Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20170117_KERNEL_ON_SL7_X.NASL
HistoryJan 18, 2017 - 12:00 a.m.

Scientific Linux Security Update : kernel on SL7.x x86_64 (20170117)

2017-01-1800:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
JSON

To see the complete list of bug fixes, users are directed to the related Knowledge Article :

Security Fix(es) :

  • A use-after-free vulnerability was found in the kernel’s socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important)

  • A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions.
    This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection.
    (CVE-2016-6828, Moderate)

  • A flaw was found in the Linux kernel’s implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash. (CVE-2016-9555, Moderate)

Bug Fix(es) :

  • Previously, the performance of Internet Protocol over InfiniBand (IPoIB) was suboptimal due to a conflict of IPoIB with the Generic Receive Offload (GRO) infrastructure. With this update, the data cached by the IPoIB driver has been moved from a control block into the IPoIB hard header, thus avoiding the GRO problem and the corruption of IPoIB address information. As a result, the performance of IPoIB has been improved.

  • Previously, when a virtual machine (VM) with PCI-Passthrough interfaces was recreated, a race condition between the eventfd daemon and the virqfd daemon occurred. Consequently, the operating system rebooted. This update fixes the race condition. As a result, the operating system no longer reboots in the described situation.

  • Previously, a packet loss occurred when the team driver in round-robin mode was sending a large number of packets. This update fixes counting of the packets in the round-robin runner of the team driver, and the packet loss no longer occurs in the described situation.

  • Previously, the virtual network devices contained in the deleted namespace could be deleted in any order. If the loopback device was not deleted as the last item, other netns devices, such as vxlan devices, could end up with dangling references to the loopback device.
    Consequently, deleting a network namespace (netns) occasionally ended by a kernel oops. With this update, the underlying source code has been fixed to ensure the correct order when deleting the virtual network devices on netns deletion. As a result, the kernel oops no longer occurs under the described circumstances.

  • Previously, a Kabylake system with a Sunrise Point Platform Controller Hub (PCH) with a PCI device ID of 0xA149 showed the following warning messages during the boot :

‘Unknown Intel PCH (0xa149) detected.’ ‘Warning: Intel Kabylake processor with unknown PCH - this hardware has not undergone testing …’

The messages were shown because this PCH was not properly recognized.
With this update, the problem has been fixed, and the operating system now boots without displaying the warning messages.

  • Previously, the operating system occasionally became unresponsive after a long run. This was caused by a race condition between the try_to_wake_up() function and a woken up task in the core scheduler. With this update, the race condition has been fixed, and the operating system no longer locks up in the described scenario.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(96599);
  script_version("3.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2016-6828", "CVE-2016-7117", "CVE-2016-9555");

  script_name(english:"Scientific Linux Security Update : kernel on SL7.x x86_64 (20170117)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"To see the complete list of bug fixes, users are directed to the
related Knowledge Article :

Security Fix(es) :

  - A use-after-free vulnerability was found in the kernel's
    socket recvmmsg subsystem. This may allow remote
    attackers to corrupt memory and may allow execution of
    arbitrary code. This corruption takes place during the
    error handling routines within __sys_recvmmsg()
    function. (CVE-2016-7117, Important)

  - A use-after-free vulnerability was found in
    tcp_xmit_retransmit_queue and other tcp_* functions.
    This condition could allow an attacker to send an
    incorrect selective acknowledgment to existing
    connections, possibly resetting a connection.
    (CVE-2016-6828, Moderate)

  - A flaw was found in the Linux kernel's implementation of
    the SCTP protocol. A remote attacker could trigger an
    out-of-bounds read with an offset of up to 64kB
    potentially causing the system to crash. (CVE-2016-9555,
    Moderate)

Bug Fix(es) :

  - Previously, the performance of Internet Protocol over
    InfiniBand (IPoIB) was suboptimal due to a conflict of
    IPoIB with the Generic Receive Offload (GRO)
    infrastructure. With this update, the data cached by the
    IPoIB driver has been moved from a control block into
    the IPoIB hard header, thus avoiding the GRO problem and
    the corruption of IPoIB address information. As a
    result, the performance of IPoIB has been improved.

  - Previously, when a virtual machine (VM) with
    PCI-Passthrough interfaces was recreated, a race
    condition between the eventfd daemon and the virqfd
    daemon occurred. Consequently, the operating system
    rebooted. This update fixes the race condition. As a
    result, the operating system no longer reboots in the
    described situation.

