Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2018-2024 Canonical, Inc. / NASL script (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-3777-3.NASL
HistoryOct 23, 2018 - 12:00 a.m.

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel (Azure) vulnerabilities (USN-3777-3)

2018-10-2300:00:00
Ubuntu Security Notice (C) 2018-2024 Canonical, Inc. / NASL script (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
86

8.6 High

AI Score

Confidence

High

JSON

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3777-3 advisory.

  • Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
    (CVE-2017-5715)

  • A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target’s code was built (i.e.
    depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target.
    Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable. (CVE-2018-14633)

  • The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace- userspace spectreRSB attacks. (CVE-2018-15572)

  • arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594)

  • An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
    (CVE-2018-17182)

  • Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. (CVE-2018-3639)

  • Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket. (CVE-2018-6554)

  • The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket. (CVE-2018-6555)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-3777-3. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('compat.inc');

if (description)
{
  script_id(118322);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");

  script_cve_id(
    "CVE-2017-5715",
    "CVE-2018-14633",
    "CVE-2018-15572",
    "CVE-2018-15594",
    "CVE-2018-17182",
    "CVE-2018-3639",
    "CVE-2018-6554",
    "CVE-2018-6555"
  );
  script_xref(name:"USN", value:"3777-3");

  script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel (Azure) vulnerabilities (USN-3777-3)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as
referenced in the USN-3777-3 advisory.

  - Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow
    unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
    (CVE-2017-5715)

  - A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux
    kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote
    attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the
    iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e.
    depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and
    thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target.
    Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is
    highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable. (CVE-2018-14633)

  - The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1
    does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-
    userspace spectreRSB attacks. (CVE-2018-15572)

  - arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which
    makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. (CVE-2018-15594)

  - An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in
    mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly
    gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
    (CVE-2018-17182)

  - Systems with microprocessors utilizing speculative execution and speculative execution of memory reads
    before the addresses of all prior memory writes are known may allow unauthorized disclosure of information
    to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB),
    Variant 4. (CVE-2018-3639)

  - Memory leak in the irda_bind function in net/irda/af_irda.c and later in
    drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of
    service (memory consumption) by repeatedly binding an AF_IRDA socket. (CVE-2018-6554)

  - The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the
    Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and
    system crash) or possibly have unspecified other impact via an AF_IRDA socket. (CVE-2018-6555)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-3777-3");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-14633");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-6555");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/10/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1025-azure");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Ubuntu Local Security Checks");

  script_copyright(english:"Ubuntu Security Notice (C) 2018-2024 Canonical, Inc. / NASL script (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');
include('ksplice.inc');

if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);

var kernel_mappings = {
  '16.04': {
    '4.15.0': {
      'azure': '4.15.0-1025'
    }
  },
  '18.04': {
    '4.15.0': {
      'azure': '4.15.0-1025'
    }
  }
};

var host_kernel_release = get_kb_item('Host/uptrack-uname-r');
if (empty_or_null(host_kernel_release)) host_kernel_release = get_kb_item_or_exit('Host/uname-r');
var host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');
var host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');
if(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);

var extra = '';
var kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type] + "-" + host_kernel_type;
if (deb_ver_cmp(ver1:host_kernel_release, ver2:kernel_fixed_version) < 0)
{
  extra = extra + 'Running Kernel level of ' + host_kernel_release + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\n\n';
}
  else
{
  audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-3777-3');
}

if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
  var cve_list = make_list('CVE-2017-5715', 'CVE-2018-3639', 'CVE-2018-6554', 'CVE-2018-6555', 'CVE-2018-14633', 'CVE-2018-15572', 'CVE-2018-15594', 'CVE-2018-17182');
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-3777-3');
  }
  else
  {
    extra = extra + ksplice_reporting_text();
  }
}
if (extra) {
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : extra
  );
  exit(0);
}
VendorProductVersionCPE
canonicalubuntu_linuxlinux-image-4.15.0-1025-azurep-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1025-azure
canonicalubuntu_linux16.04cpe:/o:canonical:ubuntu_linux:16.04:-:lts
canonicalubuntu_linux18.04cpe:/o:canonical:ubuntu_linux:18.04:-:lts

