7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
82.9%
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12444 advisory.
[2.17-326.0.9.3]
- Forward-port Oracle patches to 2.17-326.3 Reviewed-by: Jose E. Marchesi <[email protected]> Oracle history:
June-22-2023 Cupertino Miranda <[email protected]> - 2.17-326.0.9
- OraBug 35517820 Reworked previous patch for OraBug 35318841 and removed free() of stack allocations.
Reviewed-by: Jose E. Marchesi <[email protected]> June-20-2023 Cupertino Miranda <[email protected]> - 2.17-326.0.7
- OraBug 35517820 Do not allocate heap memory in __nptl_tunables_init.
- This issue was introduced and fixed in patch related to OraBug 35318841.
Reviewed-by: Jose E. Marchesi <[email protected]> April-21-2023 Cupertino Miranda <[email protected]> - 2.17-326.0.5
- OraBug 35318841 Glibc tunable to disable huge pages on pthread_create stacks Reviewed-by: Jose E. Marchesi <[email protected]> December-19-2022 Cupertino Miranda <[email protected]> - 2.17-326.0.3
- OraBug 34909902 vDSO timer functions support on i686 Reviewed-by: Jose E. Marchesi <[email protected]> May-18-2022 Patrick McGehearty <[email protected]> - 2.17-326.0.1
- Forward-port Oracle patches to 2.17-326.
Reviewed-by: Jose E. Marchesi <[email protected]> April-26-2022 Patrick McGehearty <[email protected]> - 2.17-325.0.3
- OraBug 33968985 Security Patches This release fixes CVE-2022-23219, CVE-2022-23218, and CVE-2021-3999 Reviewed-by: Jose E. Marchesi <[email protected]> October-12-2021 Patrick McGehearty <[email protected]> - 2.17-325.0.1
- Merge el7 u9 errata4 patch with Oracle patches Review-exception: Simple merge
- Merge el7 u9 errata patches with Oracle patches Review-exception: Simple merge
- Adding three arm specific patches to allow glibc x86 tree to be used for
- ILOM and other arm builds Reviewed-by: Jose E. Marchesi <[email protected]>
- Merge el7 u8 patches with Oracle patches Review-exception: Simple merge
- Adding Mike Fabian's C.utf-8 patch (C.utf-8 is a unicode-aware version of the C locale) Orabug 29784239.
Reviewed-by: Jose E. Marchesi <[email protected]>
- Remove glibc-ora28641867.patch as duplicate of glibc-rh1705899-4.patch
- Make _IO_funlockfile match __funlockfile and _IO_flockfile match __flockfile Both should test if ((stream->_flags & _IO_USER_LOCK) == 0)
_IO_lock_lock (*stream->_lock);
OraBug 28481550.
Reviewed-by: Jose E. Marchesi <[email protected]>
- Modify glibc-ora28849085.patch so it works with RHCK kernels.
Orabug 28849085.
- Reviewed-by: Egeyar Bagcioglu <[email protected]>
- Use NLM_F_SKIP_STATS in uek2 and RTEXT_FILTER_SKIP_STATS in uek4 in getifaddrs.
- Orabug 28849085
- Reviewed-by: Patrick McGehearty <[email protected]>
- Mention CVE numbers in the .spec file for CVE-2015-8983 and CVE-2015-8984.
- Orabug 25558067.
- Reviewed-by: Egeyar Bagcioglu <[email protected]>
- Regenerate plural.c
- OraBug 28806294.
- Reviewed-by: Jose E. Marchesi <[email protected]>
- intl: Port to Bison 3.0
- Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9
- OraBug 28806294.
- Reviewed-by: Patrick McGehearty <[email protected]>
- Fix dbl-64/wordsize-64 remquo (bug 17569).
- Backport of upstream d9afe48d55a412e76b0dcb28335fd4b390fe07ae
- OraBug 19570749.
- Reviewed-by: Jose E. Marchesi <[email protected]>
- libio: Disable vtable validation in case of interposition.
- Backport of upstream c402355dfa7807b8e0adb27c009135a7e2b9f1b0.
- OraBug 28641867.
- Reviewed-by: Egeyar Bagcioglu <[email protected]>
- Include-linux-falloc.h-in-bits-fcntl-linux.h
- Defines FALLOC_FL_PUNSH_HOLE, FALLOC_FL_KEEP_SIZE, FALLOC_FL_COLLAPSE_RANGE, and FALLOC_FL_ZERO_RANGE
- OraBug 28483336
- Add MAP_SHARED_VALIDATE and MAP_SYNC flags to
- sysdeps/unix/sysv/linux/x86/bits/mman.h
- OraBug 28389572
- Update bits/siginfo.h with Linux hwpoison SIGBUS changes.
