kexec-tools security, bug fix, and enhancement update
2015-05-12T00:00:00
ID ELSA-2015-0986 Type oraclelinux Reporter Oracle Modified 2015-05-12T00:00:00
Description
[2.0.7-19.0.1.el7_1.2]
- kdumpctl: exclude default_hugepagesz setting from kdump kernel cmdline
(Sriharsha Yadagudde) [Orabug: 19134999]
- kdumpctl: verify if kernel support securelevel interface
(Sriharsha Yadagudde) [Orabug: 18905671]
[2.0.7-19.2]
- dracut-module-setup: Enhance kdump to support the bind mounted feature in Atomic
- Fix the warning if the target path is bind mount in Atomic
- Get the mount point correctly, if the device has several mount point
- kdump-lib: Add new function to judge the system is Atomic or not
- kdump-lib: Add the new function to enhance bind mounted judgement
- Remove duplicate slash in save path
- dracut-module-setup.sh: change the insecure use of /tmp/9947 filenames
[2.0.7-19.1]
- sadump: Support more than 16TB physical memory space.
{"id": "ELSA-2015-0986", "bulletinFamily": "unix", "title": "kexec-tools security, bug fix, and enhancement update", "description": "[2.0.7-19.0.1.el7_1.2]\n- kdumpctl: exclude default_hugepagesz setting from kdump kernel cmdline\n (Sriharsha Yadagudde) [Orabug: 19134999]\n- kdumpctl: verify if kernel support securelevel interface\n (Sriharsha Yadagudde) [Orabug: 18905671]\n[2.0.7-19.2]\n- dracut-module-setup: Enhance kdump to support the bind mounted feature in Atomic\n- Fix the warning if the target path is bind mount in Atomic\n- Get the mount point correctly, if the device has several mount point\n- kdump-lib: Add new function to judge the system is Atomic or not\n- kdump-lib: Add the new function to enhance bind mounted judgement\n- Remove duplicate slash in save path\n- dracut-module-setup.sh: change the insecure use of /tmp/*9947* filenames\n[2.0.7-19.1]\n- sadump: Support more than 16TB physical memory space.", "published": "2015-05-12T00:00:00", "modified": "2015-05-12T00:00:00", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-0986.html", "reporter": "Oracle", "references": [], "cvelist": ["CVE-2015-0267"], "type": "oraclelinux", "lastseen": "2018-08-31T01:46:27", "history": [{"bulletin": {"affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "arch": "x86_64", "operator": "lt", "packageFilename": "kexec-tools-2.0.7-19.0.1.el7_1.2.x86_64.rpm", "packageName": "kexec-tools", "packageVersion": "2.0.7-19.0.1.el7_1.2"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "src", "operator": "lt", "packageFilename": "kexec-tools-2.0.7-19.0.1.el7_1.2.src.rpm", "packageName": "kexec-tools", "packageVersion": "2.0.7-19.0.1.el7_1.2"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "x86_64", "operator": "lt", "packageFilename": "kexec-tools-eppic-2.0.7-19.0.1.el7_1.2.x86_64.rpm", "packageName": "kexec-tools-eppic", "packageVersion": "2.0.7-19.0.1.el7_1.2"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "x86_64", "operator": "lt", "packageFilename": "kexec-tools-anaconda-addon-2.0.7-19.0.1.el7_1.2.x86_64.rpm", "packageName": "kexec-tools-anaconda-addon", "packageVersion": "2.0.7-19.0.1.el7_1.2"}], "bulletinFamily": "unix", "cvelist": ["CVE-2015-0267"], "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "[2.0.7-19.0.1.el7_1.2]\n- kdumpctl: exclude default_hugepagesz setting from kdump kernel cmdline\n (Sriharsha Yadagudde) [Orabug: 19134999]\n- kdumpctl: verify if kernel support securelevel interface\n (Sriharsha Yadagudde) [Orabug: 18905671]\n[2.0.7-19.2]\n- dracut-module-setup: Enhance kdump to support the bind mounted feature in Atomic\n- Fix the warning if the target path is bind mount in Atomic\n- Get the mount point correctly, if the device has several mount point\n- kdump-lib: Add new function to judge the system is Atomic or not\n- kdump-lib: Add the new function to enhance bind mounted judgement\n- Remove duplicate slash in save path\n- dracut-module-setup.sh: change the insecure use of /tmp/*9947* filenames\n[2.0.7-19.1]\n- sadump: Support more than 16TB physical memory space.", "edition": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "c8ebc5531730fbfb731d8d47fd7bcca8ce4c00991f476698b81bbc0154f15525", "hashmap": [{"hash": "37445d1d6f95af3e7710a44935fa9d76", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "4c27986c5f735976aede5cb5192642bb", "key": "cvss"}, {"hash": "30162ed78b6c10f731411f2fc440c24f", "key": "reporter"}, {"hash": "1dda7b8fb0ca6c3dd03e2e1fa04be269", "key": "published"}, {"hash": "69b62427d9b4082b2d9a19b14a8f0bd2", "key": "href"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "cf5c66744d1eea90a0953bc01ec39f28", "key": "affectedPackage"}, {"hash": "9ab1d763d96dabe3e58afb84acf1c9ea", "key": "type"}, {"hash": "01f36f430c5ce7887f7dc931a598654a", "key": "title"}, {"hash": "1dda7b8fb0ca6c3dd03e2e1fa04be269", "key": "modified"}, {"hash": "5b84a866a7a4cfdd389b4265fccc4fba", "key": "cvelist"}], "history": [], "href": "http://linux.oracle.com/errata/ELSA-2015-0986.html", "id": "ELSA-2015-0986", "lastseen": "2016-09-04T11:15:55", "modified": "2015-05-12T00:00:00", "objectVersion": "1.2", "published": "2015-05-12T00:00:00", "references": [], "reporter": "Oracle", "title": "kexec-tools