Lucene search
Copyright (C) 2018 Greenbone AGOPENVAS:1361412562310882829HistoryJan 18, 2018 - 12:00 a.m.
CentOS Update for iwl1000-firmware CESA-2018:0094 centos7
2018-01-1800:00:00
Copyright (C) 2018 Greenbone AG
plugins.openvas.org
98
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
7.2 High
AI Score
Confidence
High
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.975 High
EPSS
Percentile
100.0%
Check the version of iwl1000-firmware
# SPDX-FileCopyrightText: 2018 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.882829");
script_version("2023-07-10T08:07:43+0000");
script_tag(name:"last_modification", value:"2023-07-10 08:07:43 +0000 (Mon, 10 Jul 2023)");
script_tag(name:"creation_date", value:"2018-01-18 07:36:03 +0100 (Thu, 18 Jan 2018)");
script_cve_id("CVE-2017-5715");
script_tag(name:"cvss_base", value:"1.9");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:P/I:N/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2021-04-14 14:52:00 +0000 (Wed, 14 Apr 2021)");
script_tag(name:"qod", value:"30");
script_name("CentOS Update for iwl1000-firmware CESA-2018:0094 centos7");
script_tag(name:"summary", value:"Check the version of iwl1000-firmware");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The linux-firmware packages contain all
of the firmware files that are required by various devices to operate.
This update supersedes microcode provided by Red Hat with the CVE-2017-5715
(Spectre) CPU branch injection vulnerability mitigation. (Historically,
Red Hat has provided updated microcode, developed by our microprocessor
partners, as a customer convenience.) Further testing has uncovered
problems with the microcode provided along with the Spectre mitigation
that could lead to system instabilities. As a result, Red Hat is providing
an microcode update that reverts to the last known good microcode version
dated before 03 January 2018. Red Hat strongly recommends that customers
contact their hardware provider for the latest microcode updates.
IMPORTANT: Customers using Intel Skylake-, Broadwell-, and Haswell-based
platforms must obtain and install updated microcode from their hardware
vendor immediately. The 'Spectre' mitigation requires both an updated
kernel from Red Hat and updated microcode from your hardware vendor.");
script_tag(name:"affected", value:"iwl1000-firmware on CentOS 7");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_xref(name:"CESA", value:"2018:0094");
script_xref(name:"URL", value:"http://lists.centos.org/pipermail/centos-announce/2018-January/022711.html");
script_tag(name:"solution_type", value:"VendorFix");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2018 Greenbone AG");
script_family("CentOS Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/centos", "ssh/login/rpms", re:"ssh/login/release=CentOS7");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "CentOS7")
{
if ((res = isrpmvuln(pkg:"iwl1000-firmware", rpm:"iwl1000-firmware~39.31.5.1~58.el7_4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"iwl100-firmware", rpm:"iwl100-firmware~39.31.5.1~58.el7_4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"iwl105-firmware", rpm:"iwl105-firmware~18.168.6.1~58.el7_4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"iwl135-firmware", rpm:"iwl135-firmware~18.168.6.1~58.el7_4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"iwl2000-firmware", rpm:"iwl2000-firmware~18.168.6.1~58.el7_4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"iwl2030-firmware", rpm:"iwl2030-firmware~18.168.6.1~58.el7_4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"iwl3160-firmware", rpm:"iwl3160-firmware~22.0.7.0~58.el7_4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"iwl3945-firmware", rpm:"iwl3945-firmware~15.32.2.9~58.el7_4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"iwl4965-firmware", rpm:"iwl4965-firmware~228.61.2