Related

openvas 28
ubuntu 7
cloudfoundry 2
nessus 68
mageia 3
altlinux 2
redhat 1
amazon 2
aix 3
photon 3
debian 3
osv 3
prion 6
redhatcve 6
cve 6
ubuntucve 6
debiancve 6
thn 2
slackware 1
googleprojectzero 1
f5 6
fedora 15
oraclelinux 3
threatpost 1
zdt 1
veracode 2
ibm 5
suse 3
checkpoint_advisories 1
hp 1
mskb 1
citrix 1
openvas
openvas
Ubuntu Update for linux-azure USN-3777-3
2018-10-23 00:00:00
Ubuntu Update for linux-gcp USN-3777-2
2018-10-02 00:00:00
Ubuntu Update for linux USN-3777-1
2018-10-02 00:00:00
ubuntu
ubuntu
Linux kernel (Azure) vulnerabilities
2018-10-23 00:00:00
Linux kernel vulnerabilities
2018-10-01 00:00:00
Linux kernel (HWE) vulnerabilities
2018-10-01 00:00:00
cloudfoundry
cloudfoundry
USN-3777-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry
2018-10-09 00:00:00
USN-3776-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2018-10-03 00:00:00
nessus
nessus
Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3777-1)
2018-10-02 00:00:00
Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3777-2)
2018-10-02 00:00:00
Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3775-1)
2018-10-02 00:00:00
mageia
mageia
Updated kernel-tmb packages fix security vulnerabilities
2018-09-14 23:41:44
Updated kernel packages fix security vulnerabilities
2018-09-14 23:41:44
Updated kernel-linus packages fix security vulnerabilities
2018-10-27 12:45:46
altlinux
altlinux
Security fix for the ALT Linux 8 package kernel-image-std-pae version 1:4.4.156-alt0.M80P.1
2018-09-17 00:00:00
Security fix for the ALT Linux 8 package kernel-image-std-pae version 1:4.4.159-alt0.M80P.1
2018-10-09 00:00:00
redhat
redhat
(RHSA-2018:1967) Important: kernel-alt security and bug fix update
2018-06-26 15:04:18
amazon
amazon
Important: kernel
2018-10-08 22:12:00
Important: kernel
2018-10-03 02:57:00
aix
aix
IBM has released AIX and VIOS iFixes in response to Speculative Store Bypass (SSB) also known as Variant 4.,IBM has released AIX and VIOS iFixes in response to Speculative Store Bypass (SSB) also known as Variant 4.,IBM has released VIOS and VIOS iFixes in response to Speculative Store Bypass (SSB) also known as Variant 4.
2018-05-22 15:30:11
IBM has released AIX and VIOS iFixes in response to the vulnerabilities known as Spectre and Meltdown.,IBM has released VIOS and VIOS iFixes in response to the vulnerabilities known as Spectre and Meltdown.
2018-01-25 08:15:51
IBM has released updated AIX and VIOS fixes for CVE-2017-5715 known as Spectre that are only applicable to some POWER9 systems.,IBM has released updated VIOS and VIOS fixes for CVE-2017-5715 known as Spectre that are only applicable to some POWER9 systems.
2018-08-17 08:05:01
photon
photon
Important Photon OS Security Update - PHSA-2018-0190
2018-09-25 00:00:00
Critical Photon OS Security Update - PHSA-2018-0180
2018-08-28 00:00:00
Important Photon OS Security Update - PHSA-2018-0101
2018-10-10 00:00:00
debian
debian
[SECURITY] [DLA 1531-1] linux-4.9 security update
2018-10-03 23:59:07
[SECURITY] [DSA 4308-1] linux security update
2018-10-01 15:21:20
[SECURITY] [DSA 4308-1] linux security update
2018-10-01 15:21:20
osv
osv
linux-4.9 - security update
2018-10-03 00:00:00
linux - security update
2018-10-01 00:00:00
CVE-2018-17182
2018-09-19 09:29:00
prion
prion
Design/Logic Flaw
2018-08-20 02:29:00
