Lucene search
This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2017-868.NASLHistoryAug 11, 2017 - 12:00 a.m.
Amazon Linux AMI : kernel (ALAS-2017-868)
2017-08-1100:00:00
This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
39
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
38.1%
Exploitable memory corruption due to UFO to non-UFO path switch (CVE-2017-1000112)
heap out-of-bounds in AF_PACKET sockets (CVE-2017-1000111)
The mq_notify function in the Linux kernel does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to possibly cause a situation where a value may be used after being freed (use-after-free) which may lead to memory corruption or other unspecified other impact.
(CVE-2017-11176 )
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2017-868.
#
include("compat.inc");
if (description)
{
script_id(102367);
script_version("3.9");
script_cvs_date("Date: 2019/06/10 11:30:32");
script_cve_id("CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-11176");
script_xref(name:"ALAS", value:"2017-868");
script_name(english:"Amazon Linux AMI : kernel (ALAS-2017-868)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Amazon Linux AMI host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Exploitable memory corruption due to UFO to non-UFO path switch
(CVE-2017-1000112)
heap out-of-bounds in AF_PACKET sockets (CVE-2017-1000111)
The mq_notify function in the Linux kernel does not set the sock
pointer to NULL upon entry into the retry logic. During a user-space
close of a Netlink socket, it allows attackers to possibly cause a
situation where a value may be used after being freed (use-after-free)
which may lead to memory corruption or other unspecified other impact.
(CVE-2017-11176 )"
);
script_set_attribute(
attribute:"see_also",
value:"https://alas.aws.amazon.com/ALAS-2017-868.html"
);
script_set_attribute(
attribute:"solution",
value:"Run 'yum update kernel' to update your system."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:kernel-tools-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perf-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/07/11");
script_set_attribute(attribute:"patch_publication_date", value:"2017/10/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/11");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Amazon Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"ALA", reference:"kernel-4.9.38-16.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-debuginfo-4.9.38-16.35.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"i686", reference:"kernel-debuginfo-common-i686-4.9.38-16.35.amzn1")) flag++;
if (rpm_check(release:"ALA", cpu:"x86_64", reference:"kernel-debuginfo-common-x86_64-4.9.38-16.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-devel-4.9.38-16.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-doc-4.9.38-16.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-headers-4.9.38-16.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-4.9.38-16.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-debuginfo-4.9.38-16.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"kernel-tools-devel-4.9.38-16.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-4.9.38-16.35.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"perf-debuginfo-4.9.38-16.35.amzn1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon | linux | perf | p-cpe:/a:amazon:linux:perf |
| amazon | linux | perf-debuginfo | p-cpe:/a:amazon:linux:perf-debuginfo |
| amazon | linux | kernel-tools-debuginfo | p-cpe:/a:amazon:linux:kernel-tools-debuginfo |
| amazon | linux | kernel-tools-devel | p-cpe:/a:amazon:linux:kernel-tools-devel |
| amazon | linux | kernel-tools | p-cpe:/a:amazon:linux:kernel-tools |
| amazon | linux | kernel-devel | p-cpe:/a:amazon:linux:kernel-devel |
| amazon | linux | kernel | p-cpe:/a:amazon:linux:kernel |
| amazon | linux | kernel-debuginfo | p-cpe:/a:amazon:linux:kernel-debuginfo |
| amazon | linux | kernel-doc | p-cpe:/a:amazon:linux:kernel-doc |
| amazon | linux | kernel-headers | p-cpe:/a:amazon:linux:kernel-headers |
Related
amazon
amazon
Critical: kernel
2017-08-10 16:31:00
nessus
nessus
SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2150-1)
2017-08-14 00:00:00
Virtuozzo 7 : readykernel-patch (VZA-2017-072)
2017-08-21 00:00:00
Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3384-1)
2017-08-11 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2017:2142-1)
2021-04-19 00:00:00
Ubuntu: Security Advisory (USN-3385-1)
2017-08-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2017:2150-1)
2021-04-19 00:00:00
cloudfoundry
cloudfoundry
USN-3385-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2017-08-17 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2017-08-11 00:00:00
Linux kernel (Trusty HWE) vulnerabilities
2017-08-11 00:00:00
Linux kernel vulnerabilities
2017-08-11 00:00:00
virtuozzo
virtuozzo
suse
suse
Security update for the Linux Kernel (important)
2017-08-12 00:08:29
Security update for the Linux Kernel (important)
2017-08-11 06:07:36
Security update for the Linux Kernel (important)
2017-08-11 21:07:51
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2017-10-24 00:00:00
Unbreakable Enterprise kernel security update
2017-10-24 00:00:00
kernel security and bug fix update
2017-11-15 00:00:00
centos
centos
kernel, perf, python security update
2017-11-15 21:38:19
kernel, perf, python security update
2017-10-23 17:05:09
fedora
fedora
[SECURITY] Fedora 26 Update: kernel-4.12.8-300.fc26
2017-08-24 03:52:29
[SECURITY] Fedora 25 Update: kernel-4.12.8-200.fc25
2017-08-23 06:09:57
[SECURITY] Fedora 25 Update: kernel-4.11.11-200.fc25
2017-07-23 22:57:11
redhat
redhat
(RHSA-2017:3200) Important: kernel security and bug fix update
2017-11-14 19:40:45
(RHSA-2017:2931) Important: kernel-rt security and bug fix update
2017-10-19 13:19:05
(RHSA-2017:2930) Important: kernel security and bug fix update
2017-10-19 13:19:00
cve
cve
CVE-2017-11176
2017-07-11 23:29:00
CVE-2017-1000112
2017-10-05 01:29:04
CVE-2017-1000111
2017-10-05 01:29:04
ibm
ibm
zdt
zdt
cvelist
cvelist
CVE-2017-11176
2017-07-11 23:00:00
CVE-2017-1000112
2017-10-04 01:00:00
nvd
nvd
CVE-2017-11176
2017-07-11 23:29:00
CVE-2017-1000112
2017-10-05 01:29:04
ubuntucve
ubuntucve
CVE-2017-11176
2017-07-11 00:00:00
CVE-2017-1000112
2017-08-10 00:00:00
f5
f5
K56450659 : Linux kernel vulnerability CVE-2017-11176
2017-11-15 00:00:00
K60250153 : Linux kernel vulnerability CVE-2017-1000112
2018-03-14 00:00:00
prion
prion
Design/Logic Flaw
2017-07-11 23:29:00
Memory corruption
2017-10-05 01:29:00
Heap overflow
2017-10-05 01:29:00
exploitpack
exploitpack
veracode
veracode
Privilege Escalation
2019-01-15 09:19:49
Denial Of Service (DoS)
2019-01-15 09:20:45
Privilege Escalation
2019-05-02 06:37:27
packetstorm
packetstorm
Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation
2018-08-03 00:00:00
myhack58
myhack58
seebug
seebug
redhatcve
redhatcve
CVE-2017-1000111
2017-08-11 08:18:42
CVE-2017-1000112
2019-10-10 23:53:59
CVE-2017-11176
2019-10-31 16:26:34
metasploit
metasploit
Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation
2018-04-18 00:39:59
exploitdb
exploitdb
debiancve
debiancve
CVE-2017-11176
2017-07-11 23:29:00
CVE-2017-1000112
2017-10-05 01:29:04
hackerone
hackerone
githubexploit
githubexploit
Exploit for Use After Free in Linux Linux Kernel
2021-12-23 17:45:35
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
38.1%
Related for ALA_ALAS-2017-868.NASL