  - Previously, a packet loss occurred when the team driver
    in round-robin mode was sending a large number of
    packets. This update fixes counting of the packets in
    the round-robin runner of the team driver, and the
    packet loss no longer occurs in the described situation.

  - Previously, the virtual network devices contained in the
    deleted namespace could be deleted in any order. If the
    loopback device was not deleted as the last item, other
    netns devices, such as vxlan devices, could end up with
    dangling references to the loopback device.
    Consequently, deleting a network namespace (netns)
    occasionally ended by a kernel oops. With this update,
    the underlying source code has been fixed to ensure the
    correct order when deleting the virtual network devices
    on netns deletion. As a result, the kernel oops no
    longer occurs under the described circumstances.

  - Previously, a Kabylake system with a Sunrise Point
    Platform Controller Hub (PCH) with a PCI device ID of
    0xA149 showed the following warning messages during the
    boot :

'Unknown Intel PCH (0xa149) detected.' 'Warning: Intel Kabylake
processor with unknown PCH - this hardware has not undergone testing
...'

The messages were shown because this PCH was not properly recognized.
With this update, the problem has been fixed, and the operating system
now boots without displaying the warning messages.

  - Previously, the operating system occasionally became
    unresponsive after a long run. This was caused by a race
    condition between the try_to_wake_up() function and a
    woken up task in the core scheduler. With this update,
    the race condition has been fixed, and the operating
    system no longer locks up in the described scenario."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1701&L=scientific-linux-errata&F=&S=&P=9762
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?27df62d7"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/10/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/01/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/18");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-3.10.0-514.6.1.el7")) flag++;
if (rpm_check(release:"SL7", reference:"kernel-abi-whitelists-3.10.0-514.6.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-3.10.0-514.6.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-debuginfo-3.10.0-514.6.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debug-devel-3.10.0-514.6.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-3.10.0-514.6.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-3.10.0-514.6.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-devel-3.10.0-514.6.1.el7")) flag++;
if (rpm_check(release:"SL7", reference:"kernel-doc-3.10.0-514.6.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-headers-3.10.0-514.6.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-3.10.0-514.6.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-debuginfo-3.10.0-514.6.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-3.10.0-514.6.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"kernel-tools-libs-devel-3.10.0-514.6.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-3.10.0-514.6.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"perf-debuginfo-3.10.0-514.6.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-3.10.0-514.6.1.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"python-perf-debuginfo-3.10.0-514.6.1.el7")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxkernelp-cpe:/a:fermilab:scientific_linux:kernel
fermilabscientific_linuxkernel-abi-whitelistsp-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists
fermilabscientific_linuxkernel-debugp-cpe:/a:fermilab:scientific_linux:kernel-debug
fermilabscientific_linuxkernel-debug-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo
fermilabscientific_linuxkernel-debug-develp-cpe:/a:fermilab:scientific_linux:kernel-debug-devel
fermilabscientific_linuxkernel-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debuginfo
fermilabscientific_linuxkernel-debuginfo-common-x86_64p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64
fermilabscientific_linuxkernel-develp-cpe:/a:fermilab:scientific_linux:kernel-devel
fermilabscientific_linuxkernel-docp-cpe:/a:fermilab:scientific_linux:kernel-doc
fermilabscientific_linuxkernel-headersp-cpe:/a:fermilab:scientific_linux:kernel-headers
Rows per page:
1-10 of 191

