Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2017-2024 Canonical, Inc. / NASL script (C) 2017-2024 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-3265-2.NASL
HistoryApr 25, 2017 - 12:00 a.m.

Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3265-2)

2017-04-2500:00:00
Ubuntu Security Notice (C) 2017-2024 Canonical, Inc. / NASL script (C) 2017-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19

8.1 High

AI Score

Confidence

High

JSON

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3265-2 advisory.

  • The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context. (CVE-2017-5669)

  • The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access. (CVE-2017-5897)

  • The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows attackers to cause a denial of service (system crash) via (1) an application that makes crafted system calls or possibly (2) IPv4 traffic with invalid IP options. (CVE-2017-5970)

  • Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state. (CVE-2017-5986)

  • The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag. (CVE-2017-6214)

  • The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls. (CVE-2017-6345)

  • Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls. (CVE-2017-6346)

  • The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission. (CVE-2017-6347)

  • The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices. (CVE-2017-6348)

  • Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.
    (CVE-2017-7374)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3265-2. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(99658);
  script_version("3.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");

  script_cve_id(
    "CVE-2017-5669",
    "CVE-2017-5897",
    "CVE-2017-5970",
    "CVE-2017-5986",
    "CVE-2017-6214",
    "CVE-2017-6345",
    "CVE-2017-6346",
    "CVE-2017-6347",
    "CVE-2017-6348",
    "CVE-2017-7374"
  );
  script_xref(name:"USN", value:"3265-2");

  script_name(english:"Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3265-2)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in
the USN-3265-2 advisory.

  - The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address
    calculated by a certain rounding operation, which allows local users to map page zero, and consequently
    bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat
    system calls in a privileged context. (CVE-2017-5669)

  - The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have
    unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds
    access. (CVE-2017-5897)

  - The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel through 4.9.9 allows
    attackers to cause a denial of service (system crash) via (1) an application that makes crafted system
    calls or possibly (2) IPv4 traffic with invalid IP options. (CVE-2017-5970)

  - Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11
    allows local users to cause a denial of service (assertion failure and panic) via a multithreaded
    application that peels off an association in a certain buffer-full state. (CVE-2017-5986)

  - The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers
    to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the
    URG flag. (CVE-2017-6214)

  - The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in
    required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have
    unspecified other impact via crafted system calls. (CVE-2017-6345)

  - Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a
    denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded
    application that makes PACKET_FANOUT setsockopt system calls. (CVE-2017-6346)

  - The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has
    incorrect expectations about skb data layout, which allows local users to cause a denial of service
    (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by
    use of the MSG_MORE flag in conjunction with loopback UDP transmission. (CVE-2017-6347)

  - The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages
    lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on
    IrDA devices. (CVE-2017-6348)

  - Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a
    denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being
    used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely.
    (CVE-2017-7374)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-3265-2");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5897");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/02/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/04/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/04/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc-e500mc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc64-emb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc64-smp");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2017-2024 Canonical, Inc. / NASL script (C) 2017-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');
include('ksplice.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var kernel_mappings = {
  '14.04': {
    '4.4.0': {
      'generic': '4.4.0-75',
      'generic-lpae': '4.4.0-75',
      'lowlatency': '4.4.0-75',
      'powerpc-e500mc': '4.4.0-75',
      'powerpc-smp': '4.4.0-75',
      'powerpc64-emb': '4.4.0-75',
      'powerpc64-smp': '4.4.0-75'
    }
  }
};

var host_kernel_release = get_kb_item('Host/uptrack-uname-r');
if (empty_or_null(host_kernel_release)) host_kernel_release = get_kb_item_or_exit('Host/uname-r');
var host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');
var host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');
if(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);

var extra = '';
var kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type] + "-" + host_kernel_type;
if (deb_ver_cmp(ver1:host_kernel_release, ver2:kernel_fixed_version) < 0)
{
  extra = extra + 'Running Kernel level of ' + host_kernel_release + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\n\n';
}
  else
{
  audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-3265-2');
}

if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
  var cve_list = make_list('CVE-2017-5669', 'CVE-2017-5897', 'CVE-2017-5970', 'CVE-2017-5986', 'CVE-2017-6214', 'CVE-2017-6345', 'CVE-2017-6346', 'CVE-2017-6347', 'CVE-2017-6348', 'CVE-2017-7374');
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-3265-2');
  }
  else
  {
    extra = extra + ksplice_reporting_text();
  }
}
if (extra) {
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : extra
  );
  exit(0);
}
VendorProductVersionCPE
canonicalubuntu_linuxlinux-image-4.4.0-75-genericp-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-generic
canonicalubuntu_linuxlinux-image-4.4.0-75-generic-lpaep-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-generic-lpae
canonicalubuntu_linuxlinux-image-4.4.0-75-lowlatencyp-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-lowlatency
canonicalubuntu_linuxlinux-image-4.4.0-75-powerpc-e500mcp-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc-e500mc
canonicalubuntu_linuxlinux-image-4.4.0-75-powerpc-smpp-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc-smp
canonicalubuntu_linuxlinux-image-4.4.0-75-powerpc64-embp-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc64-emb
canonicalubuntu_linuxlinux-image-4.4.0-75-powerpc64-smpp-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc64-smp
canonicalubuntu_linux14.04cpe:/o:canonical:ubuntu_linux:14.04:-:lts

