Lucene search

K
openvasCopyright (C) 2023 Greenbone AGOPENVAS:136141256231112202360131
HistoryApr 13, 2023 - 12:00 a.m.

Ubuntu: Security Advisory (USN-6013-1)

2023-04-1300:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
14
linux-aws
denial of service
forged data
spectre variant 2
xen subsystem
ext4 file system
ieee 802.15.4
vulnerability detection

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.006

Percentile

79.1%

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.12.2023.6013.1");
  script_cve_id("CVE-2020-36516", "CVE-2021-26401", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-3428", "CVE-2021-3659", "CVE-2021-3669", "CVE-2021-3732", "CVE-2021-3772", "CVE-2021-4149", "CVE-2021-4203", "CVE-2021-45868", "CVE-2022-0487", "CVE-2022-0494", "CVE-2022-0617", "CVE-2022-1016", "CVE-2022-1195", "CVE-2022-1205", "CVE-2022-1462", "CVE-2022-1516", "CVE-2022-1974", "CVE-2022-1975", "CVE-2022-20132", "CVE-2022-20572", "CVE-2022-2318", "CVE-2022-2380", "CVE-2022-2503", "CVE-2022-2663", "CVE-2022-2991", "CVE-2022-3061", "CVE-2022-3111", "CVE-2022-3303", "CVE-2022-3628", "CVE-2022-36280", "CVE-2022-3646", "CVE-2022-36879", "CVE-2022-3903", "CVE-2022-39188", "CVE-2022-41218", "CVE-2022-41849", "CVE-2022-41850", "CVE-2022-4662", "CVE-2022-47929", "CVE-2023-0394", "CVE-2023-1074", "CVE-2023-1095", "CVE-2023-1118", "CVE-2023-23455", "CVE-2023-26545", "CVE-2023-26607");
  script_tag(name:"creation_date", value:"2023-04-13 04:09:11 +0000 (Thu, 13 Apr 2023)");
  script_version("2024-02-02T05:06:10+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:10 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"5.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-03-10 04:59:09 +0000 (Fri, 10 Mar 2023)");

  script_name("Ubuntu: Security Advisory (USN-6013-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Ubuntu Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU14\.04\ LTS");

  script_xref(name:"Advisory-ID", value:"USN-6013-1");
  script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-6013-1");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'linux-aws' package(s) announced via the USN-6013-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP
implementation in the Linux kernel did not properly handle IPID assignment.
A remote attacker could use this to cause a denial of service (connection
termination) or inject forged data. (CVE-2020-36516)

Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk,
Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre
Variant 2 mitigations for AMD processors on Linux were insufficient in some
situations. A local attacker could possibly use this to expose sensitive
information. (CVE-2021-26401)

Jurgen Gross discovered that the Xen subsystem within the Linux kernel did
not adequately limit the number of events driver domains (unprivileged PV
backends) could send to other guest VMs. An attacker in a driver domain
could use this to cause a denial of service in other guest VMs.
(CVE-2021-28712, CVE-2021-28713)

Wolfgang Frisch discovered that the ext4 file system implementation in the
Linux kernel contained an integer overflow when handling metadata inode
extents. An attacker could use this to construct a malicious ext4 file
system image that, when mounted, could cause a denial of service (system
crash). (CVE-2021-3428)

It was discovered that the IEEE 802.15.4 wireless network subsystem in the
Linux kernel did not properly handle certain error conditions, leading to a
null pointer dereference vulnerability. A local attacker could possibly use
this to cause a denial of service (system crash). (CVE-2021-3659)

It was discovered that the System V IPC implementation in the Linux kernel
did not properly handle large shared memory counts. A local attacker could
use this to cause a denial of service (memory exhaustion). (CVE-2021-3669)

Alois Wohlschlager discovered that the overlay file system in the Linux
kernel did not restrict private clones in some situations. An attacker
could use this to expose sensitive information. (CVE-2021-3732)

It was discovered that the SCTP protocol implementation in the Linux kernel
did not properly verify VTAGs in some situations. A remote attacker could
possibly use this to cause a denial of service (connection disassociation).
(CVE-2021-3772)

It was discovered that the btrfs file system implementation in the Linux
kernel did not properly handle locking in certain error conditions. A local
attacker could use this to cause a denial of service (kernel deadlock).
(CVE-2021-4149)

Jann Horn discovered that the socket subsystem in the Linux kernel
contained a race condition when handling listen() and connect() operations,
leading to a read-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly expose sensitive
information. (CVE-2021-4203)

It was discovered that the file system quotas implementation in the Linux
kernel did not properly validate the quota block number. An attacker could
use ... [Please see the references for more information on the vulnerabilities]");

  script_tag(name:"affected", value:"'linux-aws' package(s) on Ubuntu 14.04.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

release = dpkg_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "UBUNTU14.04 LTS") {

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-4.4.0-1117-aws", ver:"4.4.0-1117.123", rls:"UBUNTU14.04 LTS"))) {
    report += res;
  }

  if(!isnull(res = isdpkgvuln(pkg:"linux-image-aws", ver:"4.4.0.1117.114", rls:"UBUNTU14.04 LTS"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.006

Percentile

79.1%