security, bug fix, and enhancement update", "type": "oraclelinux", "viewCount": 1}, "differentElements": ["cvss"], "edition": 1, "lastseen": "2016-09-04T11:15:55"}, {"bulletin": {"affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "arch": "x86_64", "operator": "lt", "packageFilename": "kexec-tools-2.0.7-19.0.1.el7_1.2.x86_64.rpm", "packageName": "kexec-tools", "packageVersion": "2.0.7-19.0.1.el7_1.2"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "src", "operator": "lt", "packageFilename": "kexec-tools-2.0.7-19.0.1.el7_1.2.src.rpm", "packageName": "kexec-tools", "packageVersion": "2.0.7-19.0.1.el7_1.2"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "x86_64", "operator": "lt", "packageFilename": "kexec-tools-eppic-2.0.7-19.0.1.el7_1.2.x86_64.rpm", "packageName": "kexec-tools-eppic", "packageVersion": "2.0.7-19.0.1.el7_1.2"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "x86_64", "operator": "lt", "packageFilename": "kexec-tools-anaconda-addon-2.0.7-19.0.1.el7_1.2.x86_64.rpm", "packageName": "kexec-tools-anaconda-addon", "packageVersion": "2.0.7-19.0.1.el7_1.2"}], "bulletinFamily": "unix", "cvelist": ["CVE-2015-0267"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "[2.0.7-19.0.1.el7_1.2]\n- kdumpctl: exclude default_hugepagesz setting from kdump kernel cmdline\n (Sriharsha Yadagudde) [Orabug: 19134999]\n- kdumpctl: verify if kernel support securelevel interface\n (Sriharsha Yadagudde) [Orabug: 18905671]\n[2.0.7-19.2]\n- dracut-module-setup: Enhance kdump to support the bind mounted feature in Atomic\n- Fix the warning if the target path is bind mount in Atomic\n- Get the mount point correctly, if the device has several mount point\n- kdump-lib: Add new function to judge the system is Atomic or not\n- kdump-lib: Add the new function to enhance bind mounted judgement\n- Remove duplicate slash in save path\n- dracut-module-setup.sh: change the insecure use of /tmp/*9947* filenames\n[2.0.7-19.1]\n- sadump: Support more than 16TB physical memory space.", "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "9a5b1d774fee584e5c7ed7e43421a0810259cfd7976757801b55e536c3673e3e", "hashmap": [{"hash": "37445d1d6f95af3e7710a44935fa9d76", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "30162ed78b6c10f731411f2fc440c24f", "key": "reporter"}, {"hash": "1dda7b8fb0ca6c3dd03e2e1fa04be269", "key": "published"}, {"hash": "69b62427d9b4082b2d9a19b14a8f0bd2", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "cf5c66744d1eea90a0953bc01ec39f28", "key": "affectedPackage"}, {"hash": "9ab1d763d96dabe3e58afb84acf1c9ea", "key": "type"}, {"hash": "01f36f430c5ce7887f7dc931a598654a", "key": "title"}, {"hash": "1dda7b8fb0ca6c3dd03e2e1fa04be269", "key": "modified"}, {"hash": "5b84a866a7a4cfdd389b4265fccc4fba", "key": "cvelist"}], "history": [], "href": "http://linux.oracle.com/errata/ELSA-2015-0986.html", "id": "ELSA-2015-0986", "lastseen": "2018-08-30T19:43:53", "modified": "2015-05-12T00:00:00", "objectVersion": "1.3", "published": "2015-05-12T00:00:00", "references": [], "reporter": "Oracle", "title": "kexec-tools security, bug fix, and enhancement update", "type": "oraclelinux", "viewCount": 1}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-08-30T19:43:53"}], "edition": 3, "hashmap": [{"key": "affectedPackage", "hash": "cf5c66744d1eea90a0953bc01ec39f28"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "5b84a866a7a4cfdd389b4265fccc4fba"}, {"key": "cvss", "hash": "4c27986c5f735976aede5cb5192642bb"}, {"key": "description", "hash": "37445d1d6f95af3e7710a44935fa9d76"}, {"key": "href", "hash": "69b62427d9b4082b2d9a19b14a8f0bd2"}, {"key": "modified", "hash": "1dda7b8fb0ca6c3dd03e2e1fa04be269"}, {"key": "published", "hash": "1dda7b8fb0ca6c3dd03e2e1fa04be269"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "30162ed78b6c10f731411f2fc440c24f"}, {"key": "title", "hash": "01f36f430c5ce7887f7dc931a598654a"}, {"key": "type", "hash": "9ab1d763d96dabe3e58afb84acf1c9ea"}], "hash": "c8ebc5531730fbfb731d8d47fd7bcca8ce4c00991f476698b81bbc0154f15525", "viewCount": 1, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-0267"]}, {"type": "centos", "idList": ["CESA-2015:0986"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310882186", "OPENVAS:1361412562310123121", "OPENVAS:1361412562310871370"]}, {"type": "nessus", "idList": ["SL_20150512_KEXEC_TOOLS_ON_SL7_X.NASL", "CENTOS_RHSA-2015-0986.NASL", "ORACLELINUX_ELSA-2015-0986.NASL", "REDHAT-RHSA-2015-0986.NASL"]}, {"type": "redhat", "idList": ["RHSA-2015:0986"]}], "modified": "2018-08-31T01:46:27"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "arch": "x86_64", "operator": "lt", "packageFilename": "kexec-tools-2.0.7-19.0.1.el7_1.2.x86_64.rpm", "packageName": "kexec-tools", "packageVersion": "2.0.7-19.0.1.el7_1.2"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "src", "operator": "lt", "packageFilename": "kexec-tools-2.0.7-19.0.1.el7_1.2.src.rpm", "packageName": "kexec-tools", "packageVersion": "2.0.7-19.0.1.el7_1.2"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "x86_64", "operator": "lt", "packageFilename": "kexec-tools-eppic-2.0.7-19.0.1.el7_1.2.x86_64.rpm", "packageName": "kexec-tools-eppic", "packageVersion": "2.0.7-19.0.1.el7_1.2"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "x86_64", "operator": "lt", "packageFilename": "kexec-tools-anaconda-addon-2.0.7-19.0.1.el7_1.2.x86_64.rpm", "packageName": "kexec-tools-anaconda-addon", "packageVersion": "2.0.7-19.0.1.el7_1.2"}]}