Related

nessus 46
ubuntu 6
openvas 24
cloudfoundry 1
osv 2
f5 5
debian 3
mageia 6
suse 32
amazon 3
fedora 7
oraclelinux 2
symantec 1
redhatcve 10
prion 10
cve 10
ubuntucve 9
debiancve 10
ibm 5
veracode 3
virtuozzo 2
redhat 1
centos 1
nessus
nessus
Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3265-1)
2017-04-25 00:00:00
Debian DSA-3804-1 : linux - security update
2017-03-09 00:00:00
Debian DLA-849-1 : linux security update
2017-03-10 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2017-04-25 00:00:00
Linux kernel (Xenial HWE) vulnerabilities
2017-04-25 00:00:00
Linux kernel (HWE) vulnerability
2017-04-25 00:00:00
openvas
openvas
Ubuntu Update for linux USN-3265-1
2017-04-25 00:00:00
Ubuntu Update for linux-lts-xenial USN-3265-2
2017-04-25 00:00:00
Debian Security Advisory DSA 3804-1 (linux - security update)
2017-03-08 00:00:00
cloudfoundry
cloudfoundry
USN-3265-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2017-05-01 00:00:00
osv
osv
linux - security update
2017-03-08 00:00:00
linux - security update
2017-03-08 00:00:00
f5
f5
K31209433 : Linux kernel vulnerabilities CVE-2017-6345, CVE-2017-6347, and CVE-2017-6348
2017-04-13 00:00:00
K61968355 : Linux kernel vulnerability CVE-2017-7374
2017-05-01 00:00:00
K60104355 : Linux kernel vulnerability CVE-2017-5970
2017-04-18 00:00:00
debian
debian
[SECURITY] [DSA 3804-1] linux security update
2017-03-08 16:59:59
[SECURITY] [DSA 3804-1] linux security update
2017-03-08 16:59:59
[SECURITY] [DLA 849-1] linux security update
2017-03-09 12:06:12
mageia
mageia
Updated kernel-linus packages fixes security vulnerabilities
2017-03-25 23:15:34
Updated kernel-tmb packages fixes security vulnerabilities
2017-03-25 23:15:34
Updated kernel packages fixes security vulnerabilities
2017-03-25 23:15:34
suse
suse
Security update for the Linux Kernel (important)
2017-02-22 21:10:07
Security update for the Linux Kernel (important)
2017-02-22 21:15:53
Security update for the Linux Kernel (important)
2017-04-01 15:07:45
amazon
amazon
Important: kernel
2017-03-06 14:00:00
Medium: kernel
2017-04-06 21:16:00
Important: kernel
2017-03-29 17:59:00
fedora
fedora
[SECURITY] Fedora 25 Update: kernel-4.9.9-200.fc25
2017-02-14 15:52:06
[SECURITY] Fedora 25 Update: kernel-4.9.13-201.fc25
2017-03-11 12:22:11
[SECURITY] Fedora 24 Update: kernel-4.9.13-101.fc24
2017-03-11 11:52:58
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2017-04-13 00:00:00
kernel security and bug fix update
2017-05-30 00:00:00
symantec
symantec
SA148: Linux Kernel Vulnerabilities Feb-Apr 2017
2017-05-09 08:00:00
redhatcve
redhatcve
CVE-2017-7374
2017-04-03 10:48:45
CVE-2017-5897
2017-02-07 09:22:23
CVE-2017-6345
2017-03-02 16:48:19
prion
prion
Out-of-bounds
2017-03-23 16:59:00
Null pointer dereference
2017-03-31 20:59:00
Design/Logic Flaw
2017-03-01 20:59:00
cve
cve
CVE-2017-5897
2017-03-23 16:59:00
CVE-2017-7374
2017-03-31 20:59:00
CVE-2017-6214
2017-02-23 17:59:00
ubuntucve
ubuntucve
CVE-2017-5897
2017-03-23 00:00:00
CVE-2017-7374
2017-03-31 00:00:00
CVE-2017-6347
2017-03-01 00:00:00
debiancve
debiancve
CVE-2017-7374
2017-03-31 20:59:00
CVE-2017-6345
2017-03-01 20:59:00
CVE-2017-5897
2017-03-23 16:59:00
ibm
ibm
Security Bulletin: The Linux Kernel as used in IBM QRadar SIEM is vulnerable to denial service. (CVE-2017-6214)
2018-06-16 22:04:36
Security Bulletin: IBM Security Access Manager Appliance is affected by a kernel vulnerability (CVE-2017-5970)
2018-06-22 02:26:47
Security Bulletin: Vulnerability in Linux Kernel affects IBM RackSwitch Products (CVE-2017-6214)
2019-01-31 02:25:02
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:17:01
Denial Of Service (DOS)
2019-05-02 06:36:13
Denial Of Service (DoS)
2019-05-02 06:11:52
virtuozzo
virtuozzo
Kernel security update: CVE-2017-5970 and other; Virtuozzo ReadyKernel patch 20.0 for Virtuozzo 7.0.x
2017-04-28 00:00:00
Important kernel security update: Virtuozzo ReadyKernel patch 13.0 for kernels 3.10.0-327.18.2.vz7.15.2 (Virtuozzo 7.0.0), 3.10.0-327.36.1.vz7.18.7 (Virtuozzo 7.0.1), and 3.10.0-327.36.1.vz7.20.18 (Virtuozzo 7.0.3)
2017-03-02 00:00:00
redhat
redhat
(RHSA-2017:1372) Moderate: kernel security and bug fix update
2017-05-30 14:49:29
centos
centos
kernel, perf, python security update
2017-05-31 14:08:43

8.1 High

AI Score

Confidence

High

JSON
Related for UBUNTU_USN-3265-2.NASL
nessus46ubuntu6openvas24cloudfoundry1osv2f55debian3mageia6suse32amazon3fedora7oraclelinux2symantec1redhatcve10prion10cve10ubuntucve9debiancve10ibm5veracode3virtuozzo2redhat1centos1