Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20160915_KERNEL_ON_SL7_X.NASL
HistorySep 16, 2016 - 12:00 a.m.

Scientific Linux Security Update : kernel on SL7.x x86_64 (20160915)

2016-09-1600:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

Security Fix(es) :

  • A security flaw was found in the Linux kernel in the mark_source_chains() function in ‘net/ipv4/netfilter/ip_tables.c’. It is possible for a user-supplied ‘ipt_entry’ structure to have a large ‘next_offset’ field. This field is not bounds checked prior to writing to a counter value at the supplied offset. (CVE-2016-3134, Important)

  • A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitrary kernel memory when unloading a kernel module. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges. (CVE-2016-4997, Important)

  • An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt(). The function call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw in privileged container environments. (CVE-2016-4998, Moderate)

Bug Fix(es) :

  • In some cases, running the ipmitool command caused a kernel panic due to a race condition in the ipmi message handler. This update fixes the race condition, and the kernel panic no longer occurs in the described scenario.

  • Previously, running I/O-intensive operations in some cases caused the system to terminate unexpectedly after a NULL pointer dereference in the kernel. With this update, a set of patches has been applied to the 3w-9xxx and 3w-sas drivers that fix this bug. As a result, the system no longer crashes in the described scenario.

  • Previously, the Stream Control Transmission Protocol (SCTP) sockets did not inherit the SELinux labels properly. As a consequence, the sockets were labeled with the unlabeled_t SELinux type which caused SCTP connections to fail. The underlying source code has been modified, and SCTP connections now works as expected.

  • Previously, the bnx2x driver waited for transmission completions when recovering from a parity event, which substantially increased the recovery time. With this update, bnx2x does not wait for transmission completion in the described circumstances. As a result, the recovery of bnx2x after a parity event now takes less time.

Enhancement(s) :

  • With this update, the audit subsystem enables filtering of processes by name besides filtering by PID. Users can now audit by executable name (with the ‘-F exe=<path-to-executable>’ option), which allows expression of many new audit rules. This functionality can be used to create events when specific applications perform a syscall.

  • With this update, the Nonvolatile Memory Express (NVMe) and the multi- queue block layer (blk_mq) have been upgraded to the Linux 4.5 upstream version. Previously, a race condition between timeout and freeing request in blk_mq occurred, which could affect the blk_mq_tag_to_rq() function and consequently a kernel oops could occur. The provided patch fixes this race condition by updating the tags with the active request.
    The patch simplifies blk_mq_tag_to_rq() and ensures that the two requests are not active at the same time.

  • The Hyper-V storage driver (storvsc) has been upgraded from upstream. This update provides moderate performance improvement of I/O operations when using storvscr for certain workloads.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(93557);
  script_version("2.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2016-3134", "CVE-2016-4997", "CVE-2016-4998");

  script_name(english:"Scientific Linux Security Update : kernel on SL7.x x86_64 (20160915)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Security Fix(es) :

  - A security flaw was found in the Linux kernel in the
    mark_source_chains() function in
    'net/ipv4/netfilter/ip_tables.c'. It is possible for a
    user-supplied 'ipt_entry' structure to have a large
    'next_offset' field. This field is not bounds checked
    prior to writing to a counter value at the supplied
    offset. (CVE-2016-3134, Important)

  - A flaw was discovered in processing setsockopt for 32
    bit processes on 64 bit systems. This flaw will allow
    attackers to alter arbitrary kernel memory when
    unloading a kernel module. This action is usually
    restricted to root-privileged users but can also be
    leveraged if the kernel is compiled with CONFIG_USER_NS
    and CONFIG_NET_NS and the user is granted elevated
    privileges. (CVE-2016-4997, Important)

  - An out-of-bounds heap memory access leading to a Denial
    of Service, heap disclosure, or further impact was found
    in setsockopt(). The function call is normally
    restricted to root, however some processes with
    cap_sys_admin may also be able to trigger this flaw in
    privileged container environments. (CVE-2016-4998,
    Moderate)

Bug Fix(es) :

  - In some cases, running the ipmitool command caused a
    kernel panic due to a race condition in the ipmi message
    handler. This update fixes the race condition, and the
    kernel panic no longer occurs in the described scenario.

  - Previously, running I/O-intensive operations in some
    cases caused the system to terminate unexpectedly after
    a NULL pointer dereference in the kernel. With this
    update, a set of patches has been applied to the 3w-9xxx
    and 3w-sas drivers that fix this bug. As a result, the
    system no longer crashes in the described scenario.

