RedHat Update for kernel RHSA-2017:1615-01

2017-06-2900:00:00
plugins.openvas.org
0.905 High
EPSS
Percentile
98.5%
JSON
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for kernel RHSA-2017:1615-01
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.871838");
  script_version("$Revision: 12497 $");
  script_tag(name:"last_modification", value:"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $");
  script_tag(name:"creation_date", value:"2017-06-29 05:10:09 +0200 (Thu, 29 Jun 2017)");
  script_cve_id("CVE-2017-2583", "CVE-2017-6214", "CVE-2017-7477", "CVE-2017-7645",
                "CVE-2017-7895");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"qod_type", value:"package");
  script_name("RedHat Update for kernel RHSA-2017:1615-01");
  script_tag(name:"summary", value:"The remote host is missing an update for the 'kernel'
  package(s) announced via the referenced advisory.");
  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
  script_tag(name:"insight", value:"The kernel packages contain the Linux
  kernel, the core of any Linux operating system. Security Fix(es): * A flaw was
  found in the way Linux kernel allocates heap memory to build the scattergather
  list from a fragment list(skb_shinfo(skb)- frag_list) in the socket
  buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter
  and 'NETIF_F_FRAGLIST' feature were used together. A remote user or process
  could use this flaw to potentially escalate their privilege on a system.
  (CVE-2017-7477, Important) * The NFS2/3 RPC client could send long arguments to
  the NFS server. These encoded arguments are stored in an array of memory pages,
  and accessed using pointer variables. Arbitrarily long arguments could make
  these pointers point outside the array and cause an out-of-bounds memory access.
  A remote user or program could use this flaw to crash the kernel (denial of
  service). (CVE-2017-7645, Important) * The NFSv2 and NFSv3 server
  implementations in the Linux kernel through 4.10.13 lacked certain checks for
  the end of a buffer. A remote attacker could trigger a pointer-arithmetic error
  or possibly cause other unspecified impacts using crafted requests related to
  fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important) * The Linux
  kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was
  vulnerable to an incorrect segment selector(SS) value error. The error could
  occur while loading values into the SS register in long mode. A user or process
  inside a guest could use this flaw to crash the guest, resulting in DoS or
  potentially escalate their privileges inside the guest. (CVE-2017-2583,
  Moderate) * A flaw was found in the Linux kernel's handling of packets with the
  URG flag. Applications using the splice() and tcp_splice_read() functionality
  could allow a remote attacker to force the kernel to enter a condition in which
  it could loop indefinitely. (CVE-2017-6214, Moderate) Red Hat would like to
  thank Ari Kauppi for reporting CVE-2017-7895 and Xiaohan Zhang (Huawei Inc.) for
  reporting CVE-2017-2583. Bug Fix(es): * Previously, the reserved-pages counter
  (HugePages_Rsvd) was bigger than the total-pages counter (HugePages_Total) in
  the /proc/meminfo file, and HugePages_Rsvd underflowed. With this update, the
  HugeTLB feature of the Linux kernel has been fixed, and HugePages_Rsvd underflow
  no longer occurs. (BZ#1445184) * If a directory on a NFS client was modified
  while being listed, the NFS client could restart the directory listing multiple
  times. Consequently, the performance of listing the directory was sub-optimal.
  With this up ... Description truncated, for more information please check the
  Reference URL");
  script_tag(name:"affected", value:"kernel on Red Hat Enterprise Linux Server (v. 7)");
  script_tag(name:"solution", value:"Please Install the Updated Packages.");

  script_xref(name:"RHSA", value:"2017:1615-01");
  script_xref(name:"URL", value:"https://www.redhat.com/archives/rhsa-announce/2017-June/msg00060.html");
  script_tag(name:"solution_type", value:"VendorFix");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2017 Greenbone Networks GmbH");
  script_family("Red Hat Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms", re:"ssh/login/release=RHENT_7");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release) exit(0);

res = "";

if(release == "RHENT_7")
{

  if ((res = isrpmvuln(pkg:"kernel-abi-whitelists", rpm:"kernel-abi-whitelists~3.10.0~514.26.1.el7", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~3.10.0~514.26.1.el7", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"kernel", rpm:"kernel~3.10.0~514.26.1.el7", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~3.10.0~514.26.1.el7", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~3.10.0~514.26.1.el7", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~3.10.0~514.26.1.el7", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~3.10.0~514.26.1.el7", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"kernel-debuginfo-common-x86_64", rpm:"kernel-debuginfo-common-x86_64~3.10.0~514.26.1.el7", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~3.10.0~514.26.1.el7", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~3.10.0~514.26.1.el7", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"kernel-tools", rpm:"kernel-tools~3.10.0~514.26.1.el7", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"kernel-tools-debuginfo", rpm:"kernel-tools-debuginfo~3.10.0~514.26.1.el7", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"kernel-tools-libs", rpm:"kernel-tools-libs~3.10.0~514.26.1.el7", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"perf", rpm:"perf~3.10.0~514.26.1.el7", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"perf-debuginfo", rpm:"perf-debuginfo~3.10.0~514.26.1.el7", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"python-perf", rpm:"python-perf~3.10.0~514.26.1.el7", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"python-perf-debuginfo", rpm:"python-perf-debuginfo~3.10.0~514.26.1.el7", rls:"RHENT_7")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}