.24~58.el7_4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"iwl5000-firmware", rpm:"iwl5000-firmware~8.83.5.1_1~58.el7_4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"iwl5150-firmware", rpm:"iwl5150-firmware~8.24.2.2~58.el7_4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"iwl6000-firmware", rpm:"iwl6000-firmware~9.221.4.1~58.el7_4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"iwl6000g2a-firmware", rpm:"iwl6000g2a-firmware~17.168.5.3~58.el7_4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"iwl6000g2b-firmware", rpm:"iwl6000g2b-firmware~17.168.5.2~58.el7_4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"iwl6050-firmware", rpm:"iwl6050-firmware~41.28.5.1~58.el7_4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"iwl7260-firmware", rpm:"iwl7260-firmware~22.0.7.0~58.el7_4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"iwl7265-firmware", rpm:"iwl7265-firmware~22.0.7.0~58.el7_4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isrpmvuln(pkg:"linux-firmware", rpm:"linux-firmware~20170606~58.gitc990aae.el7_4", rls:"CentOS7")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
Related
nessus
nessus
Ubuntu 14.04 LTS / 16.04 LTS : QEMU update (USN-3560-1)
2018-02-08 00:00:00
CentOS 6 / 7 : microcode_ctl (CESA-2018:0093) (Spectre)
2018-01-18 00:00:00
RHEL 6 : microcode_ctl (RHSA-2018:0037) (Spectre)
2018-01-05 00:00:00
threatpost
threatpost
New Spectre-Level Flaw Targets Return Stack Buffer
2018-07-23 18:27:20
Intel Halts Spectre Fixes On Older Chips, Citing Limited Ecosystem Support
2018-04-04 15:18:47
suse
suse
Security update for ucode-intel (important)
2018-01-04 03:07:17
Security update for microcode_ctl (important)
2018-01-11 18:09:53
Security update for kernel-firmware (important)
2018-01-04 03:08:16
debian
debian
[SECURITY] [DLA 1362-1] gcc-4.9-backport new package
2018-04-25 16:19:40
[SECURITY] [DLA 1349-1] linux-tools security update
2018-04-16 22:31:08
[SECURITY] [DSA 4179-1] linux-tools security update
2018-04-24 13:15:06
openvas
openvas
openSUSE: Security Advisory for kernel (openSUSE-SU-2018:1502-1)
2018-06-06 00:00:00
Spectre Variant 2 (CVE 2017-5715) Branch Target Injection Update Disable (KB4078130)
2018-01-29 00:00:00
Debian: Security Advisory (DLA-1349-1)
2018-04-16 00:00:00
redhat
redhat
(RHSA-2018:0109) Important: libvirt security update
2018-01-22 10:05:55
(RHSA-2018:0050) Important: vdsm security update
2018-01-05 15:36:32
(RHSA-2018:0029) Important: libvirt security update
2018-01-04 19:31:42
centos
centos
microcode_ctl security update
2018-01-04 11:40:52
libvirt security update
2018-01-04 19:54:04
microcode_ctl security update
2018-01-17 14:59:21
amazon
amazon
Important: linux-firmware
2018-02-20 21:46:00
Important: qemu-kvm
2018-02-07 18:49:00
Important: microcode_ctl
2018-02-07 18:54:00
mageia
mageia
Updated microcode packages fix security vulnerability
2018-05-29 22:41:14
Updated microcode packages fix security vulnerabilities
2018-01-13 17:28:36
oraclelinux
oraclelinux
qemu-kvm security update
2018-01-04 00:00:00
qemu-kvm security update
2018-01-04 00:00:00
microcode_ctl security update
2018-01-17 00:00:00
ubuntu
ubuntu
Intel Microcode update
2018-01-11 00:00:00
intel-microcode update
2018-03-29 00:00:00
libvirt update
2018-02-07 00:00:00
virtuozzo
virtuozzo
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2018-02-07 06:34:12
paloalto
paloalto
Meltdown and Spectre update for WildFire-500 Appliance
2018-05-15 21:35:00
cloudfoundry
cloudfoundry
USN-3690-2: AMD Microcode regression | Cloud Foundry
2018-07-19 00:00:00
osv
osv
CVE-2017-5715
2018-01-04 13:29:00
debiancve
debiancve
CVE-2017-5715
2018-01-04 13:29:00
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
7.2 High
AI Score
Confidence
High
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.975 High
EPSS
Percentile
100.0%
Related for OPENVAS:1361412562310882829