Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2016-772.NASL
HistoryDec 08, 2016 - 12:00 a.m.

Amazon Linux AMI : kernel (ALAS-2016-772)

2016-12-0800:00:00
This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
65

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

9.5%

JSON

CVE-2016-8645 kernel: a BUG() statement can be hit in net/ipv4/tcp_input.c

It was discovered that the Linux kernel since 3.6-rc1 with net.ipv4.tcp_fastopen; set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash.

CVE-2016-8655 kernel: Race condition in packet_set_ring leads to use after free

A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.

CVE-2016-9083 kernel: State machine confusion bug in vfio driver leading to memory corruption

A flaw was discovered in the Linux kernel’s implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution.

CVE-2016-9084 kernel: Integer overflow when using kzalloc in vfio driver

The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2016-772.
#

include("compat.inc");

if (description)
{
  script_id(95609);
  script_version("3.6");
  script_cvs_date("Date: 2019/04/11 17:23:06");

  script_cve_id("CVE-2016-8645", "CVE-2016-8655", "CVE-2016-9083", "CVE-2016-9084");
  script_xref(name:"ALAS", value:"2016-772");

  script_name(english:"Amazon Linux AMI : kernel (ALAS-2016-772)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"CVE-2016-8645 kernel: a BUG() statement can be hit in
net/ipv4/tcp_input.c

It was discovered that the Linux kernel since 3.6-rc1 with
net.ipv4.tcp_fastopen; set to 1 can hit BUG() statement in
tcp_collapse() function after making a number of certain syscalls
leading to a possible system crash.

CVE-2016-8655 kernel: Race condition in packet_set_ring leads to use
after free

A race condition issue leading to a use-after-free flaw was found in
the way the raw packet sockets implementation in the Linux kernel
networking subsystem handled synchronization while creating the
TPACKET_V3 ring buffer. A local user able to open a raw packet socket
(requires the CAP_NET_RAW capability) could use this flaw to elevate
their privileges on the system.

CVE-2016-9083 kernel: State machine confusion bug in vfio driver
leading to memory corruption

A flaw was discovered in the Linux kernel's implementation of VFIO. An
attacker issuing an ioctl can create a situation where memory is
corrupted and modify memory outside of the expected area. This may
overwrite kernel memory and subvert kernel execution.

CVE-2016-9084 kernel: Integer overflow when using kzalloc in vfio
driver

The use of a kzalloc with an integer multiplication allowed an integer
overflow condition to be reached in vfio_pci_intrs.c. This combined
with CVE-2016-9083 may allow an attacker to craft an attack and use
unallocated memory, potentially crashing the machine."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2016-772.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update kernel' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'AF_PACKET chocobo_root Privilege Escalation');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/12/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/08");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"kernel-4.4.35-33.55.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-debuginfo-4.4.35-33.55.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"i686", reference:"kernel-debuginfo-common-i686-4.4.35-33.55.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-4.4.35-33.55.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-devel-4.4.35-33.55.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-doc-4.4.35-33.55.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-headers-4.4.35-33.55.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-4.4.35-33.55.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-debuginfo-4.4.35-33.55.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-devel-4.4.35-33.55.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-4.4.35-33.55.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-debuginfo-4.4.35-33.55.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc");
}
VendorProductVersionCPE
amazonlinuxkernelp-cpe:/a:amazon:linux:kernel
amazonlinuxkernel-debuginfop-cpe:/a:amazon:linux:kernel-debuginfo
amazonlinuxkernel-debuginfo-common-i686p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686
amazonlinuxkernel-debuginfo-common-x86_64p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64
amazonlinuxkernel-develp-cpe:/a:amazon:linux:kernel-devel
amazonlinuxkernel-docp-cpe:/a:amazon:linux:kernel-doc
amazonlinuxkernel-headersp-cpe:/a:amazon:linux:kernel-headers
amazonlinuxkernel-toolsp-cpe:/a:amazon:linux:kernel-tools
amazonlinuxkernel-tools-debuginfop-cpe:/a:amazon:linux:kernel-tools-debuginfo
amazonlinuxkernel-tools-develp-cpe:/a:amazon:linux:kernel-tools-devel
Rows per page:
1-10 of 131