{"cve": [{"lastseen": "2017-04-18T15:55:46", "bulletinFamily": "NVD", "description": "The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file.", "modified": "2016-11-28T14:16:17", "published": "2015-05-19T14:59:00", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0267", "id": "CVE-2015-0267", "title": "CVE-2015-0267", "type": "cve", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2018-09-01T23:53:02", "bulletinFamily": "scanner", "description": "Check the version of kexec-tools", "modified": "2017-07-10T00:00:00", "published": "2015-06-09T00:00:00", "id": "OPENVAS:1361412562310882186", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882186", "title": "CentOS Update for kexec-tools CESA-2015:0986 centos7 ", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for kexec-tools CESA-2015:0986 centos7 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882186\");\n script_version(\"$Revision: 6657 $\");\n script_cve_id(\"CVE-2015-0267\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:50:44 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 11:03:38 +0200 (Tue, 09 Jun 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kexec-tools CESA-2015:0986 centos7 \");\n script_tag(name: \"summary\", value: \"Check the version of kexec-tools\");\n script_tag(name: \"vuldetect\", value: \"Get the installed version with the help\n of detect NVT and check if the version is vulnerable or not.\");\n script_tag(name: \"insight\", value: \"The kexec-tools packages contain the\n /sbin/kexec binary and utilities that together form the user-space component\n of the kernel's kexec feature.\nThe /sbin/kexec binary facilitates a new kernel to boot using the kernel's\nkexec feature either on a normal or a panic reboot. The kexec fastboot\nmechanism allows booting a Linux kernel from the context of an already\nrunning kernel.\n\nIt was found that the module-setup.sh script provided by kexec-tools\ncreated temporary files in an insecure way. A malicious, local user could\nuse this flaw to conduct a symbolic link attack, allowing them to overwrite\nthe contents of arbitrary files. (CVE-2015-0267)\n\nThis issue was discovered by Harald Hoyer of Red Hat.\n\nThis update also fixes the following bug:\n\n* On Red Hat Enterprise Linux Atomic Host systems, the kdump tool\npreviously saved kernel crash dumps in the /sysroot/crash file instead of\nthe /var/crash file. The parsing error that caused this problem has been\nfixed, and the kernel crash dumps are now correctly saved in /var/crash.\n(BZ#1206464)\n\nIn addition, this update adds the following enhancement:\n\n* The makedumpfile command now supports the new sadump format that can\nrepresent more than 16 TB of physical memory space. This allows users of\nmakedumpfile to read dump files over 16 TB, generated by sadump on certain\nupcoming server models. (BZ#1208753)\n\nAll kexec-tools users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement.\n\");\n script_tag(name: \"affected\", value: \"kexec-tools on CentOS 7\");\n script_tag(name: \"solution\", value: \"Please Install the Updated Packages.\");\n script_xref(name: \"CESA\", value: \"2015:0986\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2015-May/021131.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kexec-tools\", rpm:\"kexec-tools~2.0.7~19.el7_1.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kexec-tools-anaconda-addon\", rpm:\"kexec-tools-anaconda-addon~2.0.7~19.el7_1.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kexec-tools-eppic\", rpm:\"kexec-tools-eppic~2.0.7~19.el7_1.2\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-23T15:11:40", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-06-09T00:00:00", "id": "OPENVAS:1361412562310871370", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871370", "title": "RedHat Update for kexec-tools RHSA-2015:0986-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kexec-tools RHSA-2015:0986-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871370\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-06-09 11:01:31 +0200 (Tue, 09 Jun 2015)\");\n script_cve_id(\"CVE-2015-0267\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kexec-tools RHSA-2015:0986-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kexec-tools'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kexec-tools packages contain the /sbin/kexec binary and utilities that\ntogether form the user-space component of the kernel's kexec feature.