Design/Logic Flaw
2018-09-19 09:29:00
Memory corruption
2018-09-04 18:29:00
redhatcve
redhatcve
CVE-2018-15572
2018-08-24 03:20:35
CVE-2018-17182
2018-09-20 08:49:30
CVE-2018-15594
2020-04-05 16:51:01
cve
cve
CVE-2018-15572
2018-08-20 02:29:00
CVE-2018-17182
2018-09-19 09:29:00
CVE-2018-15594
2018-08-20 08:29:00
ubuntucve
ubuntucve
CVE-2018-15572
2018-08-19 00:00:00
CVE-2018-6554
2018-09-04 00:00:00
CVE-2018-17182
2018-09-19 00:00:00
debiancve
debiancve
CVE-2018-15572
2018-08-20 02:29:00
CVE-2018-17182
2018-09-19 09:29:00
CVE-2018-6554
2018-09-04 18:29:00
thn
thn
Google Hacker Discloses New Linux Kernel Vulnerability and PoC Exploit
2018-09-28 08:35:00
New Spectre (Variant 4) CPU Flaw Discovered—Intel, ARM, AMD Affected
2018-05-22 08:27:00
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2018-09-21 19:47:55
googleprojectzero
googleprojectzero
A cache invalidation bug in Linux memory management
2018-09-26 00:00:00
f5
f5
K54436295 : Linux kernel vulnerability CVE-2018-17182
2018-10-15 00:00:00
K26301924 : Linux kernel vulnerability CVE-2018-15594
2019-02-15 00:00:00
K28273449 : Linux kernel vulnerability CVE-2018-6555
2018-09-27 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: kernel-4.18.9-300.fc29
2018-09-26 20:23:47
[SECURITY] Fedora 28 Update: kernel-headers-4.18.9-200.fc28
2018-09-22 20:52:35
[SECURITY] Fedora 29 Update: kernel-headers-4.18.9-300.fc29
2018-09-26 20:23:47
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2018-10-10 00:00:00
Unbreakable Enterprise kernel security update
2018-11-08 00:00:00
qemu-kvm security update
2018-05-22 00:00:00
threatpost
threatpost
Another Linux Kernel Bug Surfaces, Allowing Root Access
2018-09-28 18:11:18
zdt
zdt
Linux - #VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Exploit
2018-09-26 00:00:00
veracode
veracode
Authorization Bypass
2019-08-08 00:07:16
Denial Of Service (DoS)
2019-01-15 09:26:45
ibm
ibm
Security Bulletin: Vulnerability in kernel affects Power Hardware Management Console (CVE-2018-14633)
2021-09-22 23:05:38
Security Bulletin: IBM i has released PTFs in response to the vulnerabilities known as Spectre and Meltdown.
2019-12-18 14:26:38
Security Bulletin: IBM has released AIX and VIOS iFixes in response to the vulnerabilities known as Spectre and Meltdown.
2021-09-15 12:53:48
suse
suse
Security update for the Linux Kernel (important)
2018-10-08 15:09:43
Security update for xen (important)
2018-06-09 15:08:42
Security update for libvirt (moderate)
2018-08-13 12:07:25
checkpoint_advisories
checkpoint_advisories
Meltdown/Spectre Multiple Browsers Speculative Execution (CVE-2017-5715; CVE-2017-5753; CVE-2017-5754; CVE-2018-3639)
2018-01-04 00:00:00
hp
hp
HPSBHF03573 rev. 15 - Side-Channel Analysis Method
2018-01-04 00:00:00
mskb
mskb
Description of the security update for the Windows denial of service vulnerability in Windows Server 2008: July 10, 2018
2018-07-10 07:00:00
citrix
citrix
CVE-2018-3639 - Citrix XenServer Security Update
2018-05-22 04:00:00

8.6 High

AI Score

Confidence

High

JSON
Related for UBUNTU_USN-3777-3.NASL
openvas28ubuntu7cloudfoundry2nessus68mageia3altlinux2redhat1amazon2aix3photon3debian3osv3prion6redhatcve6cve6ubuntucve6debiancve6thn2slackware1googleprojectzero1f56fedora15oraclelinux3threatpost1zdt1veracode2ibm5suse3checkpoint_advisories1hp1mskb1citrix1