The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :
CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088)
CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088)
CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643).
CVE-2018-10124: The kill_something_info function in kernel/signal.c might allow local users to cause a denial of service via an INT_MIN argument (bnc#1089752).
CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might allow local users to cause a denial of service by triggering an attempted use of the
-INT_MIN value (bnc#1089608).
CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536 1087209).
CVE-2017-13220: An elevation of privilege vulnerability in the Upstream kernel bluez was fixed. (bnc#1076537).
CVE-2017-11089: A buffer overread was observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes (bnc#1088261).
CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260).
CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162).
CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allow local users to cause a denial of service (BUG) by leveraging a race condition with
__dm_destroy during creation and removal of DM devices (bnc#1083242).
The update package also includes non-security fixes. See advisory for details.
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:1221-1.
# The text itself is copyright (C) SUSE.
#
include("compat.inc");
if (description)
{
script_id(109758);
script_version("1.8");
script_cvs_date("Date: 2019/09/10 13:51:47");
script_cve_id("CVE-2017-0861", "CVE-2017-11089", "CVE-2017-13220", "CVE-2017-18203", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-1087", "CVE-2018-7757", "CVE-2018-8781", "CVE-2018-8822", "CVE-2018-8897");
script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1221-1)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote SUSE host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive
various security and bugfixes. The following security bugs were
fixed :
- CVE-2018-1087: And an unprivileged KVM guest user could
use this flaw to potentially escalate their privileges
inside a guest. (bsc#1087088)
- CVE-2018-8897: An unprivileged system user could use
incorrect set up interrupt stacks to crash the Linux
kernel resulting in DoS issue. (bsc#1087088)
- CVE-2018-8781: The udl_fb_mmap function in
drivers/gpu/drm/udl/udl_fb.c had an integer-overflow
vulnerability allowing local users with access to the
udldrmfb driver to obtain full read and write
permissions on kernel physical pages, resulting in a
code execution in kernel space (bnc#1090643).
- CVE-2018-10124: The kill_something_info function in
kernel/signal.c might allow local users to cause a
denial of service via an INT_MIN argument (bnc#1089752).
- CVE-2018-10087: The kernel_wait4 function in
kernel/exit.c might allow local users to cause a denial
of service by triggering an attempted use of the
-INT_MIN value (bnc#1089608).
- CVE-2018-7757: Memory leak in the sas_smp_get_phy_events
function in drivers/scsi/libsas/sas_expander.c allowed
local users to cause a denial of service (memory
consumption) via many read accesses to files in the
/sys/class/sas_phy directory, as demonstrated by the
/sys/class/sas_phy/phy-1:0:12/invalid_dword_count file
(bnc#1084536 1087209).
- CVE-2017-13220: An elevation of privilege vulnerability
in the Upstream kernel bluez was fixed. (bnc#1076537).
- CVE-2017-11089: A buffer overread was observed in
nl80211_set_station when user space application sends
attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data
of size less than 4 bytes (bnc#1088261).
- CVE-2017-0861: Use-after-free vulnerability in the
snd_pcm_info function in the ALSA subsystem allowed
attackers to gain privileges via unspecified vectors
(bnc#1088260).
- CVE-2018-8822: Incorrect buffer length handling in the
ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c
could be exploited by malicious NCPFS servers to crash
the kernel or execute code (bnc#1086162).
- CVE-2017-18203: The dm_get_from_kobject function in
drivers/md/dm.c allow local users to cause a denial of
service (BUG) by leveraging a race condition with
__dm_destroy during creation and removal of DM devices
(bnc#1083242).
The update package also includes non-security fixes. See advisory for
details.