\nThe /sbin/kexec binary facilitates a new kernel to boot using the kernel's\nkexec feature either on a normal or a panic reboot. The kexec fastboot\nmechanism allows booting a Linux kernel from the context of an already\nrunning kernel.\n\nIt was found that the module-setup.sh script provided by kexec-tools\ncreated temporary files in an insecure way. A malicious, local user could\nuse this flaw to conduct a symbolic link attack, allowing them to overwrite\nthe contents of arbitrary files. (CVE-2015-0267)\n\nThis issue was discovered by Harald Hoyer of Red Hat.\n\nThis update also fixes the following bug:\n\n * On Red Hat Enterprise Linux Atomic Host systems, the kdump tool\npreviously saved kernel crash dumps in the /sysroot/crash file instead of\nthe /var/crash file. The parsing error that caused this problem has been\nfixed, and the kernel crash dumps are now correctly saved in /var/crash.\n(BZ#1206464)\n\nIn addition, this update adds the following enhancement:\n\n * The makedumpfile command now supports the new sadump format that can\nrepresent more than 16 TB of physical memory space. This allows users of\nmakedumpfile to read dump files over 16 TB, generated by sadump on certain\nupcoming server models. (BZ#1208753)\n\nAll kexec-tools users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement.\");\n script_tag(name:\"affected\", value:\"kexec-tools on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:0986-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-May/msg00010.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kexec-tools\", rpm:\"kexec-tools~2.0.7~19.el7_1.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kexec-tools-debuginfo\", rpm:\"kexec-tools-debuginfo~2.0.7~19.el7_1.2\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-28T18:23:58", "bulletinFamily": "scanner", "description": "Oracle Linux Local Security Checks ELSA-2015-0986", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123121", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123121", "title": "Oracle Linux Local Check: ELSA-2015-0986", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-0986.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123121\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:59:36 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-0986\");\n script_tag(name:\"insight\", value:\"ELSA-2015-0986 - kexec-tools security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-0986\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-0986.html\");\n script_cve_id(\"CVE-2015-0267\");\n script_tag(name:\"cvss_base\", value:\"3.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux7\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux7\")\n{\n if ((res = isrpmvuln(pkg:\"kexec-tools\", rpm:\"kexec-tools~2.0.7~19.0.1.el7_1.2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kexec-tools-anaconda-addon\", rpm:\"kexec-tools-anaconda-addon~2.0.7~19.0.1.el7_1.2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"kexec-tools-eppic\", rpm:\"kexec-tools-eppic~2.0.7~19.0.1.el7_1.2\", rls:\"OracleLinux7\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-03T18:24:29", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2015:0986\n\n\nThe kexec-tools packages contain the /sbin/kexec binary and utilities that\ntogether form the user-space component of the kernel's kexec feature.\nThe /sbin/kexec binary facilitates a new kernel to boot using the kernel's\nkexec feature either on a normal or a panic reboot. The kexec fastboot\nmechanism allows booting a Linux kernel from the context of an already\nrunning kernel.\n\nIt was found that the module-setup.sh script provided by kexec-tools\ncreated temporary files in an insecure way. A malicious, local user could\nuse this flaw to conduct a symbolic link attack, allowing them to overwrite\nthe contents of arbitrary files. (CVE-2015-0267)\n\nThis issue was discovered by Harald Hoyer of Red Hat.\n\nThis update also fixes the following bug:\n\n* On Red Hat Enterprise Linux Atomic Host systems, the kdump tool\npreviously saved kernel crash dumps in the /sysroot/crash file instead of\nthe /var/crash file. The parsing error that caused this problem has been\nfixed, and the kernel crash dumps are now correctly saved in /var/crash.