Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20161028_KERNEL_ON_SL5_X.NASL
HistoryOct 31, 2016 - 12:00 a.m.

Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20161028) (Dirty COW)

2016-10-3100:00:00
This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
JSON

Security Fix(es) :

  • A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
    (CVE-2016-5195, Important)

  • It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially use this flaw to escalate their privileges on the system. (CVE-2016-1583, Important)

Bug Fix(es) :

  • In some cases, a kernel crash or file system corruption occurred when running journal mode ‘ordered’. The kernel crash was caused by a NULL pointer dereference due to a race condition between two journal functions. The file system corruption occurred due to a race condition between the do_get_write_access() function and buffer writeout. This update fixes both race conditions. As a result, neither the kernel crash, nor the file system corruption now occur.

  • Prior to this update, some Global File System 2 (GFS2) files had incorrect time stamp values due to two problems with handling time stamps of such files. The first problem concerned the atime time stamp, which ended up with an arbitrary value ahead of the actual value, when a GFS2 file was accessed. The second problem was related to the mtime and ctime time stamp updates, which got lost when a GFS2 file was written to from one node and read from or written to from another node. With this update, a set of patches has been applied that fix these problems. As a result, the time stamps of GFS2 files are now handled correctly.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(94432);
  script_version("2.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/03/08");

  script_cve_id("CVE-2016-1583", "CVE-2016-5195");
  script_xref(name:"IAVA", value:"2016-A-0306-S");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/24");

  script_name(english:"Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20161028) (Dirty COW)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Scientific Linux host is missing one or more security
updates.");
  script_set_attribute(attribute:"description", value:
"Security Fix(es) :

  - A race condition was found in the way the Linux kernel's
    memory subsystem handled the copy-on-write (COW)
    breakage of private read-only memory mappings. An
    unprivileged, local user could use this flaw to gain
    write access to otherwise read-only memory mappings and
    thus increase their privileges on the system.
    (CVE-2016-5195, Important)

  - It was found that stacking a file system over procfs in
    the Linux kernel could lead to a kernel stack overflow
    due to deep nesting, as demonstrated by mounting
    ecryptfs over procfs and creating a recursion by mapping
    /proc/environ. An unprivileged, local user could
    potentially use this flaw to escalate their privileges
    on the system. (CVE-2016-1583, Important)

Bug Fix(es) :

  - In some cases, a kernel crash or file system corruption
    occurred when running journal mode 'ordered'. The kernel
    crash was caused by a NULL pointer dereference due to a
    race condition between two journal functions. The file
    system corruption occurred due to a race condition
    between the do_get_write_access() function and buffer
    writeout. This update fixes both race conditions. As a
    result, neither the kernel crash, nor the file system
    corruption now occur.

  - Prior to this update, some Global File System 2 (GFS2)
    files had incorrect time stamp values due to two
    problems with handling time stamps of such files. The
    first problem concerned the atime time stamp, which
    ended up with an arbitrary value ahead of the actual
    value, when a GFS2 file was accessed. The second problem
    was related to the mtime and ctime time stamp updates,
    which got lost when a GFS2 file was written to from one
    node and read from or written to from another node. With
    this update, a set of patches has been applied that fix
    these problems. As a result, the time stamps of GFS2
    files are now handled correctly.");
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1610&L=scientific-linux-errata&F=&S=&P=6706
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cedd55a3");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/06/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/10/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/10/31");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Scientific Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2016-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"kernel-2.6.18-416.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-2.6.18-416.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-debuginfo-2.6.18-416.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-416.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-2.6.18-416.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-debuginfo-2.6.18-416.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-devel-2.6.18-416.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debuginfo-2.6.18-416.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debuginfo-common-2.6.18-416.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-devel-2.6.18-416.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-doc-2.6.18-416.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-headers-2.6.18-416.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-2.6.18-416.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-debuginfo-2.6.18-416.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-devel-2.6.18-416.el5")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxkernelp-cpe:/a:fermilab:scientific_linux:kernel
fermilabscientific_linuxkernel-paep-cpe:/a:fermilab:scientific_linux:kernel-pae
fermilabscientific_linuxkernel-pae-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-pae-debuginfo
fermilabscientific_linuxkernel-pae-develp-cpe:/a:fermilab:scientific_linux:kernel-pae-devel
fermilabscientific_linuxkernel-debugp-cpe:/a:fermilab:scientific_linux:kernel-debug
fermilabscientific_linuxkernel-debug-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo
fermilabscientific_linuxkernel-debug-develp-cpe:/a:fermilab:scientific_linux:kernel-debug-devel
fermilabscientific_linuxkernel-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debuginfo
fermilabscientific_linuxkernel-debuginfo-commonp-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common
fermilabscientific_linuxkernel-develp-cpe:/a:fermilab:scientific_linux:kernel-devel
Rows per page:
1-10 of 161