Related

oraclelinux 12
nessus 63
redhat 13
openvas 36
centos 4
ibm 3
suse 24
prion 3
redhatcve 2
cve 3
debiancve 3
ubuntu 8
arista 1
fedora 4
zdt 1
packetstorm 1
f5 4
veracode 3
android 2
amazon 1
ubuntucve 3
exploitpack 1
broadcom 1
exploitdb 1
mageia 1
cloudfoundry 1
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2017-01-17 00:00:00
kernel security and bug fix update
2017-01-10 00:00:00
Unbreakable Enterprise kernel security update
2016-12-09 00:00:00
nessus
nessus
RHEL 7 : kernel (RHSA-2017:0086)
2017-01-18 00:00:00
Oracle Linux 7 : kernel (ELSA-2017-0086)
2017-01-18 00:00:00
CentOS 7 : kernel (CESA-2017:0086)
2017-01-20 00:00:00
redhat
redhat
(RHSA-2017:0091) Important: kernel-rt security and bug fix update
2017-01-17 15:24:41
(RHSA-2017:0086) Important: kernel security, bug fix, and enhancement update
2017-01-17 15:24:29
(RHSA-2017:0113) Important: kernel-rt security and bug fix update
2017-01-17 17:39:19
openvas
openvas
RedHat Update for kernel RHSA-2017:0086-01
2017-01-18 00:00:00
CentOS Update for kernel CESA-2017:0086 centos7
2017-01-20 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:3119-1)
2021-04-19 00:00:00
centos
centos
kernel, perf, python security update
2017-01-19 13:30:14
kernel, perf, python security update
2017-01-12 15:47:38
kernel security update
2016-12-20 17:00:55
ibm
ibm
Security Bulletin: IBM Security Access Manager appliances are affected by kernel vulnerabilities
2018-06-16 22:03:36
Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM
2018-06-18 01:37:19
Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel
2018-06-16 22:02:07
suse
suse
Security update for Linux Kernel Live Patch 11 for SLE 12 (important)
2016-12-13 18:07:52
Security update for Linux Kernel Live Patch 2 for SLE 12 SP1 (important)
2016-12-12 19:07:35
Security update for Linux Kernel Live Patch 9 for SLE 12 (important)
2016-12-13 16:08:42
prion
prion
Out-of-bounds
2016-11-28 03:59:00
Code injection
2016-10-16 21:59:00
Design/Logic Flaw
2016-10-10 11:00:00
redhatcve
redhatcve
CVE-2016-9555
2016-11-23 17:19:15
CVE-2016-6828
2016-08-18 21:03:31
cve
cve
CVE-2016-9555
2016-11-28 03:59:00
CVE-2016-7117
2016-10-10 11:00:00
CVE-2016-6828
2016-10-16 21:59:00
debiancve
debiancve
CVE-2016-9555
2016-11-28 03:59:00
CVE-2016-6828
2016-10-16 21:59:00
CVE-2016-7117
2016-10-10 11:00:00
ubuntu
ubuntu
Linux kernel vulnerability
2017-02-03 00:00:00
Linux kernel (Trusty HWE) vulnerability
2017-02-03 00:00:00
Linux kernel (OMAP4) vulnerabilities
2017-02-09 00:00:00
arista
arista
Security Advisory 0028
2017-05-15 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: kernel-4.6.7-300.fc24
2016-08-23 12:51:13
[SECURITY] Fedora 23 Update: kernel-4.6.7-200.fc23
2016-08-23 15:24:07
[SECURITY] Fedora 23 Update: kernel-4.7.2-101.fc23
2016-09-02 23:22:48
zdt
zdt
Linux Kernel - TCP Related Read Use-After-Free Exploit
2016-11-08 00:00:00
packetstorm
packetstorm
Linux Kernel TCP Related Read Use-After-Free
2016-11-09 00:00:00
f5
f5
K54095660 : Linux kernel vulnerability CVE-2016-9555
2017-02-22 00:00:00
K62442245 : Kernel vulnerability CVE-2016-6828
2016-12-21 00:00:00
SOL51201255 - Linux kernel vulnerability CVE-2016-7117
2016-11-08 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 06:09:19
Denial Of Service (DoS)
2019-01-15 09:14:58
Remote Code Execution (RCE)
2019-01-15 09:14:57
android
android
CVE-2016-7117
2016-10-01 00:00:00
CVE-2016-6828
2016-11-01 00:00:00
amazon
amazon
Medium: kernel
2016-09-01 18:00:00
ubuntucve
ubuntucve
CVE-2016-9555
2016-11-27 00:00:00
CVE-2016-6828
2016-08-18 00:00:00
CVE-2016-7117
2016-10-10 00:00:00
exploitpack
exploitpack
Linux Kernel - TCP Related Read Use-After-Free
2016-08-18 00:00:00
broadcom
broadcom
CVE-2016-7117 - Use-after-free vulnerability in the Linux kernel
2023-05-02 00:00:00
exploitdb
exploitdb
Linux Kernel - TCP Related Read Use-After-Free
2016-08-18 00:00:00
mageia
mageia
Updated kernel packages fixes security vulnerabilities
2016-10-20 22:31:18
cloudfoundry
cloudfoundry
USN-3099-2 Linux kernel vulnerabilities | Cloud Foundry
2016-10-01 00:00:00
JSON
Related for SL_20170117_KERNEL_ON_SL7_X.NASL
oraclelinux12nessus63redhat13openvas36centos4ibm3suse24prion3redhatcve2cve3debiancve3ubuntu8arista1fedora4zdt1packetstorm1f54veracode3android2amazon1ubuntucve3exploitpack1broadcom1exploitdb1mageia1cloudfoundry1