CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
98.9%
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service :
CVE-2014-3610 Lars Bull of Google and Nadav Amit reported a flaw in how KVM handles noncanonical writes to certain MSR registers. A privileged guest user can exploit this flaw to cause a denial of service (kernel panic) on the host.
CVE-2014-3611 Lars Bull of Google reported a race condition in the PIT emulation code in KVM. A local guest user with access to PIT i/o ports could exploit this flaw to cause a denial of service (crash) on the host.
CVE-2014-3645/ CVE-2014-3646 The Advanced Threat Research team at Intel Security discovered that the KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest.
CVE-2014-3647 Nadav Amit reported that KVM mishandles noncanonical addresses when emulating instructions that change rip, potentially causing a failed VM-entry. A guest user with access to I/O or the MMIO can use this flaw to cause a denial of service (system crash) of the guest.
CVE-2014-3673 Liu Wei of Red Hat discovered a flaw in net/core/skbuff.c leading to a kernel panic when receiving malformed ASCONF chunks. A remote attacker could use this flaw to crash the system.
CVE-2014-3687 A flaw in the sctp stack was discovered leading to a kernel panic when receiving duplicate ASCONF chunks. A remote attacker could use this flaw to crash the system.
CVE-2014-3688 It was found that the sctp stack is prone to a remotely triggerable memory pressure issue caused by excessive queueing. A remote attacker could use this flaw to cause denial-of-service conditions on the system.
CVE-2014-3690 Andy Lutomirski discovered that incorrect register handling in KVM may lead to denial of service.
CVE-2014-7207 Several Debian developers reported an issue in the IPv6 networking subsystem. A local user with access to tun or macvtap devices, or a virtual machine connected to such a device, can cause a denial of service (system crash).
This update includes a bug fix related to CVE-2014-7207 that disables UFO (UDP Fragmentation Offload) in the macvtap, tun, and virtio_net drivers. This will cause migration of a running VM from a host running an earlier kernel version to a host running this kernel version to fail, if the VM has been assigned a virtio network device. In order to migrate such a VM, it must be shut down first.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-3060. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(78784);
script_version("1.15");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2014-3610", "CVE-2014-3611", "CVE-2014-3645", "CVE-2014-3646", "CVE-2014-3647", "CVE-2014-3673", "CVE-2014-3687", "CVE-2014-3688", "CVE-2014-3690", "CVE-2014-7207");
script_bugtraq_id(70691, 70742, 70743, 70745, 70746, 70748, 70766, 70768, 70867);
script_xref(name:"DSA", value:"3060");
script_name(english:"Debian DSA-3060-1 : linux - security update");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service :
- CVE-2014-3610
Lars Bull of Google and Nadav Amit reported a flaw in
how KVM handles noncanonical writes to certain MSR
registers. A privileged guest user can exploit this flaw
to cause a denial of service (kernel panic) on the host.
- CVE-2014-3611
Lars Bull of Google reported a race condition in the PIT
emulation code in KVM. A local guest user with access to
PIT i/o ports could exploit this flaw to cause a denial
of service (crash) on the host.
- CVE-2014-3645/ CVE-2014-3646
The Advanced Threat Research team at Intel Security
discovered that the KVM subsystem did not handle the VM
exits gracefully for the invept (Invalidate Translations
Derived from EPT) and invvpid (Invalidate Translations
Based on VPID) instructions. On hosts with an Intel
processor and invept/invppid VM exit support, an
unprivileged guest user could use these instructions to
crash the guest.
- CVE-2014-3647
Nadav Amit reported that KVM mishandles noncanonical
addresses when emulating instructions that change rip,
potentially causing a failed VM-entry. A guest user with
access to I/O or the MMIO can use this flaw to cause a
denial of service (system crash) of the guest.
- CVE-2014-3673
Liu Wei of Red Hat discovered a flaw in
net/core/skbuff.c leading to a kernel panic when
receiving malformed ASCONF chunks. A remote attacker
could use this flaw to crash the system.
- CVE-2014-3687
A flaw in the sctp stack was discovered leading to a
kernel panic when receiving duplicate ASCONF chunks. A
remote attacker could use this flaw to crash the system.
- CVE-2014-3688
It was found that the sctp stack is prone to a remotely
triggerable memory pressure issue caused by excessive
queueing. A remote attacker could use this flaw to cause
denial-of-service conditions on the system.
- CVE-2014-3690
Andy Lutomirski discovered that incorrect register
handling in KVM may lead to denial of service.
- CVE-2014-7207
Several Debian developers reported an issue in the IPv6
networking subsystem. A local user with access to tun or
macvtap devices, or a virtual machine connected to such
a device, can cause a denial of service (system crash).
This update includes a bug fix related to CVE-2014-7207 that disables
UFO (UDP Fragmentation Offload) in the macvtap, tun, and virtio_net
drivers. This will cause migration of a running VM from a host running
an earlier kernel version to a host running this kernel version to
fail, if the VM has been assigned a virtio network device. In order to
migrate such a VM, it must be shut down first."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766195"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2014-3610"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2014-3611"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2014-3645"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2014-3646"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2014-3647"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2014-3673"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2014-3687"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2014-3688"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2014-3690"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2014-7207"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2014-7207"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2014/dsa-3060"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the linux packages.
For the stable distribution (wheezy), these problems have been fixed
in version 3.2.63-2+deb7u1."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:linux");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/10");
script_set_attribute(attribute:"patch_publication_date", value:"2014/10/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/03");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"7.0", prefix:"linux", reference:"3.2.63-2+deb7u1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3611
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3645
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3690
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7207
bugs.debian.org/cgi-bin/bugreport.cgi?bug=766195
security-tracker.debian.org/tracker/CVE-2014-3610
security-tracker.debian.org/tracker/CVE-2014-3611
security-tracker.debian.org/tracker/CVE-2014-3645
security-tracker.debian.org/tracker/CVE-2014-3646
security-tracker.debian.org/tracker/CVE-2014-3647
security-tracker.debian.org/tracker/CVE-2014-3673
security-tracker.debian.org/tracker/CVE-2014-3687
security-tracker.debian.org/tracker/CVE-2014-3688
security-tracker.debian.org/tracker/CVE-2014-3690
security-tracker.debian.org/tracker/CVE-2014-7207
www.debian.org/security/2014/dsa-3060
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
98.9%