Lucene search
This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2013-2525.NASLHistoryJul 12, 2013 - 12:00 a.m.
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel Security (ELSA-2013-2525)
2013-07-1200:00:00
This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.003
Percentile
71.0%
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-2525 advisory.
-
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. (CVE-2012-6542)
-
Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure. (CVE-2013-1929)
-
Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device. (CVE-2013-1860)
-
fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application. (CVE-2013-1848)
-
The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application. (CVE-2013-1979)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2013-2525.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(68855);
script_version("1.23");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/09/16");
script_cve_id(
"CVE-2012-4542",
"CVE-2012-6542",
"CVE-2013-0190",
"CVE-2013-0228",
"CVE-2013-0231",
"CVE-2013-0268",
"CVE-2013-0311",
"CVE-2013-0349",
"CVE-2013-0871",
"CVE-2013-0913",
"CVE-2013-1767",
"CVE-2013-1773",
"CVE-2013-1774",
"CVE-2013-1792",
"CVE-2013-1796",
"CVE-2013-1797",
"CVE-2013-1798",
"CVE-2013-1848",
"CVE-2013-1860",
"CVE-2013-1929",
"CVE-2013-1979",
"CVE-2013-2094"
);
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/10/06");
script_name(english:"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel Security (ELSA-2013-2525)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in
the ELSA-2013-2525 advisory.
- The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return
value in certain circumstances, which allows local users to obtain sensitive information from kernel stack
memory via a crafted application that leverages an uninitialized pointer argument. (CVE-2012-6542)
- Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the
Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system
crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital
Product Data (VPD) data structure. (CVE-2013-1929)
- Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux
kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or
possibly execute arbitrary code via a crafted cdc-wdm USB device. (CVE-2013-1860)
- fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain
circumstances related to printk input, which allows local users to conduct format-string attacks and
possibly gain privileges via a crafted application. (CVE-2013-1848)
- The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and
gid values during credentials passing, which allows local users to gain privileges via a crafted
application. (CVE-2013-1979)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2013-2525.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-2094");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:"CANVAS");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/05");
script_set_attribute(attribute:"patch_publication_date", value:"2013/06/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2013-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("linux_alt_patch_detect.nasl", "ssh_get_info.nasl");
script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('ksplice.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
var os_ver = os_ver[1];
if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 5 / 6', 'Oracle Linux ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
var machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');
if (machine_uptrack_level)
{
var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:"\.(x86_64|i[3-6]86|aarch64)$", replace:'');
var fixed_uptrack_levels = ['2.6.39-400.109.1.el5uek', '2.6.39-400.109.1.el6uek'];
foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {
if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)
{
audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2013-2525');
}
}
__rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\n\n';
}
var kernel_major_minor = get_kb_item('Host/uname/major_minor');
if (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');
var expected_kernel_major_minor = '2.6';
if (kernel_major_minor != expected_kernel_major_minor)
audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);
var pkgs = [
{'reference':'kernel-uek-2.6.39-400.109.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},
{'reference':'kernel-uek-2.6.39-400.109.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},
{'reference':'kernel-uek-debug-2.6.39-400.109.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},
{'reference':'kernel-uek-debug-2.6.39-400.109.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},
{'reference':'kernel-uek-debug-devel-2.6.39-400.109.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},
{'reference':'kernel-uek-debug-devel-2.6.39-400.109.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},
{'reference':'kernel-uek-devel-2.6.39-400.109.1.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},
{'reference':'kernel-uek-devel-2.6.39-400.109.1.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},
{'reference':'kernel-uek-doc-2.6.39-400.109.1.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},
{'reference':'kernel-uek-firmware-2.6.39-400.109.1.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'},
{'reference':'kernel-uek-2.6.39-400.109.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},
{'reference':'kernel-uek-2.6.39-400.109.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},
{'reference':'kernel-uek-debug-2.6.39-400.109.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},
{'reference':'kernel-uek-debug-2.6.39-400.109.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},
{'reference':'kernel-uek-debug-devel-2.6.39-400.109.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},
{'reference':'kernel-uek-debug-devel-2.6.39-400.109.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},
{'reference':'kernel-uek-devel-2.6.39-400.109.1.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},
{'reference':'kernel-uek-devel-2.6.39-400.109.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},
{'reference':'kernel-uek-doc-2.6.39-400.109.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},
{'reference':'kernel-uek-firmware-2.6.39-400.109.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var release = NULL;
var sp = NULL;
var cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && release) {
if (exists_check) {
if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
} else {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4542
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6542
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0190
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0228
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0231
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0268
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0311
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0349
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0871
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0913
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1767
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1773
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1774
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1792
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1796
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1797
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1798
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1848
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1860
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1929
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2094
linux.oracle.com/errata/ELSA-2013-2525.html
Related
oraclelinux
oraclelinux
Unbreakable Enterprise kernel Security update
2013-06-12 00:00:00
Unbreakable Enterprise kernel security and bugfix update
2013-05-09 00:00:00
Unbreakable Enterprise kernel Security update
2013-04-24 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2013-2523)
2015-10-06 00:00:00
Oracle: Security Advisory (ELSA-2013-2519)
2015-10-06 00:00:00
SuSE Update for kernel openSUSE-SU-2013:0847-1 (kernel)
2013-11-19 00:00:00
nessus
nessus
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2013-2523)
2013-07-12 00:00:00
RHEL 6 : kernel (RHSA-2013:0928)
2014-11-08 00:00:00
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel Security (ELSA-2013-2519)
2013-07-12 00:00:00
redhat
redhat
(RHSA-2013:0928) Important: kernel security and bug fix update
2013-06-11 00:00:00
(RHSA-2013:1026) Important: kernel security and bug fix update
2013-07-09 00:00:00
(RHSA-2013:0727) Important: kvm security update
2013-04-09 00:00:00
ubuntu
ubuntu
Linux kernel (OMAP4) vulnerabilities
2013-03-22 00:00:00
Linux kernel vulnerabilities
2013-03-06 00:00:00
Linux kernel vulnerabilities
2013-03-18 00:00:00
securityvulns
securityvulns
Linux kernel multiple security vulnerabilities
2013-03-19 00:00:00
[USN-1767-1] Linux kernel vulnerabilities
2013-03-19 00:00:00
[USN-1756-1] Linux kernel vulnerabilities
2013-03-11 00:00:00
suse
suse
kernel: security and bugfix update (important)
2013-05-31 16:04:13
Security update for Linux kernel (important)
2013-05-07 21:04:31
Security update for Linux kernel (important)
2013-05-08 05:04:26
fedora
fedora
[SECURITY] Fedora 18 Update: kernel-3.8.8-202.fc18
2013-04-19 04:59:13
[SECURITY] Fedora 18 Update: kernel-3.8.6-203.fc18
2013-04-11 23:33:52
[SECURITY] Fedora 18 Update: kernel-3.8.4-202.fc18
2013-03-23 23:58:27
centos
centos
kmod, kvm security update
2013-04-10 03:55:37
kernel, perf, python security update
2013-04-24 02:13:29
kernel, perf, python security update
2013-03-13 11:49:36
altlinux
altlinux
debian
debian
[SECURITY] [DSA 2632-1] linux-2.6 security update
2013-02-26 03:58:48
osv
osv
linux-2.6 - several vulnerabilities
2013-02-25 00:00:00
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.003
Percentile
71.0%
Related for ORACLELINUX_ELSA-2013-2525.NASL