- Adds new SIGBUS error codes for hardware poison signals, syncing with the current kernel headers (v3.9).
- It also adds si_trapno field for alpha.
- New values: BUS_MCEERR_AR, BUS_MCEERR_AO
- OraBug 28124569
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2024-12444.
##
include('compat.inc');
if (description)
{
script_id(200741);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/19");
script_cve_id(
"CVE-2024-2961",
"CVE-2024-33599",
"CVE-2024-33600",
"CVE-2024-33601",
"CVE-2024-33602"
);
script_name(english:"Oracle Linux 7 : glibc (ELSA-2024-12444)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2024-12444 advisory.
[2.17-326.0.9.3]
- Forward-port Oracle patches to 2.17-326.3
Reviewed-by: Jose E. Marchesi <[email protected]>
Oracle history:
June-22-2023 Cupertino Miranda <[email protected]> - 2.17-326.0.9
- OraBug 35517820 Reworked previous patch for OraBug 35318841 and removed
free() of stack allocations.
Reviewed-by: Jose E. Marchesi <[email protected]>
June-20-2023 Cupertino Miranda <[email protected]> - 2.17-326.0.7
- OraBug 35517820 Do not allocate heap memory in __nptl_tunables_init.
- This issue was introduced and fixed in patch related to OraBug 35318841.
Reviewed-by: Jose E. Marchesi <[email protected]>
April-21-2023 Cupertino Miranda <[email protected]> - 2.17-326.0.5
- OraBug 35318841 Glibc tunable to disable huge pages on pthread_create stacks
Reviewed-by: Jose E. Marchesi <[email protected]>
December-19-2022 Cupertino Miranda <[email protected]> - 2.17-326.0.3
- OraBug 34909902 vDSO timer functions support on i686
Reviewed-by: Jose E. Marchesi <[email protected]>
May-18-2022 Patrick McGehearty <[email protected]> - 2.17-326.0.1
- Forward-port Oracle patches to 2.17-326.
Reviewed-by: Jose E. Marchesi <[email protected]>
April-26-2022 Patrick McGehearty <[email protected]> - 2.17-325.0.3
- OraBug 33968985 Security Patches
This release fixes CVE-2022-23219, CVE-2022-23218, and CVE-2021-3999
Reviewed-by: Jose E. Marchesi <[email protected]>
October-12-2021 Patrick McGehearty <[email protected]> - 2.17-325.0.1
- Merge el7 u9 errata4 patch with Oracle patches
Review-exception: Simple merge
- Merge el7 u9 errata patches with Oracle patches
Review-exception: Simple merge
- Adding three arm specific patches to allow glibc x86 tree to be used for
- ILOM and other arm builds
Reviewed-by: Jose E. Marchesi <[email protected]>
- Merge el7 u8 patches with Oracle patches
Review-exception: Simple merge
- Adding Mike Fabian's C.utf-8 patch (C.utf-8 is a unicode-aware version
of the C locale)
Orabug 29784239.
Reviewed-by: Jose E. Marchesi <[email protected]>
- Remove glibc-ora28641867.patch as duplicate of glibc-rh1705899-4.patch
- Make _IO_funlockfile match __funlockfile and _IO_flockfile match __flockfile
Both should test
if ((stream->_flags & _IO_USER_LOCK) == 0)
_IO_lock_lock (*stream->_lock);
OraBug 28481550.
Reviewed-by: Jose E. Marchesi <[email protected]>
- Modify glibc-ora28849085.patch so it works with RHCK kernels.
Orabug 28849085.
- Reviewed-by: Egeyar Bagcioglu <[email protected]>
- Use NLM_F_SKIP_STATS in uek2 and RTEXT_FILTER_SKIP_STATS in uek4 in getifaddrs.
- Orabug 28849085
- Reviewed-by: Patrick McGehearty <[email protected]>
- Mention CVE numbers in the .spec file for CVE-2015-8983 and CVE-2015-8984.
- Orabug 25558067.
- Reviewed-by: Egeyar Bagcioglu <[email protected]>
- Regenerate plural.c
- OraBug 28806294.