Related

amazon 1
nessus 45
redhat 3
openvas 37
oraclelinux 3
fedora 6
centos 1
ibm 3
cve 5
veracode 4
ubuntucve 5
nvd 5
prion 5
cvelist 5
debiancve 5
ubuntu 11
threatpost 1
archlinux 4
redhatcve 2
seebug 1
slackware 1
metasploit 1
zdt 3
packetstorm 1
exploitpack 1
mageia 3
thn 2
f5 2
myhack58 2
exploitdb 2
suse 26
photon 1
googleprojectzero 1
virtuozzo 1
amazon
amazon
Important: kernel
2016-12-06 23:44:00
nessus
nessus
Oracle Linux 7 : kernel (ELSA-2017-0386)
2017-03-03 00:00:00
Scientific Linux Security Update : kernel on SL7.x x86_64 (20170302)
2017-03-03 00:00:00
Fedora 23 : kernel (2016-ee3a114958)
2016-11-25 00:00:00
redhat
redhat
(RHSA-2017:0387) Important: kernel-rt security and bug fix update
2017-03-02 15:22:34
(RHSA-2017:0386) Important: kernel security, bug fix, and enhancement update
2017-03-02 15:22:31
(RHSA-2017:0402) Important: kernel-rt security, bug fix, and enhancement update
2017-03-02 15:47:05
openvas
openvas
Fedora Update for kernel FEDORA-2016-ee3a114958
2016-12-02 00:00:00
CentOS Update for kernel CESA-2017:0386 centos7
2017-03-07 00:00:00
Fedora Update for kernel FEDORA-2016-96d276367e
2016-12-02 00:00:00
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2017-03-03 00:00:00
kernel security, bug fix, and enhancement update
2017-03-02 00:00:00
Unbreakable Enterprise kernel security update
2017-02-06 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: kernel-4.8.8-100.fc23
2016-11-24 08:29:52
[SECURITY] Fedora 24 Update: kernel-4.8.6-201.fc24
2016-11-07 23:34:12
[SECURITY] Fedora 25 Update: kernel-4.8.8-300.fc25
2016-11-19 22:30:12
centos
centos
kernel, perf, python security update
2017-03-06 15:04:15
ibm
ibm
Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM
2018-06-18 01:37:19
Security Bulletin: IBM QRadar Network Security is affected by vulnerabilities in Linux kernel
2018-06-16 22:02:07
Security Bulletin: IBM Security Access Manager appliances are affected by kernel vulnerabilities
2018-06-16 22:03:36
cve
cve
CVE-2016-9084
2016-11-28 03:59:12
CVE-2016-9083
2016-11-28 03:59:11
CVE-2016-8645
2016-11-28 03:59:07
veracode
veracode
Integer Overflow
2019-05-02 06:32:55
Memory Corruption
2019-05-02 06:32:55
Denial Of Service (DOS)
2019-05-02 06:36:11
ubuntucve
ubuntucve
CVE-2016-9084
2016-11-27 00:00:00
CVE-2016-9083
2016-11-27 00:00:00
CVE-2016-8645
2016-11-27 00:00:00
nvd
nvd
CVE-2016-9084
2016-11-28 03:59:12
CVE-2016-9083
2016-11-28 03:59:11
CVE-2016-8645
2016-11-28 03:59:07
prion
prion
Integer overflow
2016-11-28 03:59:00
Integer overflow
2016-11-28 03:59:00
Code injection
2016-11-28 03:59:00
cvelist
cvelist
CVE-2016-9083
2016-11-28 03:01:00
CVE-2016-9084
2016-11-28 03:01:00
CVE-2016-8645
2016-11-28 03:01:00
debiancve
debiancve
CVE-2016-9083
2016-11-28 03:59:11
CVE-2016-9084
2016-11-28 03:59:12
CVE-2016-8655
2016-12-08 08:59:00
ubuntu
ubuntu
Linux kernel vulnerability
2017-05-17 00:00:00
Linux kernel (Trusty HWE) vulnerability
2016-12-05 00:00:00
Linux kernel vulnerability
2016-12-05 00:00:00
threatpost
threatpost
Old Linux Kernel Code Execution Bug Patched
2016-12-08 09:15:57
archlinux
archlinux
[ASA-201612-8] linux-zen: privilege escalation
2016-12-07 00:00:00
[ASA-201612-5] linux-grsec: privilege escalation