  - Previously, the Stream Control Transmission Protocol
    (SCTP) sockets did not inherit the SELinux labels
    properly. As a consequence, the sockets were labeled
    with the unlabeled_t SELinux type which caused SCTP
    connections to fail. The underlying source code has been
    modified, and SCTP connections now works as expected.

  - Previously, the bnx2x driver waited for transmission
    completions when recovering from a parity event, which
    substantially increased the recovery time. With this
    update, bnx2x does not wait for transmission completion
    in the described circumstances. As a result, the
    recovery of bnx2x after a parity event now takes less
    time.

Enhancement(s) :

  - With this update, the audit subsystem enables filtering
    of processes by name besides filtering by PID. Users can
    now audit by executable name (with the '-F
    exe=<path-to-executable>' option), which allows
    expression of many new audit rules. This functionality
    can be used to create events when specific applications
    perform a syscall.

  - With this update, the Nonvolatile Memory Express (NVMe)
    and the multi- queue block layer (blk_mq) have been
    upgraded to the Linux 4.5 upstream version. Previously,
    a race condition between timeout and freeing request in
    blk_mq occurred, which could affect the
    blk_mq_tag_to_rq() function and consequently a kernel
    oops could occur. The provided patch fixes this race
    condition by updating the tags with the active request.
    The patch simplifies blk_mq_tag_to_rq() and ensures that
    the two requests are not active at the same time.

  - The Hyper-V storage driver (storvsc) has been upgraded
    from upstream. This update provides moderate performance
    improvement of I/O operations when using storvscr for
    certain workloads."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1609&L=scientific-linux-errata&F=&S=&P=1852
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?f8ec1283"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/04/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/09/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/16");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-3.10.0-327.36.1.el7")) flag++;
if (rpm_check(release:"SL7", reference:"kernel-abi-whitelists-3.10.0-327.36.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-327.36.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.10.0-327.36.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-327.36.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-3.10.0-327.36.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.0-327.36.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-327.36.1.el7")) flag++;
if (rpm_check(release:"SL7", reference:"kernel-doc-3.10.0-327.36.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-327.36.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-327.36.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-debuginfo-3.10.0-327.36.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-327.36.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-327.36.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-3.10.0-327.36.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-debuginfo-3.10.0-327.36.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-3.10.0-327.36.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-debuginfo-3.10.0-327.36.1.el7")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxkernelp-cpe:/a:fermilab:scientific_linux:kernel
fermilabscientific_linuxkernel-abi-whitelistsp-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists
fermilabscientific_linuxkernel-debugp-cpe:/a:fermilab:scientific_linux:kernel-debug
fermilabscientific_linuxkernel-debug-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo
fermilabscientific_linuxkernel-debug-develp-cpe:/a:fermilab:scientific_linux:kernel-debug-devel
fermilabscientific_linuxkernel-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debuginfo
fermilabscientific_linuxkernel-debuginfo-common-x86_64p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64
fermilabscientific_linuxkernel-develp-cpe:/a:fermilab:scientific_linux:kernel-devel
fermilabscientific_linuxkernel-docp-cpe:/a:fermilab:scientific_linux:kernel-doc
fermilabscientific_linuxkernel-headersp-cpe:/a:fermilab:scientific_linux:kernel-headers
Rows per page:
1-10 of 191

