Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2013-1173.NASL
HistoryAug 28, 2013 - 12:00 a.m.

Oracle Linux 6 : kernel (ELSA-2013-1173)

2013-08-2800:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
37

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.741 High

EPSS

Percentile

98.1%

JSON

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-1173 advisory.

  • The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. (CVE-2012-6544)

  • The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted SCTP traffic. (CVE-2013-2206)

  • A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows local users to cause a denial of service (invalid free operation and system crash) or possibly gain privileges via a sendmsg system call with the IP_RETOPTS option, as demonstrated by hemlock.c. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-3552. (CVE-2013-2224)

  • The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. (CVE-2013-2232)

  • The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.
    (CVE-2013-2237)

  • arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (CVE-2013-2146)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2013-1173.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(69492);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/09/08");

  script_cve_id(
    "CVE-2012-6544",
    "CVE-2013-2146",
    "CVE-2013-2206",
    "CVE-2013-2224",
    "CVE-2013-2232",
    "CVE-2013-2237"
  );
  script_bugtraq_id(
    58990,
    60324,
    60715,
    60858,
    60893,
    60953
  );
  script_xref(name:"RHSA", value:"2013:1173");

  script_name(english:"Oracle Linux 6 : kernel (ELSA-2013-1173)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2013-1173 advisory.

  - The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain
    structures, which allows local users to obtain sensitive information from kernel stack memory via a
    crafted application that targets the (1) L2CAP or (2) HCI implementation. (CVE-2012-6544)

  - The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux
    kernel before 3.8.5 does not properly handle associations during the processing of a duplicate COOKIE ECHO
    chunk, which allows remote attackers to cause a denial of service (NULL pointer dereference and system
    crash) or possibly have unspecified other impact via crafted SCTP traffic. (CVE-2013-2206)

  - A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows local
    users to cause a denial of service (invalid free operation and system crash) or possibly gain privileges
    via a sendmsg system call with the IP_RETOPTS option, as demonstrated by hemlock.c. NOTE: this
    vulnerability exists because of an incorrect fix for CVE-2012-3552. (CVE-2013-2224)

  - The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users
    to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4
    interface. (CVE-2013-2232)

  - The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not
    initialize a certain structure member, which allows local users to obtain sensitive information from
    kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.
    (CVE-2013-2237)

  - arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events
    Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of
    service (general protection fault and system crash) by attempting to set a reserved bit. (CVE-2013-2146)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2013-1173.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2224");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/08/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/08/28");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-firmware");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-perf");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Oracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("linux_alt_patch_detect.nasl", "ssh_get_info.nasl");
  script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");

  exit(0);
}


include('audit.inc');
include('global_settings.inc');
include('ksplice.inc');
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
var os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);

var machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');
if (machine_uptrack_level)
{
  var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:"\.(x86_64|i[3-6]86|aarch64)$", replace:'');
  var fixed_uptrack_levels = ['2.6.32-358.18.1.el6'];
  foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {
    if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)
    {
      audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2013-1173');
    }
  }
  __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\n\n';
}

var kernel_major_minor = get_kb_item('Host/uname/major_minor');
if (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');
var expected_kernel_major_minor = '2.6';
if (kernel_major_minor != expected_kernel_major_minor)
  audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);

var pkgs = [
    {'reference':'kernel-2.6.32-358.18.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},
    {'reference':'kernel-2.6.32-358.18.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},
    {'reference':'kernel-debug-2.6.32-358.18.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},
    {'reference':'kernel-debug-2.6.32-358.18.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},
    {'reference':'kernel-debug-devel-2.6.32-358.18.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},
    {'reference':'kernel-debug-devel-2.6.32-358.18.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},
    {'reference':'kernel-devel-2.6.32-358.18.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},
    {'reference':'kernel-devel-2.6.32-358.18.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},
    {'reference':'kernel-firmware-2.6.32-358.18.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-firmware-2.6.32'},
    {'reference':'kernel-headers-2.6.32-358.18.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},
    {'reference':'kernel-headers-2.6.32-358.18.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},
    {'reference':'perf-2.6.32-358.18.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'perf-2.6.32-358.18.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'python-perf-2.6.32-358.18.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'python-perf-2.6.32-358.18.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var release = NULL;
  var sp = NULL;
  var cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && release) {
    if (exists_check) {
        if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    } else {
        if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    }
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-debug / kernel-debug-devel / etc');
}
VendorProductVersionCPE
oraclelinux6cpe:/o:oracle:linux:6
oraclelinuxkernelp-cpe:/a:oracle:linux:kernel
oraclelinuxkernel-debugp-cpe:/a:oracle:linux:kernel-debug
oraclelinuxkernel-debug-develp-cpe:/a:oracle:linux:kernel-debug-devel
oraclelinuxkernel-develp-cpe:/a:oracle:linux:kernel-devel
oraclelinuxkernel-firmwarep-cpe:/a:oracle:linux:kernel-firmware
oraclelinuxkernel-headersp-cpe:/a:oracle:linux:kernel-headers
oraclelinuxperfp-cpe:/a:oracle:linux:perf
oraclelinuxpython-perfp-cpe:/a:oracle:linux:python-perf

