8.8 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
72.6%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.10.2018.0063");
script_cve_id("CVE-2017-0786", "CVE-2017-0861", "CVE-2017-1000407", "CVE-2017-12188", "CVE-2017-12190", "CVE-2017-12193", "CVE-2017-13080", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-15299", "CVE-2017-16939", "CVE-2017-16994", "CVE-2017-16995", "CVE-2017-16996", "CVE-2017-17741", "CVE-2017-17852", "CVE-2017-17853", "CVE-2017-17854", "CVE-2017-17855", "CVE-2017-17856", "CVE-2017-17857", "CVE-2017-17862", "CVE-2017-17863", "CVE-2017-17864", "CVE-2017-18344", "CVE-2017-7518");
script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
script_version("2024-02-02T05:06:09+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.2");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2018-01-09 16:08:21 +0000 (Tue, 09 Jan 2018)");
script_name("Mageia: Security Advisory (MGASA-2018-0063)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Mageia Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA6");
script_xref(name:"Advisory-ID", value:"MGASA-2018-0063");
script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2018-0063.html");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=22268");
script_xref(name:"URL", value:"https://kernelnewbies.org/Linux_4.10");
script_xref(name:"URL", value:"https://kernelnewbies.org/Linux_4.11");
script_xref(name:"URL", value:"https://kernelnewbies.org/Linux_4.12");
script_xref(name:"URL", value:"https://kernelnewbies.org/Linux_4.13");
script_xref(name:"URL", value:"https://kernelnewbies.org/Linux_4.14");
script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.1");
script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2");
script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3");
script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4");
script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.5");
script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.6");
script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7");
script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8");
script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.9");
script_xref(name:"URL", value:"https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.10");
script_xref(name:"URL", value:"https://www.wireguard.com/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'kernel-tmb' package(s) announced via the MGASA-2018-0063 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This kernel-tmb update provides an upgrade to the 4.14 longterm branch,
currently based on 4.14.10. It also fixes at least the following
security issues:
An elevation of privilege vulnerability in the Broadcom wi-fi driver
(CVE-2017-0786).
Use-after-free vulnerability in the snd_pcm_info function in the ALSA
subsystem in the Linux kernel allows attackers to gain privileges via
unspecified vectors (CVE-2017-0861).
Linux kernel built with the Kernel-based Virtual Machine(CONFIG_KVM)
support is vulnerable to an incorrect debug exception(#DB) error. It
could occur while emulating a syscall instruction. A user/process
inside guest could use this flaw to potentially escalate their
privileges inside guest. Linux guests are not affected.(CVE-2017-7518).
arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested
virtualisation is used, does not properly traverse guest pagetable
entries to resolve a guest virtual address, which allows L1 guest OS
users to execute arbitrary code on the host OS or cause a denial of
service (incorrect index during page walking, and host OS crash), aka
an 'MMU potential stack buffer overrun' (CVE-2017-12188).
The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the
Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O
vector has small consecutive buffers belonging to the same page. The
bio_add_pc_page function merges them into one, but the page reference
is never dropped. This causes a memory leak and possible system lockup
(exploitable against the host OS by a guest OS user, if a SCSI disk is
passed through to a virtual machine) due to an out-of-memory condition
(CVE-2017-12190).
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c
in the Linux kernel before 4.13.11 mishandles node splitting, which allows
local users to cause a denial of service (NULL pointer dereference and
panic) via a crafted application, as demonstrated by the keyring key type,
and key addition and link creation operations (CVE-2017-12193).
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group
Temporal Key (GTK) during the group key handshake, allowing an attacker
within radio range to replay frames from access points to clients
(CVE-2017-13080).
The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel
before 4.14 does not check whether the intended netns is used in a
peel-off action, which allows local users to cause a denial of
service (use-after-free and system crash) or possibly have unspecified
other impact via crafted system calls (CVE-2017-15115).
Race condition in the ALSA subsystem in the Linux kernel before 4.13.8
allows local users to cause a denial of service (use-after-free) or
possibly have unspecified other impact via crafted /dev/snd/seq ioctl
calls, related to sound/core/seq/seq_clientmgr.c and
sound/core/seq/seq_ports.c (CVE-2017-15265)
The KEYS subsystem in the ... [Please see the references for more information on the vulnerabilities]");
script_tag(name:"affected", value:"'kernel-tmb' package(s) on Mageia 6.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "MAGEIA6") {
if(!isnull(res = isrpmvuln(pkg:"kernel-tmb", rpm:"kernel-tmb~4.14.10~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-tmb-desktop-4.14.10-1.mga6", rpm:"kernel-tmb-desktop-4.14.10-1.mga6~1~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-tmb-desktop-devel-4.14.10-1.mga6", rpm:"kernel-tmb-desktop-devel-4.14.10-1.mga6~1~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-tmb-desktop-devel-latest", rpm:"kernel-tmb-desktop-devel-latest~4.14.10~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-tmb-desktop-latest", rpm:"kernel-tmb-desktop-latest~4.14.10~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-tmb-source-4.14.10-1.mga6", rpm:"kernel-tmb-source-4.14.10-1.mga6~1~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-tmb-source-latest", rpm:"kernel-tmb-source-latest~4.14.10~1.mga6", rls:"MAGEIA6"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
advisories.mageia.org/MGASA-2018-0063.html
bugs.mageia.org/show_bug.cgi?id=22268
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.1
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.10
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.5
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.6
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8
cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.9
kernelnewbies.org/Linux_4.10
kernelnewbies.org/Linux_4.11
kernelnewbies.org/Linux_4.12
kernelnewbies.org/Linux_4.13
kernelnewbies.org/Linux_4.14
www.wireguard.com/
MGASA-2018-0063
8.8 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.004 Low
EPSS
Percentile
72.6%