- Reviewed-by: Jose E. Marchesi <[email protected]>
- intl: Port to Bison 3.0
- Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9
- OraBug 28806294.
- Reviewed-by: Patrick McGehearty <[email protected]>
- Fix dbl-64/wordsize-64 remquo (bug 17569).
- Backport of upstream d9afe48d55a412e76b0dcb28335fd4b390fe07ae
- OraBug 19570749.
- Reviewed-by: Jose E. Marchesi <[email protected]>
- libio: Disable vtable validation in case of interposition.
- Backport of upstream c402355dfa7807b8e0adb27c009135a7e2b9f1b0.
- OraBug 28641867.
- Reviewed-by: Egeyar Bagcioglu <[email protected]>
- Include-linux-falloc.h-in-bits-fcntl-linux.h
- Defines FALLOC_FL_PUNSH_HOLE, FALLOC_FL_KEEP_SIZE,
FALLOC_FL_COLLAPSE_RANGE, and FALLOC_FL_ZERO_RANGE
- OraBug 28483336
- Add MAP_SHARED_VALIDATE and MAP_SYNC flags to
- sysdeps/unix/sysv/linux/x86/bits/mman.h
- OraBug 28389572
- Update bits/siginfo.h with Linux hwpoison SIGBUS changes.
- Adds new SIGBUS error codes for hardware poison signals, syncing with
the current kernel headers (v3.9).
- It also adds si_trapno field for alpha.
- New values: BUS_MCEERR_AR, BUS_MCEERR_AO
- OraBug 28124569
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2024-12444.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-2961");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/05");
script_set_attribute(attribute:"patch_publication_date", value:"2024/06/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:linux:7::userspace_ksplice");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:glibc-utils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:nscd");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_release = get_kb_item("Host/RedHat/release");
if (isnull(os_release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
var pkgs = [
{'reference':'glibc-2.17-326.0.9.ksplice1.el7_9.3', 'cpu':'i686', 'release':'7', 'el_string':'ksplice1.el7_9.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'glibc-devel-2.17-326.0.9.ksplice1.el7_9.3', 'cpu':'i686', 'release':'7', 'el_string':'ksplice1.el7_9.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'glibc-static-2.17-326.0.9.ksplice1.el7_9.3', 'cpu':'i686', 'release':'7', 'el_string':'ksplice1.el7_9.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'glibc-2.17-326.0.9.ksplice1.el7_9.3', 'cpu':'x86_64', 'release':'7', 'el_string':'ksplice1.el7_9.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'glibc-common-2.17-326.0.9.ksplice1.el7_9.3', 'cpu':'x86_64', 'release':'7', 'el_string':'ksplice1.el7_9.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'glibc-devel-2.17-326.0.9.ksplice1.el7_9.3', 'cpu':'x86_64', 'release':'7', 'el_string':'ksplice1.el7_9.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'glibc-headers-2.17-326.0.9.ksplice1.el7_9.3', 'cpu':'x86_64', 'release':'7', 'el_string':'ksplice1.el7_9.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'glibc-static-2.17-326.0.9.ksplice1.el7_9.3', 'cpu':'x86_64', 'release':'7', 'el_string':'ksplice1.el7_9.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'glibc-utils-2.17-326.0.9.ksplice1.el7_9.3', 'cpu':'x86_64', 'release':'7', 'el_string':'ksplice1.el7_9.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'nscd-2.17-326.0.9.ksplice1.el7_9.3', 'cpu':'x86_64', 'release':'7', 'el_string':'ksplice1.el7_9.', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release) {
if (exists_check) {
if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
} else {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glibc / glibc-common / glibc-devel / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
oracle | linux | 7 | cpe:/o:oracle:linux:7 |
oracle | linux | glibc | p-cpe:/a:oracle:linux:glibc |
oracle | linux | glibc-common | p-cpe:/a:oracle:linux:glibc-common |
oracle | linux | glibc-devel | p-cpe:/a:oracle:linux:glibc-devel |
oracle | linux | glibc-headers | p-cpe:/a:oracle:linux:glibc-headers |
oracle | linux | glibc-static | p-cpe:/a:oracle:linux:glibc-static |
oracle | linux | glibc-utils | p-cpe:/a:oracle:linux:glibc-utils |
oracle | linux | nscd | p-cpe:/a:oracle:linux:nscd |
oracle | linux | 7 | cpe:/a:oracle:linux:7::userspace_ksplice |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602
linux.oracle.com/errata/ELSA-2024-12444.html
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
82.9%