Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2018-2024 Canonical, Inc. / NASL script (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-3742-1.NASL
HistoryAug 15, 2018 - 12:00 a.m.

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3742-1)

2018-08-1500:00:00
Ubuntu Security Notice (C) 2018-2024 Canonical, Inc. / NASL script (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
160

7.8 High

AI Score

Confidence

High

JSON

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3742-1 advisory.

  • The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn’t properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).
    (CVE-2017-18344)

  • Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. (CVE-2018-3620)

  • Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. (CVE-2018-3646)

  • Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. (CVE-2018-5390)

  • The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. (CVE-2018-5391)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3742-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(111753);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");

  script_cve_id(
    "CVE-2017-18344",
    "CVE-2018-3620",
    "CVE-2018-3646",
    "CVE-2018-5390",
    "CVE-2018-5391"
  );
  script_xref(name:"USN", value:"3742-1");

  script_name(english:"Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3742-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in
the USN-3742-1 advisory.

  - The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8
    doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the
    show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read
    arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).
    (CVE-2017-18344)

  - Systems with microprocessors utilizing speculative execution and address translations may allow
    unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access
    via a terminal page fault and a side-channel analysis. (CVE-2018-3620)

  - Systems with microprocessors utilizing speculative execution and address translations may allow
    unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access
    with guest OS privilege via a terminal page fault and a side-channel analysis. (CVE-2018-3646)

  - Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and
    tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. (CVE-2018-5390)

  - The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially
    modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by
    sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered
    and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel
    with the increase of the IP fragment reassembly queue size. (CVE-2018-5391)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-3742-1");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-3646");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/08/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-155-generic");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-155-generic-lpae");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-155-lowlatency");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-155-powerpc-e500");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-155-powerpc-e500mc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-155-powerpc-smp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-155-powerpc64-emb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-155-powerpc64-smp");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2018-2024 Canonical, Inc. / NASL script (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');
include('ksplice.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var kernel_mappings = {
  '14.04': {
    '3.13.0': {
      'generic': '3.13.0-155',
      'generic-lpae': '3.13.0-155',
      'lowlatency': '3.13.0-155',
      'powerpc-e500': '3.13.0-155',
      'powerpc-e500mc': '3.13.0-155',
      'powerpc-smp': '3.13.0-155',
      'powerpc64-emb': '3.13.0-155',
      'powerpc64-smp': '3.13.0-155'
    }
  }
};

var host_kernel_release = get_kb_item('Host/uptrack-uname-r');
if (empty_or_null(host_kernel_release)) host_kernel_release = get_kb_item_or_exit('Host/uname-r');
var host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');
var host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');
if(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);

var extra = '';
var kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type] + "-" + host_kernel_type;
if (deb_ver_cmp(ver1:host_kernel_release, ver2:kernel_fixed_version) < 0)
{
  extra = extra + 'Running Kernel level of ' + host_kernel_release + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\n\n';
}
  else
{
  audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-3742-1');
}

if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
  var cve_list = make_list('CVE-2017-18344', 'CVE-2018-3620', 'CVE-2018-3646', 'CVE-2018-5390', 'CVE-2018-5391');
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-3742-1');
  }
  else
  {
    extra = extra + ksplice_reporting_text();
  }
}
if (extra) {
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : extra
  );
  exit(0);
}
VendorProductVersionCPE
canonicalubuntu_linuxlinux-image-3.13.0-155-genericp-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-155-generic
canonicalubuntu_linuxlinux-image-3.13.0-155-generic-lpaep-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-155-generic-lpae
canonicalubuntu_linuxlinux-image-3.13.0-155-lowlatencyp-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-155-lowlatency
canonicalubuntu_linuxlinux-image-3.13.0-155-powerpc-e500p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-155-powerpc-e500
canonicalubuntu_linuxlinux-image-3.13.0-155-powerpc-e500mcp-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-155-powerpc-e500mc
canonicalubuntu_linuxlinux-image-3.13.0-155-powerpc-smpp-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-155-powerpc-smp
canonicalubuntu_linuxlinux-image-3.13.0-155-powerpc64-embp-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-155-powerpc64-emb
canonicalubuntu_linuxlinux-image-3.13.0-155-powerpc64-smpp-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-155-powerpc64-smp
canonicalubuntu_linux14.04cpe:/o:canonical:ubuntu_linux:14.04:-:lts

