Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2014-3019.NASLHistoryApr 18, 2014 - 12:00 a.m.
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3019)
2014-04-1800:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23
CVSS2
6.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.001
Percentile
26.8%
The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-3019 advisory.
- Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.
(CVE-2014-2851)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2014-3019.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(73607);
script_version("1.16");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/09/08");
script_cve_id("CVE-2014-2851");
script_bugtraq_id(66779);
script_name(english:"Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3019)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the
ELSA-2014-3019 advisory.
- Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1
allows local users to cause a denial of service (use-after-free and system crash) or possibly gain
privileges via a crafted application that leverages an improperly managed reference counter.
(CVE-2014-2851)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2014-3019.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-2851");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/11");
script_set_attribute(attribute:"patch_publication_date", value:"2014/04/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-firmware");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("linux_alt_patch_detect.nasl", "ssh_get_info.nasl");
script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('ksplice.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
var os_ver = os_ver[1];
if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 5 / 6', 'Oracle Linux ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
var machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');
if (machine_uptrack_level)
{
var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:"\.(x86_64|i[3-6]86|aarch64)$", replace:'');
var fixed_uptrack_levels = ['2.6.39-400.214.5.el5uek', '2.6.39-400.214.5.el6uek'];
foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {
if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)
{
audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2014-3019');
}
}
__rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\n\n';
}
var kernel_major_minor = get_kb_item('Host/uname/major_minor');
if (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');
var expected_kernel_major_minor = '2.6';
if (kernel_major_minor != expected_kernel_major_minor)
audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);
var pkgs = [
{'reference':'kernel-uek-2.6.39-400.214.5.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},
{'reference':'kernel-uek-2.6.39-400.214.5.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},
{'reference':'kernel-uek-debug-2.6.39-400.214.5.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},
{'reference':'kernel-uek-debug-2.6.39-400.214.5.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},
{'reference':'kernel-uek-debug-devel-2.6.39-400.214.5.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},
{'reference':'kernel-uek-debug-devel-2.6.39-400.214.5.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},
{'reference':'kernel-uek-devel-2.6.39-400.214.5.el5uek', 'cpu':'i686', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},
{'reference':'kernel-uek-devel-2.6.39-400.214.5.el5uek', 'cpu':'x86_64', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},
{'reference':'kernel-uek-doc-2.6.39-400.214.5.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},
{'reference':'kernel-uek-firmware-2.6.39-400.214.5.el5uek', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'},
{'reference':'kernel-uek-2.6.39-400.214.5.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},
{'reference':'kernel-uek-2.6.39-400.214.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-2.6.39'},
{'reference':'kernel-uek-debug-2.6.39-400.214.5.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},
{'reference':'kernel-uek-debug-2.6.39-400.214.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-2.6.39'},
{'reference':'kernel-uek-debug-devel-2.6.39-400.214.5.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},
{'reference':'kernel-uek-debug-devel-2.6.39-400.214.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-2.6.39'},
{'reference':'kernel-uek-devel-2.6.39-400.214.5.el6uek', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},