\n(BZ#1206464)\n\nIn addition, this update adds the following enhancement:\n\n* The makedumpfile command now supports the new sadump format that can\nrepresent more than 16 TB of physical memory space. This allows users of\nmakedumpfile to read dump files over 16 TB, generated by sadump on certain\nupcoming server models. (BZ#1208753)\n\nAll kexec-tools users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-May/021131.html\n\n**Affected packages:**\nkexec-tools\nkexec-tools-anaconda-addon\nkexec-tools-eppic\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0986.html", "modified": "2015-05-13T01:01:15", "published": "2015-05-13T01:01:15", "href": "http://lists.centos.org/pipermail/centos-announce/2015-May/021131.html", "id": "CESA-2015:0986", "title": "kexec security update", "type": "centos", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-01-16T20:21:27", "bulletinFamily": "scanner", "description": "Updated kexec-tools packages that fix one security issue, one bug, and\nadd one enhancement are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe kexec-tools packages contain the /sbin/kexec binary and utilities\nthat together form the user-space component of the kernel's kexec\nfeature. The /sbin/kexec binary facilitates a new kernel to boot using\nthe kernel's kexec feature either on a normal or a panic reboot. The\nkexec fastboot mechanism allows booting a Linux kernel from the\ncontext of an already running kernel.\n\nIt was found that the module-setup.sh script provided by kexec-tools\ncreated temporary files in an insecure way. A malicious, local user\ncould use this flaw to conduct a symbolic link attack, allowing them\nto overwrite the contents of arbitrary files. (CVE-2015-0267)\n\nThis issue was discovered by Harald Hoyer of Red Hat.\n\nThis update also fixes the following bug :\n\n* On Red Hat Enterprise Linux Atomic Host systems, the kdump tool\npreviously saved kernel crash dumps in the /sysroot/crash file instead\nof the /var/crash file. The parsing error that caused this problem has\nbeen fixed, and the kernel crash dumps are now correctly saved in\n/var/crash. (BZ#1206464)\n\nIn addition, this update adds the following enhancement :\n\n* The makedumpfile command now supports the new sadump format that can\nrepresent more than 16 TB of physical memory space. This allows users\nof makedumpfile to read dump files over 16 TB, generated by sadump on\ncertain upcoming server models. (BZ#1208753)\n\nAll kexec-tools users are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues and\nadd this enhancement.", "modified": "2018-11-28T00:00:00", "published": "2015-05-13T00:00:00", "id": "CENTOS_RHSA-2015-0986.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83377", "title": "CentOS 7 : kexec-tools (CESA-2015:0986)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0986 and \n# CentOS Errata and Security Advisory 2015:0986 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83377);\n script_version(\"2.5\");\n script_cvs_date(\"Date: 2018/11/28 22:47:41\");\n\n script_cve_id(\"CVE-2015-0267\");\n script_bugtraq_id(74622);\n script_xref(name:\"RHSA\", value:\"2015:0986\");\n\n script_name(english:\"CentOS 7 : kexec-tools (CESA-2015:0986)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kexec-tools packages that fix one security issue, one bug, and\nadd one enhancement are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe kexec-tools packages contain the /sbin/kexec binary and utilities\nthat together form the user-space component of the kernel's kexec\nfeature. The /sbin/kexec binary facilitates a new kernel to boot using\nthe kernel's kexec feature either on a normal or a panic reboot. The\nkexec fastboot mechanism allows booting a Linux kernel from the\ncontext of an already running kernel.\n\nIt was found that the module-setup.sh script provided by kexec-tools\ncreated temporary files in an insecure way. A malicious, local user\ncould use this flaw to conduct a symbolic link attack, allowing them\nto overwrite the contents of arbitrary files. (CVE-2015-0267)\n\nThis issue was discovered by Harald Hoyer of Red Hat.\n\nThis update also fixes the following bug :\n\n* On Red Hat Enterprise Linux Atomic Host systems, the kdump tool\npreviously saved kernel crash dumps in the /sysroot/crash file instead\nof the /var/crash file. The parsing error that caused this problem has\nbeen fixed, and the kernel crash dumps are now correctly saved in\n/var/crash. (BZ#1206464)\n\nIn addition, this update adds the following enhancement :\n\n* The makedumpfile command now supports the new sadump format that can\nrepresent more than 16 TB of physical memory space. This allows users\nof makedumpfile to read dump files over 16 TB, generated by sadump on\ncertain upcoming server models. (BZ#1208753)\n\nAll kexec-tools users are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues and\nadd this enhancement.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2015-May/021131.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?51ace59e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kexec-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kexec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kexec-tools-anaconda-addon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kexec-tools-eppic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kexec-tools-2.0.7-19.el7_1.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kexec-tools-anaconda-addon-2.0.7-19.el7_1.2\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kexec-tools-eppic-2.0.7-19.el7_1.