Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2019-1870-1.NASL
HistoryJul 19, 2019 - 12:00 a.m.

SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1870-1) (SACK Slowness)

2019-07-1900:00:00
This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
70
JSON

The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2018-5390 aka ‘SegmentSmack’: A remote attacker even with relatively low bandwidth could have caused lots of CPU usage by triggering the worst case scenario during IP and/or TCP fragment reassembly (bsc#1102340)

CVE-2018-7191: In the tun subsystem in the Linux kernel, dev_get_valid_name was not called before register_netdevice. This allowed local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. (bnc#1135603)

CVE-2018-20836: A race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, could have lead to a use-after-free. (bnc#1134395)

CVE-2019-12614: An unchecked kstrdup might have allowed an attacker to cause denial of service (a NULL pointer dereference and system crash).
(bnc#1137194)

CVE-2019-12818: The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may have returned NULL. If the caller did not check for this, it would trigger a NULL pointer dereference. This would cause denial of service. (bnc#1138293)

CVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main() allowed local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a ‘double fetch’ vulnerability.
(bsc#1136922)

CVE-2019-11487: An attacker could have triggered use-after-free via page reference count overflow on slow filesystems with at least of 140 GiB of RAM available. (bnc#1133190)

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:1870-1.
# The text itself is copyright (C) SUSE.
#

include('compat.inc');

if (description)
{
  script_id(126811);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/06");

  script_cve_id(
    "CVE-2018-20836",
    "CVE-2018-5390",
    "CVE-2018-7191",
    "CVE-2019-11478",
    "CVE-2019-11487",
    "CVE-2019-12456",
    "CVE-2019-12614",
    "CVE-2019-12818"
  );
  script_xref(name:"CEA-ID", value:"CEA-2019-0456");

  script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1870-1) (SACK Slowness)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various
security and bugfixes.

The following security bugs were fixed :

CVE-2018-5390 aka 'SegmentSmack': A remote attacker even with
relatively low bandwidth could have caused lots of CPU usage by
triggering the worst case scenario during IP and/or TCP fragment
reassembly (bsc#1102340)

CVE-2018-7191: In the tun subsystem in the Linux kernel,
dev_get_valid_name was not called before register_netdevice. This
allowed local users to cause a denial of service (NULL pointer
dereference and panic) via an ioctl(TUNSETIFF) call with a dev name
containing a / character. (bnc#1135603)

CVE-2018-20836: A race condition in smp_task_timedout() and
smp_task_done() in drivers/scsi/libsas/sas_expander.c, could have lead
to a use-after-free. (bnc#1134395)

CVE-2019-12614: An unchecked kstrdup might have allowed an attacker to
cause denial of service (a NULL pointer dereference and system crash).
(bnc#1137194)

CVE-2019-12818: The nfc_llcp_build_tlv function in
net/nfc/llcp_commands.c may have returned NULL. If the caller did not
check for this, it would trigger a NULL pointer dereference. This
would cause denial of service. (bnc#1138293)

CVE-2019-12456: An issue in the MPT3COMMAND case in _ctl_ioctl_main()
allowed local users to cause a denial of service or possibly have
unspecified other impact by changing the value of ioc_number between
two kernel reads of that value, aka a 'double fetch' vulnerability.
(bsc#1136922)

CVE-2019-11487: An attacker could have triggered use-after-free via
page reference count overflow on slow filesystems with at least of 140
GiB of RAM available. (bnc#1133190)

The update package also includes non-security fixes. See advisory for
details.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1102340");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1112824");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1130159");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1133190");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134395");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135603");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1136922");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137194");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1138293");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1139751");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-20836/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-5390/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-7191/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-11487/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-12456/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-12614/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-12818/");
  # https://www.suse.com/support/update/announcement/2019/suse-su-20191870-1/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ce50e84b");
  script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
SUSE-SLE-SAP-12-SP1-2019-1870=1

SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2019-1870=1

SUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch
SUSE-SLE-Module-Public-Cloud-12-2019-1870=1");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/07/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_118-default");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_118-xen");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-base-debuginfo-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-debuginfo-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-debugsource-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kernel-xen-devel-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_118-default-1-2.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"x86_64", reference:"kgraft-patch-3_12_74-60_64_118-xen-1-2.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", cpu:"s390x", reference:"kernel-default-man-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-base-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-base-debuginfo-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-debuginfo-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-debugsource-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-default-devel-3.12.74-60.64.118.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"kernel-syms-3.12.74-60.64.118.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
VendorProductVersionCPE
novellsuse_linuxkernel-defaultp-cpe:/a:novell:suse_linux:kernel-default
novellsuse_linuxkernel-default-basep-cpe:/a:novell:suse_linux:kernel-default-base
novellsuse_linuxkernel-default-base-debuginfop-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo
novellsuse_linuxkernel-default-debuginfop-cpe:/a:novell:suse_linux:kernel-default-debuginfo
novellsuse_linuxkernel-default-debugsourcep-cpe:/a:novell:suse_linux:kernel-default-debugsource
novellsuse_linuxkernel-default-develp-cpe:/a:novell:suse_linux:kernel-default-devel
novellsuse_linuxkernel-default-manp-cpe:/a:novell:suse_linux:kernel-default-man
novellsuse_linuxkernel-symsp-cpe:/a:novell:suse_linux:kernel-syms
novellsuse_linuxkernel-xenp-cpe:/a:novell:suse_linux:kernel-xen
novellsuse_linuxkernel-xen-basep-cpe:/a:novell:suse_linux:kernel-xen-base
Rows per page:
1-10 of 171