2016-12-06 00:00:00
[ASA-201612-6] linux: privilege escalation
2016-12-06 00:00:00
redhatcve
redhatcve
CVE-2016-8655
2019-10-09 04:21:35
CVE-2016-8645
2016-11-11 12:47:16
seebug
seebug
Linux af_packet.c race condition (local root) (CVE-2016-8655)
2016-12-07 00:00:00
slackware
slackware
[slackware-security] kernel
2016-12-12 23:10:22
metasploit
metasploit
AF_PACKET chocobo_root Privilege Escalation
2018-05-07 07:11:07
zdt
zdt
Linux Kernel 4.4.0-21 < 4.4.0-51 (Ubuntu 14.04/16.04 x86-64) AF_PACKET Race Condition Privilege
2019-07-26 00:00:00
Linux 4.4.0 < 4.4.0-53 - AF_PACKET chocobo_root Privilege Escalation Exploit
2018-05-23 00:00:00
Linux Kernel 4.4.0 AF_PACKET Race Condition / Privilege Escalation Exploit
2016-12-07 00:00:00
packetstorm
packetstorm
AF_PACKET chocobo_root Privilege Escalation
2018-05-22 00:00:00
exploitpack
exploitpack
Linux Kernel 4.4.0-21 4.4.0-51 (Ubuntu 14.0416.04 x86-64) - AF_PACKET Race Condition Privilege Escalation
2018-12-29 00:00:00
mageia
mageia
Updated kernel packages fixes security vulnerabilities
2016-12-08 10:33:24
Updated kernel-linus packages fix security vulnerabilities
2017-01-04 01:05:03
Updated kernel-tmb packages fix security vulnerabilities
2017-01-04 01:05:03
thn
thn
5-Year-Old Linux Kernel Local Privilege Escalation Flaw Discovered
2016-12-07 04:41:00
11-Year Old Linux Kernel Local Privilege Escalation Flaw Discovered
2017-02-22 07:08:00
f5
f5
K38472857 : Kernel vulnerability CVE-2016-8655
2016-12-22 00:00:00
K44309215 : Linux kernel vulnerability CVE-2017-1000111
2018-03-14 00:00:00
myhack58
myhack58
UCloud-201612-002: Linux kernel through kill to mention the right vulnerability Security Alert-vulnerability warning-the black bar safety net
2016-12-15 00:00:00
Lurking in 11 years of Linux kernel to mention the right vulnerability-exposure-vulnerability warning-the black bar safety net
2017-02-23 00:00:00
exploitdb
exploitdb
Linux Kernel 4.4.0-21 &lt; 4.4.0-51 (Ubuntu 14.04/16.04 x64) - &#039;AF_PACKET&#039; Race Condition Privilege Escalation
2018-12-29 00:00:00
Linux 4.4.0 &lt; 4.4.0-53 - &#039;AF_PACKET chocobo_root&#039; Local Privilege Escalation (Metasploit)
2018-05-22 00:00:00
suse
suse
Security update for Linux Kernel Live Patch 8 for SLE 12 SP1 (important)
2016-12-13 17:07:11
Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 (important)
2016-12-12 19:09:44
Security update for Linux Kernel Live Patch 7 for SLE 12 SP1 (important)
2016-12-16 19:08:30
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2016-0014
2016-12-15 00:00:00
googleprojectzero
googleprojectzero
Exploiting the Linux kernel via packet sockets
2017-05-10 00:00:00
virtuozzo
virtuozzo
Kernel security update: Virtuozzo ReadyKernel patch 11.0 for kernel 3.10.0-327.36.1.vz7.20.18 (Virtuozzo 7.0.3)
2017-02-21 00:00:00

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

9.5%

JSON
Related for ALA_ALAS-2016-772.NASL
amazon1nessus45redhat3openvas37oraclelinux3fedora6centos1ibm3cve5veracode4ubuntucve5nvd5prion5cvelist5debiancve5ubuntu11threatpost1archlinux4redhatcve2seebug1slackware1metasploit1zdt3packetstorm1exploitpack1mageia3thn2f52myhack582exploitdb2suse26photon1googleprojectzero1virtuozzo1