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:28", "bulletinFamily": "scanner", "description": "It was found that the module-setup.sh script provided by kexec-tools\ncreated temporary files in an insecure way. A malicious, local user\ncould use this flaw to conduct a symbolic link attack, allowing them\nto overwrite the contents of arbitrary files. (CVE-2015-0267)\n\nThis update also fixes the following bug :\n\n - On Atomic Host systems, the kdump tool previously saved\n kernel crash dumps in the /sysroot/crash file instead of\n the /var/crash file. The parsing error that caused this\n problem has been fixed, and the kernel crash dumps are\n now correctly saved in /var/crash.\n\nIn addition, this update adds the following enhancement :\n\n - The makedumpfile command now supports the new sadump\n format that can represent more than 16 TB of physical\n memory space. This allows users of makedumpfile to read\n dump files over 16 TB, generated by sadump on certain\n upcoming server models.", "modified": "2018-12-28T00:00:00", "published": "2015-05-14T00:00:00", "id": "SL_20150512_KEXEC_TOOLS_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83452", "title": "Scientific Linux Security Update : kexec-tools on SL7.x x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83452);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/12/28 10:10:36\");\n\n script_cve_id(\"CVE-2015-0267\");\n\n script_name(english:\"Scientific Linux Security Update : kexec-tools on SL7.x x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that the module-setup.sh script provided by kexec-tools\ncreated temporary files in an insecure way. A malicious, local user\ncould use this flaw to conduct a symbolic link attack, allowing them\nto overwrite the contents of arbitrary files. (CVE-2015-0267)\n\nThis update also fixes the following bug :\n\n - On Atomic Host systems, the kdump tool previously saved\n kernel crash dumps in the /sysroot/crash file instead of\n the /var/crash file. The parsing error that caused this\n problem has been fixed, and the kernel crash dumps are\n now correctly saved in /var/crash.\n\nIn addition, this update adds the following enhancement :\n\n - The makedumpfile command now supports the new sadump\n format that can represent more than 16 TB of physical\n memory space. This allows users of makedumpfile to read\n dump files over 16 TB, generated by sadump on certain\n upcoming server models.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1505&L=scientific-linux-errata&T=0&P=1122\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4175a0f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kexec-tools, kexec-tools-debuginfo and / or\nkexec-tools-eppic packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kexec-tools-2.0.7-19.el7_1.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kexec-tools-debuginfo-2.0.7-19.el7_1.2\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kexec-tools-eppic-2.0.7-19.el7_1.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:27", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2015:0986 :\n\nUpdated kexec-tools packages that fix one security issue, one bug, and\nadd one enhancement are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe kexec-tools packages contain the /sbin/kexec binary and utilities\nthat together form the user-space component of the kernel's kexec\nfeature. The /sbin/kexec binary facilitates a new kernel to boot using\nthe kernel's kexec feature either on a normal or a panic reboot. The\nkexec fastboot mechanism allows booting a Linux kernel from the\ncontext of an already running kernel.\n\nIt was found that the module-setup.sh script provided by kexec-tools\ncreated temporary files in an insecure way. A malicious, local user\ncould use this flaw to conduct a symbolic link attack, allowing them\nto overwrite the contents of arbitrary files. (CVE-2015-0267)\n\nThis issue was discovered by Harald Hoyer of Red Hat.\n\nThis update also fixes the following bug :\n\n* On Red Hat Enterprise Linux Atomic Host systems, the kdump tool\npreviously saved kernel crash dumps in the /sysroot/crash file instead\nof the /var/crash file. The parsing error that caused this problem has\nbeen fixed, and the kernel crash dumps are now correctly saved in\n/var/crash. (BZ#1206464)\n\nIn addition, this update adds the following enhancement :\n\n* The makedumpfile command now supports the new sadump format that can\nrepresent more than 16 TB of physical memory space. This allows users\nof makedumpfile to read dump files over 16 TB, generated by sadump on\ncertain upcoming server models. (BZ#1208753)\n\nAll kexec-tools users are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues and\nadd this enhancement.", "modified": "2019-01-02T00:00:00", "published": "2015-05-13T00:00:00", "id": "ORACLELINUX_ELSA-2015-0986.