{'reference':'kernel-uek-devel-2.6.39-400.214.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-2.6.39'},
{'reference':'kernel-uek-doc-2.6.39-400.214.5.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-2.6.39'},
{'reference':'kernel-uek-firmware-2.6.39-400.214.5.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-2.6.39'}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var release = NULL;
var sp = NULL;
var cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && release) {
if (exists_check) {
if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
} else {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | linux | 5 | cpe:/o:oracle:linux:5 |
| oracle | linux | 6 | cpe:/o:oracle:linux:6 |
| oracle | linux | kernel-uek | p-cpe:/a:oracle:linux:kernel-uek |
| oracle | linux | kernel-uek-debug | p-cpe:/a:oracle:linux:kernel-uek-debug |
| oracle | linux | kernel-uek-debug-devel | p-cpe:/a:oracle:linux:kernel-uek-debug-devel |
| oracle | linux | kernel-uek-devel | p-cpe:/a:oracle:linux:kernel-uek-devel |
| oracle | linux | kernel-uek-doc | p-cpe:/a:oracle:linux:kernel-uek-doc |
| oracle | linux | kernel-uek-firmware | p-cpe:/a:oracle:linux:kernel-uek-firmware |
Related
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2014-04-16 00:00:00
Unbreakable Enterprise kernel security update
2014-04-16 00:00:00
kernel security, bug fix, and enhancement update
2014-07-23 00:00:00
nvd
nvd
CVE-2014-2851
2014-04-14 23:55:07
nessus
nessus
Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3018)
2014-04-18 00:00:00
Fedora 20 : kernel-3.13.10-200.fc20 (2014-5235)
2014-04-21 00:00:00
Fedora 19 : kernel-3.13.11-100.fc19 (2014-5609)
2014-05-06 00:00:00
seebug
seebug
Linux group_info refcounter - Overflow Memory Corruption
2014-07-01 00:00:00
Linux Kernel 'ping_init_sock()'本地权限提升漏洞
2014-04-15 00:00:00
prion
prion
Integer overflow
2014-04-14 23:55:00
packetstorm
packetstorm
Linux group_info Denial Of Service
2014-04-18 00:00:00
exploitpack
exploitpack
Linux Kernel - group_info refcounter Overflow Memory Corruption
2014-04-18 00:00:00
cve
cve
CVE-2014-2851
2014-04-14 23:55:07
ubuntucve
ubuntucve
CVE-2014-2851
2014-04-14 00:00:00
zdt
zdt
linux group_info refcounter - Overflow Memory Corruption
2014-04-19 00:00:00
debiancve
debiancve
CVE-2014-2851
2014-04-14 23:55:07
openvas
openvas
Oracle: Security Advisory (ELSA-2014-3018)
2015-10-06 00:00:00
Oracle: Security Advisory (ELSA-2014-3019)
2015-10-06 00:00:00
Mageia: Security Advisory (MGASA-2014-0208)
2022-01-28 00:00:00
cvelist
cvelist
CVE-2014-2851
2014-04-14 23:00:00
exploitdb
exploitdb
Linux Kernel - 'group_info' refcounter Overflow Memory Corruption
2014-04-18 00:00:00
mageia
mageia
Updated kernel packages fixes multiple bugs and vulnerabilities
2014-05-09 01:48:19
Updated kernel-rt packages fixes multiple bugs and vulneraabilities
2014-05-09 01:55:53
Updated kernel-tmb packages fix multiple bugs and vulnerabilities
2014-05-24 01:57:06
osv
osv
linux - security update
2014-05-12 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2926-1] linux security update
2014-05-15 00:00:00
[USN-2228-1] Linux kernel vulnerabilities
2014-05-29 00:00:00
Linux kernel multiple security vulnerabilities
2014-05-29 00:00:00
debian
debian
[SECURITY] [DSA 2926-1] linux security update
2014-05-12 15:59:46
redhat
redhat
(RHSA-2014:1101) Important: kernel security and bug fix update
2014-08-27 00:00:00
(RHSA-2014:0786) Important: kernel security, bug fix, and enhancement update
2014-06-24 00:00:00
(RHSA-2014:0981) Important: kernel security, bug fix, and enhancement update
2014-07-29 00:00:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2014-05-27 00:00:00
Linux kernel (Trusty HWE) vulnerabilities
2014-06-27 00:00:00
Linux kernel vulnerabilities
2014-05-27 00:00:00
suse
suse
kernel: security and bugfix release (important)
2014-07-01 12:04:32
kernel: security and bugfix update (important)
2014-06-25 09:04:14
Security update for Linux kernel (important)
2014-07-17 06:33:34
centos
centos
kernel, perf, python security update
2014-07-31 19:57:06
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:03:26
Information Disclosure
2019-05-02 05:03:25
Denial Of Service (DoS)
2019-05-02 05:03:26
fedora
fedora
[SECURITY] Fedora 20 Update: kernel-3.13.10-200.fc20
2014-04-18 15:36:24
[SECURITY] Fedora 20 Update: kernel-3.14.3-200.fc20
2014-05-10 03:21:17
[SECURITY] Fedora 20 Update: kernel-3.14.4-200.fc20
2014-05-16 10:04:40
CVSS2
6.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS
0.001
Percentile
26.8%
Related for ORACLELINUX_ELSA-2014-3019.NASL