Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20171006_KERNEL_ON_SL6_X.NASL
HistoryOct 09, 2017 - 12:00 a.m.

Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20171006)

2017-10-0900:00:00
This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
JSON

Security Fix(es) :

  • Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely. (CVE-2017-7541, Moderate)

Bug Fix(es) :

  • Previously, removal of a rport during ISCSI target scanning could cause a kernel panic. This was happening because addition of STARGET_REMOVE to the rport state introduced a race condition to the SCSI code. This update adds the STARGET_CREATED_REMOVE state as a possible state of the rport and appropriate handling of that state, thus fixing the bug. As a result, the kernel panic no longer occurs under the described circumstances.

  • Previously, GFS2 contained multiple bugs where the wrong inode was assigned to GFS2 cluster-wide locks (glocks), or the assigned inode was cleared incorrectly.
    Consequently, kernel panic could occur when using GFS2.
    With this update, GFS2 has been fixed, and the kernel no longer panics due to those bugs.

  • Previously, VMs with memory larger than 64GB running on Hyper-V with Windows Server hosts reported potential memory size of 4TB and more, but could not use more than 64GB. This was happening because the Memory Type Range Register (MTRR) for memory above 64GB was omitted. With this update, the /proc/mtrr file has been fixed to show correct base/size if they are more than 44 bit wide. As a result, the whole size of memory is now available as expected under the described circumstances.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(103730);
  script_version("3.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2017-7541");

  script_name(english:"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20171006)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Security Fix(es) :

  - Kernel memory corruption due to a buffer overflow was
    found in brcmf_cfg80211_mgmt_tx() function in Linux
    kernels from v3.9-rc1 to v4.13-rc1. The vulnerability
    can be triggered by sending a crafted NL80211_CMD_FRAME
    packet via netlink. This flaw is unlikely to be
    triggered remotely as certain userspace code is needed
    for this. An unprivileged local user could use this flaw
    to induce kernel memory corruption on the system,
    leading to a crash. Due to the nature of the flaw,
    privilege escalation cannot be fully ruled out, although
    it is unlikely. (CVE-2017-7541, Moderate)

Bug Fix(es) :

  - Previously, removal of a rport during ISCSI target
    scanning could cause a kernel panic. This was happening
    because addition of STARGET_REMOVE to the rport state
    introduced a race condition to the SCSI code. This
    update adds the STARGET_CREATED_REMOVE state as a
    possible state of the rport and appropriate handling of
    that state, thus fixing the bug. As a result, the kernel
    panic no longer occurs under the described
    circumstances.

  - Previously, GFS2 contained multiple bugs where the wrong
    inode was assigned to GFS2 cluster-wide locks (glocks),
    or the assigned inode was cleared incorrectly.
    Consequently, kernel panic could occur when using GFS2.
    With this update, GFS2 has been fixed, and the kernel no
    longer panics due to those bugs.

  - Previously, VMs with memory larger than 64GB running on
    Hyper-V with Windows Server hosts reported potential
    memory size of 4TB and more, but could not use more than
    64GB. This was happening because the Memory Type Range
    Register (MTRR) for memory above 64GB was omitted. With
    this update, the /proc/mtrr file has been fixed to show
    correct base/size if they are more than 44 bit wide. As
    a result, the whole size of memory is now available as
    expected under the described circumstances."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1710&L=scientific-linux-errata&F=&S=&P=6234
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?790fb9c1"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/10/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/10/09");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL6", reference:"kernel-2.6.32-696.13.2.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-abi-whitelists-2.6.32-696.13.2.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debug-2.6.32-696.13.2.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debug-debuginfo-2.6.32-696.13.2.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debug-devel-2.6.32-696.13.2.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debuginfo-2.6.32-696.13.2.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-debuginfo-common-i686-2.6.32-696.13.2.el6")) flag++;
if (rpm_check(release:"SL6", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-2.6.32-696.13.2.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-devel-2.6.32-696.13.2.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-doc-2.6.32-696.13.2.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-firmware-2.6.32-696.13.2.el6")) flag++;
if (rpm_check(release:"SL6", reference:"kernel-headers-2.6.32-696.13.2.el6")) flag++;
if (rpm_check(release:"SL6", reference:"perf-2.6.32-696.13.2.el6")) flag++;
if (rpm_check(release:"SL6", reference:"perf-debuginfo-2.6.32-696.13.2.el6")) flag++;
if (rpm_check(release:"SL6", reference:"python-perf-2.6.32-696.13.2.el6")) flag++;
if (rpm_check(release:"SL6", reference:"python-perf-debuginfo-2.6.32-696.13.2.el6")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-abi-whitelists / kernel-debug / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxkernelp-cpe:/a:fermilab:scientific_linux:kernel
fermilabscientific_linuxkernel-abi-whitelistsp-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists
fermilabscientific_linuxkernel-debugp-cpe:/a:fermilab:scientific_linux:kernel-debug
fermilabscientific_linuxkernel-debug-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo
fermilabscientific_linuxkernel-debug-develp-cpe:/a:fermilab:scientific_linux:kernel-debug-devel
fermilabscientific_linuxkernel-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debuginfo
fermilabscientific_linuxkernel-debuginfo-common-i686p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686
fermilabscientific_linuxkernel-debuginfo-common-x86_64p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64
fermilabscientific_linuxkernel-develp-cpe:/a:fermilab:scientific_linux:kernel-devel
fermilabscientific_linuxkernel-docp-cpe:/a:fermilab:scientific_linux:kernel-doc
Rows per page:
1-10 of 171