References

Related

openvas 39
fedora 2
nessus 57
suse 5
prion 8
redhatcve 8
f5 7
debiancve 8
osv 3
ubuntucve 8
cve 8
veracode 6
oraclelinux 6
redhat 6
centos 1
akamaiblog 1
ibm 2
ubuntu 4
cloudfoundry 1
amazon 2
archlinux 4
paloalto 1
huawei 2
arista 1
virtuozzo 1
debian 2
mageia 1
cert 1
cisco 1
checkpoint_security 1
ics 1
vmware 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:1870-1)
2021-04-19 00:00:00
Fedora Update for kernel-headers FEDORA-2019-83858fc57b
2019-06-13 00:00:00
Fedora Update for kernel-headers FEDORA-2019-c03eda3cc6
2019-06-13 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: kernel-headers-5.1.8-300.fc30
2019-06-12 14:48:53
[SECURITY] Fedora 29 Update: kernel-headers-5.1.8-200.fc29
2019-06-13 01:39:20
nessus
nessus
Fedora 30 : kernel / kernel-headers (2019-c03eda3cc6)
2019-06-13 00:00:00
SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1767-1)
2019-07-09 00:00:00
SUSE SLES12 Security Update : kernel (SUSE-SU-2019:1852-1)
2019-07-16 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2019-06-18 00:00:00
Security update for the Linux Kernel (important)
2019-06-18 00:00:00
Security update for the Linux Kernel (important)
2019-06-18 00:00:00
prion
prion
Null pointer dereference
2019-06-14 02:29:00
Race condition
2019-05-07 14:29:00
Design/Logic Flaw
2019-04-23 22:29:00
redhatcve
redhatcve
CVE-2019-12818
2020-04-04 23:14:13
CVE-2019-12456
2020-04-01 08:13:26
CVE-2018-20836
2020-01-25 22:11:58
f5
f5
K91444306 : Linux kernel vulnerability CVE-2019-12818
2019-07-08 00:00:00
K11225249 : Linux kernel vulnerability CVE-2018-20836
2019-07-12 00:00:00
K14255532 : Linux kernel vulnerability CVE-2019-11487
2019-06-28 00:00:00
debiancve
debiancve
CVE-2019-12818
2019-06-14 02:29:00
CVE-2018-20836
2019-05-07 14:29:00
CVE-2019-12614
2019-06-03 22:29:00
osv
osv
CVE-2018-20836
2019-05-07 14:29:00
CVE-2018-5390
2018-08-06 20:29:01
linux - security update
2018-08-06 00:00:00
ubuntucve
ubuntucve
CVE-2019-12818
2019-06-13 00:00:00
CVE-2019-12456
2019-05-30 00:00:00
CVE-2018-20836
2019-05-07 00:00:00
cve
cve
CVE-2019-12818
2019-06-14 02:29:00
CVE-2018-20836
2019-05-07 14:29:00
CVE-2019-12456
2019-05-30 14:29:00
veracode
veracode
Denial Of Service (DoS)
2020-11-05 03:15:00
Arbitrary Code Execution
2020-10-01 03:51:26
Denial Of Service (DoS)
2020-04-02 00:38:45
oraclelinux
oraclelinux
kernel security and bug fix update
2020-10-08 00:00:00
Unbreakable Enterprise kernel security update
2019-07-03 00:00:00
Unbreakable Enterprise kernel security update
2019-07-03 00:00:00
redhat
redhat
(RHSA-2020:4182) Important: kernel security and bug fix update
2020-10-06 12:54:02
(RHSA-2020:3266) Important: kernel-rt security and bug fix update
2020-08-03 06:02:46
(RHSA-2018:2790) Important: kernel security and bug fix update
2018-09-25 19:41:03
centos
centos
kernel, perf, python security update
2020-11-09 13:13:23
akamaiblog
akamaiblog
Linux Kernel TCP Vulnerability
2018-08-06 16:15:53
ibm
ibm
Security Bulletin: This Power System update is being released to address CVE-2018-5390
2021-12-07 19:14:45
Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability
2020-10-07 16:14:07
ubuntu
ubuntu
Linux kernel vulnerability
2018-08-06 00:00:00
Linux kernel (HWE) vulnerability
2018-08-06 00:00:00
Linux kernel vulnerability
2018-09-11 00:00:00
cloudfoundry
cloudfoundry
USN-3732-2: Linux kernel (HWE) vulnerability | Cloud Foundry
2018-09-11 00:00:00
amazon
amazon
Critical: kernel
2018-08-04 23:49:00
Critical: kernel
2018-08-04 23:48:00
archlinux
archlinux
[ASA-201808-7] linux-hardened: denial of service
2018-08-08 00:00:00
[ASA-201808-6] linux-zen: denial of service
2018-08-08 00:00:00
[ASA-201808-5] linux-lts: denial of service
2018-08-08 00:00:00
paloalto
paloalto
Information about SegmentSmack findings
2018-09-19 20:40:00
huawei
huawei
Security Advisory - SegmentSmack Vulnerability in Linux Kernel
2018-10-31 00:00:00
Security Advisory - SegmentSmack Vulnerability in Linux Kernel
2018-10-31 00:00:00
arista
arista
Security Advisory 0036
2018-08-06 00:00:00
virtuozzo
virtuozzo
Important kernel security update: Virtuozzo ReadyKernel patch 89.2 for Virtuozzo 7.0 and Virtuozzo Infrastructure Platform 2.5, 3.0
2019-10-16 00:00:00
debian
debian
[SECURITY] [DSA 4266-1] linux security update
2018-08-06 18:39:46
[SECURITY] [DSA 4266-1] linux security update
2018-08-06 18:39:46
mageia
mageia
Updated kernel packages fix security vulnerabilities
2018-08-12 23:39:12
cert
cert
TCP implementations vulnerable to Denial of Service
2018-08-06 00:00:00
cisco
cisco
Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018
2018-08-24 21:30:00
checkpoint_security
checkpoint_security
Check Point response to SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391)
2018-08-15 04:43:24
ics
ics
Siemens RUGGEDCOM, SCALANCE, SIMATIC, SINEMA (Update B)
2020-09-08 12:00:00
vmware
vmware
VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)
2019-07-02 00:00:00
JSON
Related for SUSE_SU-2019-1870-1.NASL
openvas39fedora2nessus57suse5prion8redhatcve8f57debiancve8osv3ubuntucve8cve8veracode6oraclelinux6redhat6centos1akamaiblog1ibm2ubuntu4cloudfoundry1amazon2archlinux4paloalto1huawei2arista1virtuozzo1debian2mageia1cert1cisco1checkpoint_security1ics1vmware1