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83401", "title": "Oracle Linux 7 : kexec-tools (ELSA-2015-0986)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:0986 and \n# Oracle Linux Security Advisory ELSA-2015-0986 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83401);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/01/02 16:37:55\");\n\n script_cve_id(\"CVE-2015-0267\");\n script_bugtraq_id(74622);\n script_xref(name:\"RHSA\", value:\"2015:0986\");\n\n script_name(english:\"Oracle Linux 7 : kexec-tools (ELSA-2015-0986)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:0986 :\n\nUpdated kexec-tools packages that fix one security issue, one bug, and\nadd one enhancement are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe kexec-tools packages contain the /sbin/kexec binary and utilities\nthat together form the user-space component of the kernel's kexec\nfeature. The /sbin/kexec binary facilitates a new kernel to boot using\nthe kernel's kexec feature either on a normal or a panic reboot. The\nkexec fastboot mechanism allows booting a Linux kernel from the\ncontext of an already running kernel.\n\nIt was found that the module-setup.sh script provided by kexec-tools\ncreated temporary files in an insecure way. A malicious, local user\ncould use this flaw to conduct a symbolic link attack, allowing them\nto overwrite the contents of arbitrary files. (CVE-2015-0267)\n\nThis issue was discovered by Harald Hoyer of Red Hat.\n\nThis update also fixes the following bug :\n\n* On Red Hat Enterprise Linux Atomic Host systems, the kdump tool\npreviously saved kernel crash dumps in the /sysroot/crash file instead\nof the /var/crash file. The parsing error that caused this problem has\nbeen fixed, and the kernel crash dumps are now correctly saved in\n/var/crash. (BZ#1206464)\n\nIn addition, this update adds the following enhancement :\n\n* The makedumpfile command now supports the new sadump format that can\nrepresent more than 16 TB of physical memory space. This allows users\nof makedumpfile to read dump files over 16 TB, generated by sadump on\ncertain upcoming server models. (BZ#1208753)\n\nAll kexec-tools users are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues and\nadd this enhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-May/005043.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kexec-tools packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kexec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kexec-tools-anaconda-addon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kexec-tools-eppic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kexec-tools-2.0.7-19.0.1.el7_1.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kexec-tools-anaconda-addon-2.0.7-19.0.1.el7_1.2\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kexec-tools-eppic-2.0.7-19.0.1.el7_1.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kexec-tools / kexec-tools-anaconda-addon / kexec-tools-eppic\");\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-01-16T20:21:27", "bulletinFamily": "scanner", "description": "Updated kexec-tools packages that fix one security issue, one bug, and\nadd one enhancement are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe kexec-tools packages contain the /sbin/kexec binary and utilities\nthat together form the user-space component of the kernel's kexec\nfeature. The /sbin/kexec binary facilitates a new kernel to boot using\nthe kernel's kexec feature either on a normal or a panic reboot. The\nkexec fastboot mechanism allows booting a Linux kernel from the\ncontext of an already running kernel.\n\nIt was found that the module-setup.sh script provided by kexec-tools\ncreated temporary files in an insecure way. A malicious, local user\ncould use this flaw to conduct a symbolic link attack, allowing them\nto overwrite the contents of arbitrary files. (CVE-2015-0267)\n\nThis issue was discovered by Harald Hoyer of Red Hat.\n\nThis update also fixes the following bug :\n\n* On Red Hat Enterprise Linux Atomic Host systems, the kdump tool\npreviously saved kernel crash dumps in the /sysroot/crash file instead\nof the /var/crash file. The parsing error that caused this problem has\nbeen fixed, and the kernel crash dumps are now correctly saved in\n/var/crash. (BZ#1206464)\n\nIn addition, this update adds the following enhancement :\n\n* The makedumpfile command now supports the new sadump format that can\nrepresent more than 16 TB of physical memory space. This allows users\nof makedumpfile to read dump files over 16 TB, generated by sadump on\ncertain upcoming server models. (BZ#1208753)\n\nAll kexec-tools users are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues and\nadd this enhancement.", "modified": "2019-01-02T00:00:00", "published": "2015-05-13T00:00:00", "id": "REDHAT-RHSA-2015-0986.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=83407", "title": "RHEL 7 : kexec-tools (RHSA-2015:0986)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:0986. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(83407);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/01/02 16:37:55\");\n\n script_cve_id(\"CVE-2015-0267\");\n script_bugtraq_id(74622);\n script_xref(name:\"RHSA\", value:\"2015:0986\");\n\n script_name(english:\"RHEL 7 : kexec-tools (RHSA-2015:0986)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated kexec-tools packages that fix one security issue, one bug, and\nadd one enhancement are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe kexec-tools packages contain the /sbin/kexec binary and utilities\nthat together form the user-space component of the kernel's kexec\nfeature. The /sbin/kexec binary facilitates a new kernel to boot using\nthe kernel's kexec feature either on a normal or a panic reboot. The\nkexec fastboot mechanism allows booting a Linux kernel from the\ncontext of an already running kernel.\n\nIt was found that the module-setup.sh script provided by kexec-tools\ncreated temporary files in an insecure way. A malicious, local user\ncould use this flaw to conduct a symbolic link attack, allowing them\nto overwrite the contents of arbitrary files. (CVE-2015-0267)\n\nThis issue was discovered by Harald Hoyer of Red Hat.\n\nThis update also fixes the following bug :\n\n* On Red Hat Enterprise Linux Atomic Host systems, the kdump tool\npreviously saved kernel crash dumps in the /sysroot/crash file instead\nof the /var/crash file. The parsing error that caused this problem has\nbeen fixed, and the kernel crash dumps are now correctly saved in\n/var/crash. (BZ#1206464)\n\nIn addition, this update adds the following enhancement :\n\n* The makedumpfile command now supports the new sadump format that can\nrepresent more than 16 TB of physical memory space. This allows users\nof makedumpfile to read dump files over 16 TB, generated by sadump on\ncertain upcoming server models. (BZ#1208753)\n\nAll kexec-tools users are advised to upgrade to these updated\npackages, which contain backported patches to correct these issues and\nadd this enhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:0986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-0267\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kexec-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kexec-tools-anaconda-addon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kexec-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kexec-tools-eppic\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/05/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:0986\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kexec-tools-2.0.7-19.el7_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kexec-tools-2.0.7-19.el7_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kexec-tools-anaconda-addon-2.0.7-19.el7_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kexec-tools-anaconda-addon-2.0.7-19.el7_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kexec-tools-debuginfo-2.0.7-19.el7_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kexec-tools-debuginfo-2.0.7-19.el7_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kexec-tools-eppic-2.0.7-19.el7_1.2\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kexec-tools-eppic-2.0.7-19.el7_1.2\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kexec-tools / kexec-tools-anaconda-addon / kexec-tools-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T17:45:23", "bulletinFamily": "unix", "description": "The kexec-tools packages contain the /sbin/kexec binary and utilities that\ntogether form the user-space component of the kernel's kexec feature.\nThe /sbin/kexec binary facilitates a new kernel to boot using the kernel's\nkexec feature either on a normal or a panic reboot. The kexec fastboot\nmechanism allows booting a Linux kernel from the context of an already\nrunning kernel.\n\nIt was found that the module-setup.sh script provided by kexec-tools\ncreated temporary files in an insecure way. A malicious, local user could\nuse this flaw to conduct a symbolic link attack, allowing them to overwrite\nthe contents of arbitrary files. (CVE-2015-0267)\n\nThis issue was discovered by Harald Hoyer of Red Hat.\n\nThis update also fixes the following bug:\n\n* On Red Hat Enterprise Linux Atomic Host systems, the kdump tool\npreviously saved kernel crash dumps in the /sysroot/crash file instead of\nthe /var/crash file. The parsing error that caused this problem has been\nfixed, and the kernel crash dumps are now correctly saved in /var/crash.\n(BZ#1206464)\n\nIn addition, this update adds the following enhancement:\n\n* The makedumpfile command now supports the new sadump format that can\nrepresent more than 16 TB of physical memory space. This allows users of\nmakedumpfile to read dump files over 16 TB, generated by sadump on certain\nupcoming server models. (BZ#1208753)\n\nAll kexec-tools users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct these issues and add this\nenhancement.\n", "modified": "2018-04-12T03:32:43", "published": "2015-05-12T04:00:00", "id": "RHSA-2015:0986", "href": "https://access.redhat.com/errata/RHSA-2015:0986", "type": "redhat", "title": "(RHSA-2015:0986) Moderate: kexec-tools security, bug fix, and enhancement update", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}]}