16ibm1fedora1