Related

ubuntu 9
openvas 35
nessus 70
oraclelinux 6
cloudfoundry 2
redhat 23
suse 2
ibm 6
amazon 2
checkpoint_security 1
ics 1
fedora 2
osv 3
redhatcve 3
freebsd 1
debian 5
freebsd_advisory 1
xen 1
f5 2
intel 1
mageia 4
thn 1
msrc 2
threatpost 1
lenovo 2
cisco 1
cert 1
citrix 1
centos 1
virtuozzo 2
exploitpack 1
packetstorm 1
veracode 1
canvas 1
zdt 1
cve 1
huawei 1
ubuntu
ubuntu
Linux kernel (Trusty HWE) vulnerabilities
2018-08-14 00:00:00
Linux kernel (Trusty HWE) regressions
2018-08-21 00:00:00
Linux kernel vulnerabilities
2018-08-14 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3742-2)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-3742-3)
2022-08-26 00:00:00
Ubuntu: Security Advisory (USN-3742-1)
2018-08-15 00:00:00
nessus
nessus
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4196)
2018-08-15 00:00:00
SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2374-1) (Foreshadow)
2018-08-17 00:00:00
EulerOS 2.0 SP3 : kernel (EulerOS-SA-2018-1279)
2018-09-04 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2018-08-14 00:00:00
Unbreakable Enterprise kernel security update
2018-08-14 00:00:00
Unbreakable Enterprise kernel security update
2018-09-13 00:00:00
cloudfoundry
cloudfoundry
USN-3741-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2018-08-17 00:00:00
USN-3740-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
redhat
redhat
(RHSA-2018:2403) Important: redhat-virtualization-host security update
2018-08-15 10:10:49
(RHSA-2018:2402) Important: rhvm-appliance security update
2018-08-16 05:04:33
(RHSA-2018:3459) Important: kernel security, bug fix, and enhancement update
2018-11-06 14:46:26
suse
suse
Security update for the Linux Kernel (important)
2018-08-07 21:10:43
Security update for the Linux Kernel (important)
2018-08-17 12:20:07
ibm
ibm
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801q
2018-10-10 21:05:01
Security Bulletin: IBM Security Guardium is affected by a Foreshadow Spectre Variant vulnerability
2019-02-07 19:55:01
Security Bulletin: L1TF - L1 Terminal Fault Attack affect IBM Netezza Host Management
2019-10-18 03:36:34
amazon
amazon
Critical: kernel
2018-08-10 20:26:00
Critical: kernel
2018-08-10 22:53:00
checkpoint_security
checkpoint_security
Check Point response to SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391)
2018-08-15 04:43:24
ics
ics
Siemens RUGGEDCOM, SCALANCE, SIMATIC, SINEMA (Update B)
2020-09-08 12:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: kernel-headers-4.17.14-3.fc28
2018-08-16 08:08:45
[SECURITY] Fedora 27 Update: kernel-headers-4.17.14-3.fc27
2018-08-16 07:24:56
osv
osv
linux-4.9 - security update
2018-08-28 00:00:00
linux - security update
2018-08-20 00:00:00
linux-4.9 - security update
2018-08-13 00:00:00
redhatcve
redhatcve
CVE-2018-3646
2021-01-24 22:39:20
CVE-2017-18344
2018-08-01 17:49:05
CVE-2018-3620
2021-03-20 21:41:50
freebsd
freebsd
FreeBSD -- L1 Terminal Fault (L1TF) Kernel Information Disclosure
2018-08-14 00:00:00
debian
debian
[SECURITY] [DSA 4279-1] linux security update
