According to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :
dccp_disconnect() set the socket state to DCCP_CLOSED but did not properly free some of the resources associated with that socket. This could result in a use-after-free and could potentially allow an attacker to escalate their privileges.
The Linux kernel is vulnerable to a use-after-free issue. It could occur while closing a xfrm netlink socket, in xfrm_dump_policy_done. A user/process could use this flaw to potentially escalate their privileges on a system.
Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(105324);
script_version("3.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id(
"CVE-2017-16939",
"CVE-2017-8824"
);
script_name(english:"Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2017-114)");
script_summary(english:"Checks the rpm output for the updated packages.");
script_set_attribute(attribute:"synopsis", value:
"The remote Virtuozzo host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the parallels-server-bm-release /
vzkernel / etc packages installed, the Virtuozzo installation on the
remote host is affected by the following vulnerabilities :
- dccp_disconnect() set the socket state to DCCP_CLOSED
but did not properly free some of the resources
associated with that socket. This could result in a
use-after-free and could potentially allow an attacker
to escalate their privileges.
- The Linux kernel is vulnerable to a use-after-free
issue. It could occur while closing a xfrm netlink
socket, in xfrm_dump_policy_done. A user/process could
use this flaw to potentially escalate their privileges
on a system.
Note that Tenable Network Security has extracted the preceding
description block directly from the Virtuozzo security advisory.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://help.virtuozzo.com/customer/portal/articles/2910907");
script_set_attribute(attribute:"solution", value:
"Update the affected parallels-server-bm-release / vzkernel / etc packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"patch_publication_date", value:"2017/12/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:vzkernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:vzmodules");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:virtuozzo:virtuozzo:6");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Virtuozzo Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Virtuozzo/release", "Host/Virtuozzo/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Virtuozzo/release");
if (isnull(release) || "Virtuozzo" >!< release) audit(AUDIT_OS_NOT, "Virtuozzo");
os_ver = pregmatch(pattern: "Virtuozzo Linux release ([0-9]+\.[0-9])(\D|$)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Virtuozzo");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Virtuozzo 6.x", "Virtuozzo " + os_ver);
if (!get_kb_item("Host/Virtuozzo/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Virtuozzo", cpu);
flag = 0;
pkgs = ["parallels-server-bm-release-6.0.12-3689",
"vzkernel-2.6.32-042stab126.2",
"vzkernel-devel-2.6.32-042stab126.2",
"vzkernel-firmware-2.6.32-042stab126.2",
"vzmodules-2.6.32-042stab126.2",
"vzmodules-devel-2.6.32-042stab126.2"];
foreach (pkg in pkgs)
if (rpm_check(release:"Virtuozzo-6", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "parallels-server-bm-release / vzkernel / etc");
}
Vendor | Product | Version | CPE |
---|---|---|---|
virtuozzo | virtuozzo | parallels-server-bm-release | p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release |
virtuozzo | virtuozzo | vzkernel | p-cpe:/a:virtuozzo:virtuozzo:vzkernel |
virtuozzo | virtuozzo | vzkernel-devel | p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel |
virtuozzo | virtuozzo | vzkernel-firmware | p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware |
virtuozzo | virtuozzo | vzmodules | p-cpe:/a:virtuozzo:virtuozzo:vzmodules |
virtuozzo | virtuozzo | vzmodules-devel | p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel |
virtuozzo | virtuozzo | 6 | cpe:/o:virtuozzo:virtuozzo:6 |