Security Fix(es) :
Note: This is the microcode counterpart of the CVE-2017-5715 kernel mitigation.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include("compat.inc");
if (description)
{
script_id(105537);
script_version("3.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/04/15");
script_cve_id("CVE-2017-5715");
script_xref(name:"IAVA", value:"2018-A-0020");
script_name(english:"Scientific Linux Security Update : microcode_ctl on SL7.x x86_64 (20180103) (Spectre)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"Security Fix(es) :
- An industry-wide issue was found in the way many modern
microprocessor designs have implemented speculative
execution of instructions (a commonly used performance
optimization). There are three primary variants of the
issue which differ in the way the speculative execution
can be exploited. Variant CVE-2017-5715 triggers the
speculative execution by utilizing branch target
injection. It relies on the presence of a
precisely-defined instruction sequence in the privileged
code as well as the fact that memory accesses may cause
allocation into the microprocessor's data cache even for
speculatively executed instructions that never actually
commit (retire). As a result, an unprivileged attacker
could use this flaw to cross the syscall and guest/host
boundaries and read privileged memory by conducting
targeted cache side-channel attacks. (CVE-2017-5715)
Note: This is the microcode counterpart of the CVE-2017-5715 kernel
mitigation."
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1801&L=scientific-linux-errata&F=&S=&P=433
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?9f4c0600"
);
script_set_attribute(
attribute:"solution",
value:
"Update the affected microcode_ctl and / or microcode_ctl-debuginfo
packages."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:microcode_ctl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:microcode_ctl-debuginfo");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/04");
script_set_attribute(attribute:"patch_publication_date", value:"2018/01/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/04");
script_set_attribute(attribute:"in_the_news", value:"true");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 7.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
flag = 0;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"microcode_ctl-2.1-22.2.el7")) flag++;
if (rpm_check(release:"SL7", cpu:"x86_64", reference:"microcode_ctl-debuginfo-2.1-22.2.el7")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "microcode_ctl / microcode_ctl-debuginfo");
}