2018-08-20 11:44:32
[SECURITY] [DSA 4274-1] xen security update
2018-08-16 20:47:43
[SECURITY] [DLA 1481-1] linux-4.9 security update
2018-08-28 17:10:51
freebsd_advisory
freebsd_advisory
FreeBSD-SA-18:09.l1tf
2018-08-14 00:00:00
xen
xen
L1 Terminal Fault speculative side channel
2018-08-14 17:15:00
f5
f5
K70675920 : August 2018 Intel security vulnerability announcement
2018-08-15 00:00:00
K07020416 : Linux kernel vulnerability CVE-2017-18344
2020-12-08 00:00:00
intel
intel
Q3 2018 Speculative Execution Side Channel Update
2021-05-11 00:00:00
mageia
mageia
Updated kernel-linus packages fix security vulnerabilities
2018-08-19 14:24:54
Updated kernel-tmb packages fix security vulnerabilities
2018-08-19 14:24:54
Updated microcode packages fix security vulnerabilities
2018-08-19 14:24:54
thn
thn
Foreshadow Attacks — 3 New Intel CPU Side-Channel Flaws Discovered
2018-08-15 07:40:00
msrc
msrc
Analysis and mitigation of L1 Terminal Fault (L1TF)
2018-08-13 07:00:00
Analysis and mitigation of L1 Terminal Fault (L1TF)
2018-08-13 07:00:00
threatpost
threatpost
Intel CPUs Undermined By Fresh Speculative Execution Flaws
2018-08-14 19:24:34
lenovo
lenovo
L1 Terminal Fault Side Channel Vulnerabilities - Lenovo Support NL
2018-08-16 14:27:00
L1 Terminal Fault Side Channel Vulnerabilities - US
2018-08-16 14:27:00
cisco
cisco
CPU Side-Channel Information Disclosure Vulnerabilities: August 2018
2018-08-14 17:00:00
cert
cert
Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)
2018-08-15 00:00:00
citrix
citrix
Citrix Security Advisory for TCP/IP Reassembly Resource Exhaustion
2020-11-09 09:09:01
centos
centos
kernel, perf, python security update
2018-08-15 03:59:04
virtuozzo
virtuozzo
Important kernel security update: CVE-2018-3620 and other issues; new kernel 3.10.0-862.11.6.vz7.64.7; Virtuozzo 7.0 Update 8 Hotfix 1 (7.0.8-507)
2018-08-30 00:00:00
Important kernel security update: CVE-2018-3620 and other issues; new kernel 2.6.32-042stab133.1; Virtuozzo 6.0 Update 12 Hotfix 30 (6.0.12-3713)
2018-08-20 00:00:00
exploitpack
exploitpack
Linux Kernel 4.14.7 (Ubuntu 16.04 CentOS 7) - (KASLR SMEP Bypass) Arbitrary File Read
2018-08-09 00:00:00
packetstorm
packetstorm
Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) Arbitrary File Read
2018-08-09 00:00:00
veracode
veracode
Information Disclosure
2019-01-15 09:26:26
canvas
canvas
Immunity Canvas: SHOW_TIMER_LEAK
2018-07-26 19:29:00
zdt
zdt
Linux Kernel 4.14.7 ( Ubuntu 16.04 / CentOS 7) Arbitrary File Read Exploit
2018-08-09 00:00:00
cve
cve
CVE-2017-18344
2018-07-26 19:29:00
huawei
huawei
Security Advisory - CPU Side Channel Vulnerability "L1TF"
2018-08-15 00:00:00

7.8 High

AI Score

Confidence

High

JSON
Related for UBUNTU_USN-3742-1.NASL
ubuntu9openvas35nessus70oraclelinux6cloudfoundry2redhat23suse2ibm6amazon2checkpoint_security1ics1fedora2osv3redhatcve3freebsd1debian5freebsd_advisory1xen1f52intel1mageia4thn1msrc2threatpost1lenovo2cisco1cert1citrix1centos1virtuozzo2exploitpack1packetstorm1veracode1canvas1zdt1cve1huawei1