Related

nessus 61
redhat 4
openvas 45
oraclelinux 8
suse 23
centos 2
ibm 2
fedora 5
amazon 2
f5 1
prion 3
ubuntucve 3
redhatcve 2
cve 3
veracode 3
debiancve 3
android 1
packetstorm 2
zdt 3
exploitpack 1
metasploit 1
exploitdb 2
ubuntu 15
mageia 3
cloudfoundry 1
nessus
nessus
RHEL 6 : MRG (RHSA-2016:1883)
2016-09-15 00:00:00
EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1048)
2017-05-01 00:00:00
SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:1709-1)
2016-08-29 00:00:00
redhat
redhat
(RHSA-2016:1883) Important: kernel-rt security and bug fix update
2016-09-14 14:42:27
(RHSA-2016:1847) Important: kernel security, bug fix, and enhancement update
2016-09-14 14:34:54
(RHSA-2016:1875) Important: kernel-rt security and bug fix update
2016-09-14 14:34:58
openvas
openvas
RedHat Update for kernel RHSA-2016:1847-01
2016-09-16 00:00:00
CentOS Update for kernel CESA-2016:1847 centos7
2016-09-20 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2016-1048)
2020-01-23 00:00:00
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2016-09-14 00:00:00
Unbreakable Enterprise kernel security update
2016-09-22 00:00:00
Unbreakable Enterprise kernel security update
2016-09-22 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2016-06-30 21:07:43
Security update for the Linux Kernel (important)
2016-06-30 21:09:07
Security update for Linux Kernel Live Patch 9 for SLE 12 (important)
2016-10-26 03:09:01
centos
centos
kernel, perf, python security update
2016-09-19 15:43:06
kernel, perf, python security update
2017-01-12 15:47:38
ibm
ibm
Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM
2018-06-18 01:34:02
Security Bulletin: Vulnerability in kernel affects Power Hardware Management Console (‪CVE-2016-3134‬‬)
2021-09-23 01:31:39
fedora
fedora
[SECURITY] Fedora 22 Update: kernel-4.4.14-200.fc22
2016-07-19 07:20:52
[SECURITY] Fedora 24 Update: kernel-4.6.3-300.fc24
2016-06-30 21:30:47
[SECURITY] Fedora 23 Update: kernel-4.4.6-300.fc23
2016-03-23 22:28:42
amazon
amazon
Medium: kernel
2016-06-24 22:21:00
Medium: kernel
2016-04-27 16:15:00
f5
f5
K74171196 : Linux kernel vulnerability CVE-2016-4998
2017-02-22 00:00:00
prion
prion
Out-of-bounds
2016-07-03 21:59:00
Memory corruption
2016-07-03 21:59:00
Memory corruption
2016-04-27 17:59:00
ubuntucve
ubuntucve
CVE-2016-4998
2016-06-24 00:00:00
CVE-2016-3134
2016-03-09 00:00:00
CVE-2016-4997
2016-06-24 00:00:00
redhatcve
redhatcve
CVE-2016-4998
2016-06-27 06:49:23
CVE-2016-4997
2016-06-27 06:49:15
cve
cve
CVE-2016-4997
2016-07-03 21:59:00
CVE-2016-4998
2016-07-03 21:59:00
CVE-2016-3134
2016-04-27 17:59:00
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:14:51
Denial Of Service (DoS)
2019-01-15 09:13:33
Denial Of Service (DoS)
2019-05-02 05:49:27
debiancve
debiancve
CVE-2016-4998
2016-07-03 21:59:00
CVE-2016-3134
2016-04-27 17:59:00
CVE-2016-4997
2016-07-03 21:59:00
android
android
CVE-2016-3134
2016-09-01 00:00:00
packetstorm
packetstorm
Linux Kernel 4.6.3 Netfilter Privilege Escalation
2016-11-23 00:00:00
Linux Kernel 4.6.3 Netfilter Privilege Escalation
2016-09-27 00:00:00
zdt
zdt
Linux Kernel 4.6.3 Netfilter Privilege Escalation Vulnerability
2016-09-27 00:00:00
Linux Kernel 4.6.3 Netfilter Privilege Escalation Exploit
2016-11-24 00:00:00
Linux Kernel 3.10 / 3.18 / 4.4 - Netfilter IPT_SO_SET_REPLACE Memory Corruption
2016-03-09 00:00:00
exploitpack
exploitpack
Linux Kernel 4.6.2 (Ubuntu 16.04.1) - IP6T_SO_SET_REPLACE Local Privilege Escalation
2016-10-10 00:00:00
metasploit
metasploit
Linux Kernel 4.6.3 Netfilter Privilege Escalation
2016-11-18 18:52:09
exploitdb
exploitdb
Linux Kernel 4.6.2 (Ubuntu 16.04.1) - &#039;IP6T_SO_SET_REPLACE&#039; Local Privilege Escalation
2016-10-10 00:00:00
Linux Kernel 4.6.3 (x86) - &#039;Netfilter&#039; Local Privilege Escalation (Metasploit)
2016-09-27 00:00:00
ubuntu
ubuntu
Linux kernel regression
2017-06-29 00:00:00
Linux kernel vulnerabilities
2017-06-21 00:00:00
Linux kernel (Raspberry Pi 2) vulnerabilities
2016-06-27 00:00:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2016-08-31 18:32:33
Updated kernel-tmb packages fix security vulnerabilities
2016-08-31 18:32:33
Updated kernel packages fix security vulnerability
2016-07-31 23:39:13
cloudfoundry
cloudfoundry
USN 3020-1 Linux kernel (Vivid HWE) vulnerabilities | Cloud Foundry
2016-07-01 00:00:00
JSON
Related for SL_20160915_KERNEL_ON_SL7_X.NASL
nessus61redhat4openvas45oraclelinux8suse23centos2ibm2fedora5amazon2f51prion3ubuntucve3redhatcve2cve3veracode3debiancve3android1packetstorm2zdt3exploitpack1metasploit1exploitdb2ubuntu15mageia3cloudfoundry1