Related

centos 3
openvas 55
nessus 39
redhat 7
oraclelinux 8
altlinux 2
nvd 7
ubuntucve 7
cvelist 7
cve 7
prion 7
debiancve 7
vmware 1
ubuntu 9
veracode 11
suse 6
checkpoint_advisories 1
mageia 7
debian 2
osv 2
fedora 2
securityvulns 1
amazon 1
centos
centos
kernel, perf, python security update
2013-08-28 19:03:34
kernel security update
2013-08-21 14:07:08
kernel, perf, python security update
2012-09-26 01:59:30
openvas
openvas
CentOS Update for kernel CESA-2013:1173 centos6
2013-09-02 00:00:00
RedHat Update for kernel RHSA-2013:1173-01
2013-09-02 00:00:00
CentOS Update for kernel CESA-2013:1173 centos6
2013-09-02 00:00:00
nessus
nessus
CentOS 6 : kernel (CESA-2013:1173)
2013-08-29 00:00:00
Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20130827)
2013-08-29 00:00:00
RHEL 6 : kernel (RHSA-2013:1173)
2013-08-28 00:00:00
redhat
redhat
(RHSA-2013:1173) Important: kernel security and bug fix update
2013-08-27 00:00:00
(RHSA-2013:1195) Important: kernel security and bug fix update
2013-09-03 00:00:00
(RHSA-2013:1166) Important: kernel security and bug fix update
2013-08-20 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2013-08-27 00:00:00
unbreakable enterprise kernel security update
2013-08-28 00:00:00
unbreakable enterprise kernel security update
2013-08-28 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt11
2013-08-30 00:00:00
Security fix for the ALT Linux 7 package kernel-image-el-def version 2.6.32-alt8
2013-07-02 00:00:00
nvd
nvd
CVE-2013-2224
2013-07-04 21:55:01
CVE-2012-6544
2013-03-15 20:55:07
CVE-2013-2146
2013-06-07 14:03:19
ubuntucve
ubuntucve
CVE-2013-2224
2013-07-04 00:00:00
CVE-2012-6544
2013-03-07 00:00:00
CVE-2013-2146
2013-06-05 00:00:00
cvelist
cvelist
CVE-2013-2224
2013-07-04 21:00:00
CVE-2012-6544
2013-03-14 20:00:00
CVE-2013-2146
2013-06-07 10:00:00
cve
cve
CVE-2013-2224
2013-07-04 21:55:01
CVE-2012-6544
2013-03-15 20:55:07
CVE-2013-2146
2013-06-07 14:03:19
prion
prion
Design/Logic Flaw
2013-07-04 21:55:00
Information disclosure
2013-03-15 20:55:00
Design/Logic Flaw
2013-06-07 14:03:00
debiancve
debiancve
CVE-2013-2224
2013-07-04 21:55:01
CVE-2012-6544
2013-03-15 20:55:07
CVE-2013-2146
2013-06-07 14:03:19
vmware
vmware
VMware ESX updates to third party libraries
2013-12-05 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2013-07-29 00:00:00
Linux kernel (EC2) vulnerabilities
2013-07-29 00:00:00
Linux kernel (OMAP4) vulnerability
2013-10-22 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-05-02 04:52:18
Information Disclosure
2019-05-02 04:52:18
Privilege Escalation
2019-05-02 04:52:19
suse
suse
Security update for Real Time Linux Kernel (important)
2013-11-22 05:04:54
Security update for Real Time Linux Kernel (important)
2013-11-22 08:04:29
Security update for Linux Kernel (important)
2013-11-22 08:04:16
checkpoint_advisories
checkpoint_advisories
Linux Kernel SCTP Duplicate Cookie Handling Denial of Service (CVE-2013-2206)
2013-11-18 00:00:00
mageia
mageia
Updated kernel packages fix multiple security vulnerabilities
2013-07-09 21:56:42
Updated kernel-tmb package fixes security issues.
2013-07-16 11:30:20
Updated kernel-rt package fixes security issues
2013-07-16 11:33:23
debian
debian
[SECURITY] [DSA 2766-1] linux-2.6 security update
2013-09-27 23:24:02
[SECURITY] [DSA 2745-1] linux security update
2013-08-29 05:07:31
osv
osv
linux-2.6 - several
2013-09-27 00:00:00
linux - several
2013-08-28 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: kernel-3.9.9-302.fc19
2013-07-14 03:30:56
[SECURITY] Fedora 19 Update: kernel-3.10.3-300.fc19
2013-07-26 22:59:37
securityvulns
securityvulns
[USN-1939-1] Linux kernel vulnerabilities
2013-09-09 00:00:00
amazon
amazon
Medium: kernel
2012-10-08 10:43:00

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

0.741 High

EPSS

Percentile

98.1%

JSON
Related for ORACLELINUX_ELSA-2013-1173.NASL
centos3openvas55nessus39redhat7oraclelinux8altlinux2nvd7ubuntucve7cvelist7cve7prion7debiancve7vmware1ubuntu9veracode11suse6checkpoint_advisories1mageia7debian2osv2fedora2securityvulns1amazon1