Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2013-0223.NASL
HistoryJul 12, 2013 - 12:00 a.m.

Oracle Linux 6 : kernel (ELSA-2013-0223)

2013-07-1200:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.001

Percentile

17.9%

JSON

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-0223 advisory.

  • The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via a crafted application. (CVE-2012-4398)

  • The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the guest cr4 register, then calling the KVM_RUN ioctl. (CVE-2012-4461)

  • The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (CVE-2012-4530)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2013-0223.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(68724);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/09/08");

  script_cve_id("CVE-2012-4398", "CVE-2012-4461", "CVE-2012-4530");
  script_bugtraq_id(55361, 55878, 56414);
  script_xref(name:"RHSA", value:"2013:0223");

  script_name(english:"Oracle Linux 6 : kernel (ELSA-2013-0223)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2013-0223 advisory.

  - The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain
    killable attribute, which allows local users to cause a denial of service (memory consumption) via a
    crafted application. (CVE-2012-4398)

  - The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without
    XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to
    set the X86_CR4_OSXSAVE bit in the guest cr4 register, then calling the KVM_RUN ioctl. (CVE-2012-4461)

  - The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle
    recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted
    application. (CVE-2012-4530)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2013-0223.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-4530");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/02/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Oracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("linux_alt_patch_detect.nasl", "ssh_get_info.nasl");
  script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");

  exit(0);
}


include('audit.inc');
include('global_settings.inc');
include('ksplice.inc');
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
var os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);

var machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');
if (machine_uptrack_level)
{
  var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:"\.(x86_64|i[3-6]86|aarch64)$", replace:'');
  var fixed_uptrack_levels = ['2.6.32-279.22.1.el6'];
  foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {
    if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)
    {
      audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2013-0223');
    }
  }
  __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\n\n';
}

var kernel_major_minor = get_kb_item('Host/uname/major_minor');
if (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');
var expected_kernel_major_minor = '2.6';
if (kernel_major_minor != expected_kernel_major_minor)
  audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);

var pkgs = [
    {'reference':'kernel-2.6.32-279.22.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},
    {'reference':'kernel-2.6.32-279.22.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},
    {'reference':'kernel-debug-2.6.32-279.22.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},
    {'reference':'kernel-debug-2.6.32-279.22.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},
    {'reference':'kernel-debug-devel-2.6.32-279.22.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},
    {'reference':'kernel-debug-devel-2.6.32-279.22.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},
    {'reference':'kernel-devel-2.6.32-279.22.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},
    {'reference':'kernel-devel-2.6.32-279.22.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},
    {'reference':'kernel-firmware-2.6.32-279.22.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-firmware-2.6.32'},
    {'reference':'kernel-headers-2.6.32-279.22.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},
    {'reference':'kernel-headers-2.6.32-279.22.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},
    {'reference':'perf-2.6.32-279.22.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'perf-2.6.32-279.22.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'python-perf-2.6.32-279.22.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'python-perf-2.6.32-279.22.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var release = NULL;
  var sp = NULL;
  var cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && release) {
    if (exists_check) {
        if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    } else {
        if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    }
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-debug / kernel-debug-devel / etc');
}
VendorProductVersionCPE
oraclelinuxkernel-develp-cpe:/a:oracle:linux:kernel-devel
oraclelinuxperfp-cpe:/a:oracle:linux:perf
oraclelinuxkernel-firmwarep-cpe:/a:oracle:linux:kernel-firmware
oraclelinuxpython-perfp-cpe:/a:oracle:linux:python-perf
oraclelinuxkernel-debug-develp-cpe:/a:oracle:linux:kernel-debug-devel
oraclelinuxkernel-debugp-cpe:/a:oracle:linux:kernel-debug
oraclelinuxkernel-headersp-cpe:/a:oracle:linux:kernel-headers
oraclelinuxkernelp-cpe:/a:oracle:linux:kernel
oraclelinux6cpe:/o:oracle:linux:6