Related

centos 3
nessus 55
oraclelinux 10
redhat 11
openvas 33
cisa 1
suse 9
ibm 7
canvas 1
f5 2
saint 4
archlinux 3
ubuntu 12
cve 2
packetstorm 2
altlinux 1
threatpost 1
myhack58 1
android 2
fedora 3
attackerkb 1
zdt 8
slackware 1
cert 1
cisco 1
arista 1
securelist 1
thn 3
paloalto 1
debiancve 2
chrome 1
veracode 2
seebug 2
ubuntucve 2
huawei 1
redhatcve 1
fortinet 1
prion 2
vmware 2
amazon 1
cisa_kev 1
centos
centos
kernel security update
2016-10-28 13:34:09
kernel, perf, python security update
2016-10-26 07:33:13
kernel, perf, python security update
2016-10-25 11:17:10
nessus
nessus
Oracle Linux 5 : ELSA-2016-2124-1: / kernel (ELSA-2016-21241)
2023-09-07 00:00:00
CentOS 5 : kernel (CESA-2016:2124) (Dirty COW)
2016-10-31 00:00:00
RHEL 5 : kernel (RHSA-2016:2124) (Dirty COW)
2016-10-31 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2016-10-28 00:00:00
kernel security and bug fix update
2016-10-28 00:00:00
kernel security and bug fix update
2016-11-15 00:00:00
redhat
redhat
(RHSA-2016:2124) Important: kernel security and bug fix update
2016-10-28 00:00:00
(RHSA-2016:2132) Important: kernel security and bug fix update
2016-11-01 10:16:02
(RHSA-2016:2127) Important: kernel security update
2016-10-31 00:00:00
openvas
openvas
CentOS Update for kernel CESA-2016:2124 centos5
2016-11-08 00:00:00
RedHat Update for kernel RHSA-2016:2124-01
2016-11-08 00:00:00
Ubuntu: Security Advisory (USN-3107-2)
2016-12-05 00:00:00
cisa
cisa
Linux Kernel Vulnerability
2016-10-21 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2016-10-24 17:08:24
Security update for Linux Kernel Live Patch 15 for SLE 12 (important)
2016-10-27 01:06:19
Security update for the Linux Kernel (important)
2016-06-16 15:07:58
ibm
ibm
Security Bulletin: Dirty COW Vulnerability (CVE-2016-5195)
2018-12-08 04:55:34
Security Bulletin: IBM Flex System Manager (FSM) is affected by a kernel vulnerability
2018-06-18 01:34:54
Security Bulletin: Linux kernel privesc Dirty COW vulnerability affects Tivoli Business Service Manager (CVE-2016-5195)
2018-06-17 15:32:54
canvas
canvas
Immunity Canvas: LINUX_FOLL_WRITE_COW
2016-11-10 21:59:00
f5
f5
SOL10558632 - Linux privilege-escalation vulnerability (Dirty COW) CVE-2016-5195
2016-10-21 00:00:00
K10558632 : Linux privilege-escalation vulnerability CVE-2016-5195
2016-10-21 00:00:00
saint
saint
Linux Dirty COW Local File Overwrite
2016-10-27 00:00:00
Linux Dirty COW Local File Overwrite
2016-10-27 00:00:00
Linux Dirty COW Local File Overwrite
2016-10-27 00:00:00
archlinux
archlinux
[ASA-201610-11] linux-lts: privilege escalation
2016-10-21 00:00:00
[ASA-201610-14] linux: privilege escalation
2016-10-22 00:00:00
[ASA-201610-16] linux-grsec: privilege escalation
2016-10-24 00:00:00
ubuntu
ubuntu
Linux kernel (Raspberry Pi 2) vulnerability
2016-10-20 00:00:00
Linux kernel vulnerability
2016-10-20 00:00:00
Linux kernel (Trusty HWE) vulnerability
2016-10-20 00:00:00
cve
cve
CVE-2016-5195
2016-11-10 21:59:00
CVE-2016-1583
2016-06-27 10:59:00
packetstorm
packetstorm
Linux Kernel Dirty COW PTRACE_POKEDATA Privilege Escalation
2016-11-28 00:00:00
Linux Kernel Dirty COW PTRACE_POKEDATA Privilege Escalation
2016-11-25 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package kernel-image-std-def version 1:3.14.79-alt0.M70P.2
2016-10-25 00:00:00
threatpost