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1076537"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1082299"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1083125"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1083242"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1084536"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1085331"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1086162"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1087088"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1087209"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1087260"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1088147"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1088260"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1088261"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1089608"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1089752"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1090643"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-0861/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-11089/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-13220/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-18203/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-10087/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-10124/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-1087/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-7757/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-8781/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-8822/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-8897/"
);
# https://www.suse.com/support/update/announcement/2018/suse-su-20181221-1/
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?ae992f01"
);
script_set_attribute(
attribute:"solution",
value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2018-844=1
SUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch
SUSE-SLE-Module-Public-Cloud-12-2018-844=1"
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_128-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_128-xen");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/16");
script_set_attribute(attribute:"patch_publication_date", value:"2018/05/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/14");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-3.12.61-52.128.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-base-3.12.61-52.128.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.12.61-52.128.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.12.61-52.128.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-debugsource-3.12.61-52.128.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kernel-xen-devel-3.12.61-52.128.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kgraft-patch-3_12_61-52_128-default-1-1.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"x86_64", reference:"kgraft-patch-3_12_61-52_128-xen-1-1.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", cpu:"s390x", reference:"kernel-default-man-3.12.61-52.128.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-3.12.61-52.128.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-base-3.12.61-52.128.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-base-debuginfo-3.12.61-52.128.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-debuginfo-3.12.61-52.128.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-debugsource-3.12.61-52.128.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-default-devel-3.12.61-52.128.1")) flag++;
if (rpm_check(release:"SLES12", sp:"0", reference:"kernel-syms-3.12.61-52.128.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | kernel-default | p-cpe:/a:novell:suse_linux:kernel-default |
novell | suse_linux | kernel-default-base | p-cpe:/a:novell:suse_linux:kernel-default-base |
novell | suse_linux | kernel-default-base-debuginfo | p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo |
novell | suse_linux | kernel-default-debuginfo | p-cpe:/a:novell:suse_linux:kernel-default-debuginfo |
novell | suse_linux | kernel-default-debugsource | p-cpe:/a:novell:suse_linux:kernel-default-debugsource |
novell | suse_linux | kernel-default-devel | p-cpe:/a:novell:suse_linux:kernel-default-devel |
novell | suse_linux | kernel-default-man | p-cpe:/a:novell:suse_linux:kernel-default-man |
novell | suse_linux | kernel-syms | p-cpe:/a:novell:suse_linux:kernel-syms |
novell | suse_linux | kernel-xen | p-cpe:/a:novell:suse_linux:kernel-xen |
novell | suse_linux | kernel-xen-base | p-cpe:/a:novell:suse_linux:kernel-xen-base |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0861
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11089
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13220
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18203
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10087
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10124
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1087
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7757
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8781
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8822
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8897
www.nessus.org/u?ae992f01
bugzilla.suse.com/show_bug.cgi?id=1076537
bugzilla.suse.com/show_bug.cgi?id=1082299
bugzilla.suse.com/show_bug.cgi?id=1083125
bugzilla.suse.com/show_bug.cgi?id=1083242
bugzilla.suse.com/show_bug.cgi?id=1084536
bugzilla.suse.com/show_bug.cgi?id=1085331
bugzilla.suse.com/show_bug.cgi?id=1086162
bugzilla.suse.com/show_bug.cgi?id=1087088
bugzilla.suse.com/show_bug.cgi?id=1087209
bugzilla.suse.com/show_bug.cgi?id=1087260
bugzilla.suse.com/show_bug.cgi?id=1088147
bugzilla.suse.com/show_bug.cgi?id=1088260
bugzilla.suse.com/show_bug.cgi?id=1088261
bugzilla.suse.com/show_bug.cgi?id=1089608
bugzilla.suse.com/show_bug.cgi?id=1089752
bugzilla.suse.com/show_bug.cgi?id=1090643
www.suse.com/security/cve/CVE-2017-0861/
www.suse.com/security/cve/CVE-2017-11089/
www.suse.com/security/cve/CVE-2017-13220/
www.suse.com/security/cve/CVE-2017-18203/
www.suse.com/security/cve/CVE-2018-10087/
www.suse.com/security/cve/CVE-2018-10124/
www.suse.com/security/cve/CVE-2018-1087/
www.suse.com/security/cve/CVE-2018-7757/
www.suse.com/security/cve/CVE-2018-8781/
www.suse.com/security/cve/CVE-2018-8822/
www.suse.com/security/cve/CVE-2018-8897/