Mageia: Security Advisory (MGASA-2018-0063)

2022-01-2800:00:00

plugins.openvas.org

8.8 High

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

72.6%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.10.2018.0063");
  script_cve_id("CVE-2017-0786", "CVE-2017-0861", "CVE-2017-1000407", "CVE-2017-12188", "CVE-2017-12190", "CVE-2017-12193", "CVE-2017-13080", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-15299", "CVE-2017-16939", "CVE-2017-16994", "CVE-2017-16995", "CVE-2017-16996", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17856", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18344", "CVE-2017-7518");
  script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
  script_version("2024-02-02T05:06:09+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"7.2");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2018-01-09 16:08:21 +0000 (Tue, 09 Jan 2018)");

  script_name("Mageia: Security Advisory (MGASA-2018-0063)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("Mageia Linux Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA6");

  script_xref(name:"Advisory-ID", value:"MGASA-2018-0063");
  script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2018-0063.html");
  script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=22268");
  script_xref(name:"URL", value:"https://kernelnewbies.org/Linux_4.10");
  script_xref(name:"URL", value:"https://kernelnewbies.org/Linux_4.11");
  script_xref(name:"URL", value:"https://kernelnewbies.org/Linux_4.12");
  script_xref(name:"URL", value:"https://kernelnewbies.org/Linux_4.13");
  script_xref(name:"URL", value:"https://kernelnewbies.org/Linux_4.14");
  script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.1");
  script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2");
  script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3");
  script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4");
  script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.5");
  script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.6");
  script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7");
  script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8");
  script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.9");
  script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.10");
  script_xref(name:"URL", value:"https://www.wireguard.com/");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'kernel-tmb' package(s) announced via the MGASA-2018-0063 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This kernel-tmb update provides an upgrade to the 4.14 longterm branch,
currently based on 4.14.10. It also fixes at least the following
security issues:

An elevation of privilege vulnerability in the Broadcom wi-fi driver
(CVE-2017-0786).

Use-after-free vulnerability in the snd_pcm_info function in the ALSA
subsystem in the Linux kernel allows attackers to gain privileges via
unspecified vectors (CVE-2017-0861).

Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM)
support is vulnerable to an incorrect debug exception(#DB) error. It
could occur while emulating a syscall instruction. A user/process
inside guest could use this flaw to potentially escalate their
privileges inside guest. Linux guests are not affected.(CVE-2017-7518).

arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested
virtualisation is used, does not properly traverse guest pagetable
entries to resolve a guest virtual address, which allows L1 guest OS
users to execute arbitrary code on the host OS or cause a denial of
service (incorrect index during page walking, and host OS crash), aka
an 'MMU potential stack buffer overrun' (CVE-2017-12188).

The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the
Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O
vector has small consecutive buffers belonging to the same page. The
bio_add_pc_page function merges them into one, but the page reference
is never dropped. This causes a memory leak and possible system lockup
(exploitable against the host OS by a guest OS user, if a SCSI disk is
passed through to a virtual machine) due to an out-of-memory condition
(CVE-2017-12190).

The assoc_array_insert_into_terminal_node function in lib/assoc_array.c
in the Linux kernel before 4.13.11 mishandles node splitting, which allows
local users to cause a denial of service (NULL pointer dereference and
panic) via a crafted application, as demonstrated by the keyring key type,
and key addition and link creation operations (CVE-2017-12193).

Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group
Temporal Key (GTK) during the group key handshake, allowing an attacker
within radio range to replay frames from access points to clients
(CVE-2017-13080).

The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel
before 4.14 does not check whether the intended netns is used in a
peel-off action, which allows local users to cause a denial of
service (use-after-free and system crash) or possibly have unspecified
other impact via crafted system calls (CVE-2017-15115).

Race condition in the ALSA subsystem in the Linux kernel before 4.13.8
allows local users to cause a denial of service (use-after-free) or
possibly have unspecified other impact via crafted /dev/snd/seq ioctl
calls, related to sound/core/seq/seq_clientmgr.c and
sound/core/seq/seq_ports.c (CVE-2017-15265)

The KEYS subsystem in the ... [Please see the references for more information on the vulnerabilities]");

  script_tag(name:"affected", value:"'kernel-tmb' package(s) on Mageia 6.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "MAGEIA6") {

  if(!isnull(res = isrpmvuln(pkg:"kernel-tmb", rpm:"kernel-tmb~4.14.10~1.mga6", rls:"MAGEIA6"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-tmb-desktop-4.14.10-1.mga6", rpm:"kernel-tmb-desktop-4.14.10-1.mga6~1~1.mga6", rls:"MAGEIA6"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-tmb-desktop-devel-4.14.10-1.mga6", rpm:"kernel-tmb-desktop-devel-4.14.10-1.mga6~1~1.mga6", rls:"MAGEIA6"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-tmb-desktop-devel-latest", rpm:"kernel-tmb-desktop-devel-latest~4.14.10~1.mga6", rls:"MAGEIA6"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-tmb-desktop-latest", rpm:"kernel-tmb-desktop-latest~4.14.10~1.mga6", rls:"MAGEIA6"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-tmb-source-4.14.10-1.mga6", rpm:"kernel-tmb-source-4.14.10-1.mga6~1~1.mga6", rls:"MAGEIA6"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"kernel-tmb-source-latest", rpm:"kernel-tmb-source-latest~4.14.10~1.mga6", rls:"MAGEIA6"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);