Related

nessus 44
ubuntucve 1
debiancve 1
cve 1
centos 2
openvas 21
redhatcve 1
veracode 1
f5 1
redhat 4
prion 1
oraclelinux 7
virtuozzo 5
ubuntu 6
photon 3
fedora 2
suse 7
cloudfoundry 1
debian 4
osv 2
ibm 3
nessus
nessus
Oracle Linux 6 : kernel (ELSA-2017-2863)
2017-10-09 00:00:00
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3629)
2017-10-11 00:00:00
CentOS 6 : kernel (CESA-2017:2863)
2017-10-09 00:00:00
ubuntucve
ubuntucve
CVE-2017-7541
2017-07-25 00:00:00
debiancve
debiancve
CVE-2017-7541
2017-07-25 04:29:00
cve
cve
CVE-2017-7541
2017-07-25 04:29:00
centos
centos
kernel, perf, python security update
2017-10-06 13:56:12
kernel, perf, python security update
2017-10-23 17:05:09
openvas
openvas
RedHat Update for kernel RHSA-2017:2863-01
2017-10-06 00:00:00
CentOS Update for kernel CESA-2017:2863 centos6
2017-10-07 00:00:00
Ubuntu: Security Advisory (USN-3419-1)
2017-09-19 00:00:00
redhatcve
redhatcve
CVE-2017-7541
2017-07-20 08:49:26
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:20:18
f5
f5
K03521623 : Linux kernel vulnerability CVE-2017-7541
2018-03-09 00:00:00
redhat
redhat
(RHSA-2017:2863) Moderate: kernel security and bug fix update
2017-10-05 19:54:50
(RHSA-2017:2918) Important: kernel-rt security and bug fix update
2017-10-19 13:10:34
(RHSA-2017:2930) Important: kernel security and bug fix update
2017-10-19 13:19:00
prion
prion
Buffer overflow
2017-07-25 04:29:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2017-10-10 00:00:00
kernel security and bug fix update
2017-10-06 00:00:00
Unbreakable Enterprise kernel security update
2017-11-02 00:00:00
virtuozzo
virtuozzo
Kernel security update: CVE-2017-7542 and other; Virtuozzo ReadyKernel patch 27.0 for Virtuozzo 7.0.5
2017-08-04 00:00:00
Kernel security update: CVE-2017-11600 and other; Virtuozzo ReadyKernel patch 27.2 for Virtuozzo 7.0.0, 7.0.1, and 7.0.3
2017-08-04 00:00:00
Kernel security update: CVE-2017-11600 and other; Virtuozzo ReadyKernel patch 27.0 for Virtuozzo 7.0.4 and 7.0.4 HF3
2017-08-04 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2017-09-18 00:00:00
Linux kernel (HWE) vulnerabilities
2017-09-18 00:00:00
Linux kernel vulnerabilities
2017-08-28 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2017-0028
2017-08-10 00:00:00
Important Photon OS Security Update - PHSA-2017-0061
2017-08-10 00:00:00
Critical Photon OS Security Update - PHSA-2018-0031
2018-03-29 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: kernel-4.11.12-200.fc25
2017-07-26 22:53:49
[SECURITY] Fedora 24 Update: kernel-4.11.12-100.fc24
2017-07-26 21:20:27
suse
suse
Security update for the Linux Kernel (important)
2017-08-09 15:21:43
Security update for the Linux Kernel (important)
2017-08-09 15:08:18
Security update for the Linux Kernel (important)
2017-08-29 18:11:41
cloudfoundry
cloudfoundry
USN-3405-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2017-09-21 00:00:00
debian
debian
[SECURITY] [DSA 3927-1] linux security update
2017-08-07 05:18:53
[SECURITY] [DSA 3927-1] linux security update
2017-08-07 05:18:53
[SECURITY] [DSA 3945-1] linux security update
2017-08-17 18:40:05
osv
osv
linux - security update
2017-08-07 00:00:00
linux - security update
2017-08-17 00:00:00
ibm
ibm
Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities
2018-07-25 14:37:35
Security Bulletin: IBM Security Guardium is affected by Open Source packages vulnerabilities
2018-06-16 22:04:22
Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM
2018-07-06 23:49:08
JSON
Related for SL_20171006_KERNEL_ON_SL6_X.NASL
nessus44ubuntucve1debiancve1cve1centos2openvas21redhatcve1veracode1f51redhat4prion1oraclelinux7virtuozzo5ubuntu6photon3fedora2suse7cloudfoundry1debian4osv2ibm3