threatpost
Serious Dirty Cow Linux Vulnerability Under Attack
2016-10-21 11:21:36
myhack58
myhack58
CVE-2 0 1 6-5 1 9 5 dirty cattle vulnerability: the Linux kernel through kill to mention the right vulnerability-vulnerability warning-the black bar safety net
2016-10-21 00:00:00
android
android
dirtyc0w
2016-10-13 00:00:00
CVE-2016-5195
2016-11-01 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: kernel-4.7.9-100.fc23
2016-10-23 22:49:20
[SECURITY] Fedora 24 Update: kernel-4.7.9-200.fc24
2016-10-22 17:20:39
[SECURITY] Fedora 25 Update: kernel-4.8.3-300.fc25
2016-10-22 12:53:27
attackerkb
attackerkb
CVE-2016-5195
2016-11-10 00:00:00
zdt
zdt
Linux Kernel 2.6.22 < 3.9 - Dirty COW /proc/self/mem Race Condition Privilege Escalation (/etc/pa
2016-11-29 00:00:00
Linux Kernel 2.6.22 < 3.9 (x86/x64) - 'Dirty COW' Race Condition Privilege Escalation
2016-10-22 00:00:00
Linux Kernel 2.6.22 < 3.9 - Dirty COW /proc/self/mem Race Condition Privilege Escalation (/etc/pa
2016-11-30 00:00:00
slackware
slackware
[slackware-security] kernel
2016-11-01 03:40:05
cert
cert
Linux kernel memory subsystem copy on write mechanism contains a race condition vulnerability
2016-10-21 00:00:00
cisco
cisco
Vulnerability in Linux Kernel Affecting Cisco Products: October 2016
2016-10-26 15:00:00
arista
arista
Security Advisory 0026
2016-10-21 00:00:00
securelist
securelist
Mobile malware evolution 2019
2020-02-25 10:00:43
thn
thn
Dirty COW — Critical Linux Kernel Flaw Being Exploited in the Wild
2016-10-20 23:02:00
'Exodus' Surveillance Malware Found Targeting Apple iOS Users
2019-04-09 07:19:00
First Android Malware Found Exploiting Dirty COW Linux Flaw to Gain Root Privileges
2017-09-26 02:52:00
paloalto
paloalto
Kernel Vulnerability
2017-02-21 19:30:00
debiancve
debiancve
CVE-2016-5195
2016-11-10 21:59:00
CVE-2016-1583
2016-06-27 10:59:00
chrome
chrome
Stable Channel Update for Chrome OS
2016-10-26 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:14:05
Denial Of Service (DoS)
2019-01-15 09:14:03
seebug
seebug
"Huge Dirty COW" (CVE-2017–1000405)
2017-11-30 00:00:00
Linux kernel 2.6.22 < 3.9 elevation of privilege vulnerability (Dirty COW)
2016-10-22 00:00:00
ubuntucve
ubuntucve
CVE-2016-5195
2016-10-19 00:00:00
CVE-2016-1583
2016-06-08 00:00:00
huawei
huawei
Security Advisory - Dirty COW Vulnerability in Huawei Products
2016-12-07 00:00:00
redhatcve
redhatcve
CVE-2016-1583
2016-06-10 16:25:33
fortinet
fortinet
Linux Kernel Dirty Cow Vulnerability
2016-11-09 00:00:00
prion
prion
Race condition
2016-11-10 21:59:00
Design/Logic Flaw
2016-06-27 10:59:00
vmware
vmware
VMware product updates address local privilege escalation vulnerability in Linux kernel
2016-11-09 00:00:00
VMware product updates address local privilege escalation vulnerability in Linux kernel
2016-11-09 00:00:00
amazon
amazon
Critical: kernel
2016-10-20 04:11:00
cisa_kev
cisa_kev
Linux Kernel Race Condition Vulnerability
2022-03-03 00:00:00
JSON
Related for SL_20161028_KERNEL_ON_SL5_X.NASL
centos3nessus55oraclelinux10redhat11openvas33cisa1suse9ibm7canvas1f52saint4archlinux3ubuntu12cve2packetstorm2altlinux1threatpost1myhack581android2fedora3attackerkb1zdt8slackware1cert1cisco1arista1securelist1thn3paloalto1debiancve2chrome1veracode2seebug2ubuntucve2huawei1redhatcve1fortinet1prion2vmware2amazon1cisa_kev1