Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2020-2433.NASLHistoryJun 22, 2020 - 12:00 a.m.
Oracle Linux 6 : microcode_ctl (ELSA-2020-2433)
2020-06-2200:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.7%
From Red Hat Security Advisory 2020:2433 :
The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2433 advisory.
-
hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)
-
hw: Vector Register Data Sampling (CVE-2020-0548)
-
hw: L1D Cache Eviction Sampling (CVE-2020-0549)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2020:2433 and
# Oracle Linux Security Advisory ELSA-2020-2433 respectively.
#
include('compat.inc');
if (description)
{
script_id(137695);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/06");
script_cve_id("CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549");
script_xref(name:"RHSA", value:"2020:2433");
script_name(english:"Oracle Linux 6 : microcode_ctl (ELSA-2020-2433)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing a security update.");
script_set_attribute(attribute:"description", value:
"From Red Hat Security Advisory 2020:2433 :
The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as
referenced in the RHSA-2020:2433 advisory.
- hw: Special Register Buffer Data Sampling (SRBDS)
(CVE-2020-0543)
- hw: Vector Register Data Sampling (CVE-2020-0548)
- hw: L1D Cache Eviction Sampling (CVE-2020-0549)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2020-June/010064.html");
script_set_attribute(attribute:"solution", value:
"Update the affected microcode_ctl package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-0549");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/28");
script_set_attribute(attribute:"patch_publication_date", value:"2020/06/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/22");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:microcode_ctl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
flag = 0;
if (rpm_check(release:"EL6", reference:"microcode_ctl-1.17-33.26.0.1.el6_10")) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
else security_note(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "microcode_ctl");
}
Related
nessus
nessus
RHEL 6 : microcode_ctl (RHSA-2020:2433)
2020-06-09 00:00:00
RHEL 8 : microcode_ctl (RHSA-2020:2431)
2020-06-09 00:00:00
CentOS 6 : microcode_ctl (CESA-2020:2433)
2020-06-11 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4385-1)
2020-06-10 00:00:00
Greenbone OS - Linux Kernel Multiple Vulnerabilities (Jun 2020)
2020-07-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:1595-1)
2021-04-19 00:00:00
debian
debian
[SECURITY] [DLA 2248-1] intel-microcode security update
2020-06-13 15:29:48
[SECURITY] [DSA 4701-1] intel-microcode security update
2020-06-11 15:21:45
[SECURITY] [DSA 4701-1] intel-microcode security update
2020-06-11 15:21:45
cloudfoundry
cloudfoundry
USN-4385-2: Intel Microcode regression | Cloud Foundry
2020-06-22 00:00:00
USN-4385-1: Intel Microcode vulnerabilities | Cloud Foundry
2020-06-22 00:00:00
suse
suse
Security update for ucode-intel (moderate)
2020-06-11 00:00:00
Security update for xen (important)
2020-06-16 00:00:00
redhat
redhat
archlinux
archlinux
[ASA-202006-10] intel-ucode: information disclosure
2020-06-13 00:00:00
oraclelinux
oraclelinux
microcode_ctl security, bug fix and enhancement update
2020-06-18 00:00:00
microcode_ctl security, bug fix and enhancement update
2020-06-10 00:00:00
microcode_ctl security, bug fix and enhancement update
2020-06-18 00:00:00
centos
centos
microcode_ctl security update
2020-06-10 17:17:14
microcode_ctl security update
2020-06-10 17:22:53
microcode_ctl security update
2021-08-09 15:29:53
ubuntu
ubuntu
Intel Microcode vulnerabilities
2020-06-09 00:00:00
Intel Microcode regression
2020-06-10 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: microcode_ctl-2.1-39.fc31
2020-06-26 01:08:34
[SECURITY] Fedora 32 Update: microcode_ctl-2.1-39.fc32
2020-06-19 01:05:57
[SECURITY] Fedora 31 Update: kernel-headers-5.6.18-200.fc31
2020-06-18 01:02:02
osv
osv
intel-microcode - security update
2020-06-11 00:00:00
intel-microcode - security update
2020-06-13 00:00:00
Important: microcode_ctl security, bug fix and enhancement update
2021-08-09 09:19:57
amazon
amazon
Medium: microcode_ctl
2020-06-26 22:53:00
Medium: microcode_ctl
2020-07-14 01:55:00
mageia
mageia
Updated microcode packages fix security vulnerability
2020-08-01 02:25:42
f5
f5
K22206205 : Intel vulnerabilities CVE-2020-0548 CVE-2020-0549
2020-01-31 00:00:00
K25920352 : Intel CPU SRBDS side-channel vulnerability CVE-2020-0543
2020-09-30 00:00:00
hp
hp
HPSBHF03670 rev. 2 - Intel® Processors Data Leakage Advisory
2020-06-09 00:00:00
thn
thn
Intel CPUs Vulnerable to New 'SGAxe' and 'CrossTalk' Side-Channel Attacks
2020-06-10 12:59:00
New 'CacheOut' Attack Leaks Data from Intel CPUs, VMs and SGX Enclave
2020-01-28 16:36:00
lenovo
lenovo
Intel Special Register Buffer Data Sampling Advisory - Lenovo Support NL
2020-06-04 16:44:25
threatpost
threatpost
New ‘CacheOut’ Attack Targets Intel CPUs
2020-01-28 22:58:46
intel
intel
Intel® Processors Data Leakage Advisory
2021-05-11 00:00:00
Special Register Buffer Data Sampling Advisory
2020-06-12 00:00:00
rocky
rocky
microcode_ctl security, bug fix and enhancement update
2021-08-09 09:19:57
veracode
veracode
Information Disclosure
2020-06-10 04:58:40
Information Disclosure
2020-06-10 04:58:40
Privilege Escalation
2020-06-10 04:58:39
redhatcve
redhatcve
cvelist
cvelist
ubuntucve
ubuntucve
alpinelinux
alpinelinux
CVE-2020-0548
2020-01-28 01:15:12
prion
prion
Information disclosure
2020-01-28 01:15:00
Information disclosure
2020-01-28 01:15:00
Information disclosure
2020-06-15 14:15:00
almalinux
almalinux
Important: microcode_ctl security, bug fix and enhancement update
2021-08-09 09:19:57
nvd
nvd
cve
cve
debiancve
debiancve
freebsd
freebsd
Intel CPU issues
2020-06-09 00:00:00
ics
ics
Siemens Industrial Products (Update F)
2022-03-10 12:00:00
attackerkb
attackerkb
CVE-2020-0543 CROSSTALK
2020-06-15 00:00:00
ibm
ibm
xen
xen
Special Register Buffer speculative side channel
2020-06-09 16:33:00
virtuozzo
virtuozzo
citrix
citrix
Citrix Hypervisor Security Updates
2020-06-09 04:00:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.7%
Related for ORACLELINUX_ELSA-2020-2433.NASL