Related

openvas 71
centos 2
oraclelinux 8
nessus 51
redhat 5
amazon 2
ubuntu 22
securityvulns 3
cvelist 3
cve 3
veracode 2
ubuntucve 3
debiancve 3
nvd 3
prion 3
fedora 10
zdt 1
f5 2
suse 2
openvas
openvas
CentOS Update for kernel CESA-2013:0223 centos6
2013-02-08 00:00:00
Oracle: Security Advisory (ELSA-2013-0223)
2015-10-06 00:00:00
CentOS Update for kernel CESA-2013:0223 centos6
2013-02-08 00:00:00
centos
centos
kernel, perf, python security update
2013-02-06 10:28:29
kernel security update
2013-10-07 12:37:12
oraclelinux
oraclelinux
kernel security and bug fix update
2013-02-05 00:00:00
Unbreakable Enterprise kernel security update
2013-02-07 00:00:00
Oracle Linux 5 kernel update
2013-10-02 00:00:00
nessus
nessus
CentOS 6 : kernel (CESA-2013:0223)
2013-02-08 00:00:00
RHEL 6 : kernel (RHSA-2013:0223)
2013-02-06 00:00:00
Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20130205)
2013-02-07 00:00:00
redhat
redhat
(RHSA-2013:0223) Moderate: kernel security and bug fix update
2013-02-05 00:00:00
(RHSA-2012:1282) Moderate: kernel-rt security, bug fix, and enhancement update
2012-09-19 00:00:00
(RHSA-2013:1348) Moderate: Red Hat Enterprise Linux 5 kernel update
2013-09-30 16:52:28
amazon
amazon
Medium: kernel
2013-03-02 16:54:00
Medium: kernel
2013-10-16 20:53:00
ubuntu
ubuntu
Linux kernel (Oneiric backport) vulnerabilities
2013-01-15 00:00:00
Linux kernel vulnerabilities
2013-01-15 00:00:00
Linux kernel regression
2013-02-01 00:00:00
securityvulns
securityvulns
[USN-1696-1] Linux kernel vulnerabilities
2013-01-21 00:00:00
Linux kernel security vulnerabilities
2013-01-21 00:00:00
[USN-1683-1] Linux kernel vulnerability
2013-01-14 00:00:00
cvelist
cvelist
CVE-2012-4398
2013-02-18 02:00:00
CVE-2012-4530
2013-02-18 02:00:00
CVE-2012-4461
2013-01-22 23:00:00
cve
cve
CVE-2012-4398
2013-02-18 04:41:50
CVE-2012-4530
2013-02-18 04:41:50
CVE-2012-4461
2013-01-22 23:55:02
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:57:48
Information Disclosure
2019-05-02 04:53:22
ubuntucve
ubuntucve
CVE-2012-4398
2012-09-02 00:00:00
CVE-2012-4530
2012-10-19 00:00:00
CVE-2012-4461
2012-11-06 00:00:00
debiancve
debiancve
CVE-2012-4530
2013-02-18 04:41:50
CVE-2012-4398
2013-02-18 04:41:50
CVE-2012-4461
2013-01-22 23:55:02
nvd
nvd
CVE-2012-4530
2013-02-18 04:41:50
CVE-2012-4461
2013-01-22 23:55:02
CVE-2012-4398
2013-02-18 04:41:50
prion
prion
Design/Logic Flaw
2013-02-18 04:41:00
Design/Logic Flaw
2013-02-18 04:41:00
Design/Logic Flaw
2013-01-22 23:55:00
fedora
fedora
[SECURITY] Fedora 18 Update: kernel-3.6.7-5.fc18
2012-11-27 04:42:31
[SECURITY] Fedora 18 Update: kernel-3.6.9-4.fc18
2012-12-07 04:26:13
[SECURITY] Fedora 17 Update: kernel-3.6.8-2.fc17
2012-12-01 08:28:13
zdt
zdt
Ubuntu 11.10/12.04 - binfmt_script Stack Data Disclosure Vulnerability
2017-03-29 00:00:00
f5
f5
K15797 : Linux kernel vulnerability CVE-2012-4461
2014-11-06 00:00:00
SOL15797 - Linux kernel vulnerability CVE-2012-4461
2014-11-05 00:00:00
suse
suse
Security update for Linux kernel (important)
2013-04-13 01:04:40
kernel: security and bugfix update (important)
2013-03-05 18:04:24

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

EPSS

0.001

Percentile

17.9%

JSON
Related for ORACLELINUX_ELSA-2013-0223.NASL
openvas71centos2oraclelinux8nessus51redhat5amazon2ubuntu22securityvulns3cvelist3cve3veracode2ubuntucve3debiancve3nvd3prion3fedora10zdt1f52suse2