Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2018-2948.NASL
HistoryOct 31, 2018 - 12:00 a.m.

RHEL 7 : kernel-alt (RHSA-2018:2948)

2018-10-3100:00:00
This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.783 High

EPSS

Percentile

98.3%

JSON

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2948 advisory.

  • kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166)

  • kernel: Use-after-free in drivers/media/dvb-core/dvb_frontend.c (CVE-2017-16648)

  • kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service (CVE-2017-17805)

  • kernel: HMAC implementation does not validate that the underlying cryptographic hash algorithm is unkeyed allowing local attackers to cause denial-of-service (CVE-2017-17806)

  • kernel: Mishandled freeing of instances in pcrypt.c can allow a local user to cause a denial of service (CVE-2017-18075)

  • kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service (CVE-2017-18208)

  • kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)

  • kernel: netfilter: xtables NULL pointer dereference in ip6_tables.c:ip6t_do_table() leading to a crash (CVE-2018-1065)

  • kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068)

  • kernel: NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)

  • kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)

  • kernel: out-of-bound access in fs/posix_acl.c:get_acl() causes crash with crafted ext4 image (CVE-2018-1095)

  • kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)

  • kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)

  • hw: cpu: speculative store bypass (CVE-2018-3639)

  • kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service (CVE-2018-5344)

  • kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack) (CVE-2018-5390)

  • kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) (CVE-2018-5391)

  • kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass (CVE-2018-5750)

  • kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service (CVE-2018-5803)

  • kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)

  • kernel: race condition in snd_seq_write() may lead to UAF or OOB-access (CVE-2018-7566)

  • kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)

  • kernel: Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)

  • kernel: Buffer overflow in hidp_process_report (CVE-2018-9363)

  • kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)

  • kernel: out-of-bound access in ext4_ext_drop_refs function with a crafted ext4 image (CVE-2018-10877)

  • kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)

  • kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)

  • kernel: stack-out-of-bounds write in ext4_update_inline_data function (CVE-2018-10880)

  • kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)

  • kernel: stack-out-of-bounds write infs/jbd2/transaction.c (CVE-2018-10882)

  • kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)

  • kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)

  • kernel: Stack-based buffer overflow in drivers/scsi/sr_ioctl.c allows denial of service or other unspecified impact (CVE-2018-11506)

  • kernel: NULL pointer dereference if close and fchownat system calls share a socket file descriptor (CVE-2018-12232)

  • kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non- members (CVE-2018-13405)

  • kernel: crash (possible privesc) in kernel crypto api. (CVE-2018-14619)

  • kernel: a bug in ip_frag_reasm() can cause a crash in ip_do_fragment() (CVE-2018-14641)

  • kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)

  • kernel: NULL pointer dereference on OOM kill of large mlocked process (CVE-2018-1000200)

  • kernel: Infoleak caused by incorrect handling of the SG_IO ioctl (CVE-2018-1000204)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2018:2948. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('compat.inc');

if (description)
{
  script_id(118513);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/27");

  script_cve_id(
    "CVE-2017-13166",
    "CVE-2017-16648",
    "CVE-2017-17805",
    "CVE-2017-17806",
    "CVE-2017-18075",
    "CVE-2017-18208",
    "CVE-2017-18344",
    "CVE-2018-1065",
    "CVE-2018-1068",
    "CVE-2018-1092",
    "CVE-2018-1094",
    "CVE-2018-1095",
    "CVE-2018-1118",
    "CVE-2018-1120",
    "CVE-2018-3639",
    "CVE-2018-5344",
    "CVE-2018-5390",
    "CVE-2018-5391",
    "CVE-2018-5750",
    "CVE-2018-5803",
    "CVE-2018-5848",
    "CVE-2018-7566",
    "CVE-2018-7757",
    "CVE-2018-8781",
    "CVE-2018-9363",
    "CVE-2018-10322",
    "CVE-2018-10877",
    "CVE-2018-10878",
    "CVE-2018-10879",
    "CVE-2018-10880",
    "CVE-2018-10881",
    "CVE-2018-10882",
    "CVE-2018-10883",
    "CVE-2018-10940",
    "CVE-2018-11506",
    "CVE-2018-12232",
    "CVE-2018-13405",
    "CVE-2018-14619",
    "CVE-2018-14641",
    "CVE-2018-1000026",
    "CVE-2018-1000200",
    "CVE-2018-1000204"
  );
  script_xref(name:"RHSA", value:"2018:2948");

  script_name(english:"RHEL 7 : kernel-alt (RHSA-2018:2948)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2018:2948 advisory.

  - kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166)

  - kernel: Use-after-free in drivers/media/dvb-core/dvb_frontend.c (CVE-2017-16648)

  - kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers
    to cause denial-of-service (CVE-2017-17805)

  - kernel: HMAC implementation does not validate that the underlying cryptographic hash algorithm is unkeyed
    allowing local attackers to cause denial-of-service (CVE-2017-17806)

  - kernel: Mishandled freeing of instances in pcrypt.c can allow a local user to cause a denial of service
    (CVE-2017-18075)

  - kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of
    service (CVE-2017-18208)

  - kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)

  - kernel: netfilter: xtables NULL pointer dereference in ip6_tables.c:ip6t_do_table() leading to a crash
    (CVE-2018-1065)

  - kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c
    (CVE-2018-1068)

  - kernel: NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4
    image (CVE-2018-1092)

  - kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4
    image (CVE-2018-1094)

  - kernel: out-of-bound access in fs/posix_acl.c:get_acl() causes crash with crafted ext4 image
    (CVE-2018-1095)

  - kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)

  - kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)

  - hw: cpu: speculative store bypass (CVE-2018-3639)

  - kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service
    (CVE-2018-5344)

  - kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack) (CVE-2018-5390)

  - kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack) (CVE-2018-5391)

  - kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially
    allowing KASLR bypass (CVE-2018-5750)

  - kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows
    denial of service (CVE-2018-5803)

  - kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory
    corruption (CVE-2018-5848)

  - kernel: race condition in snd_seq_write() may lead to UAF or OOB-access (CVE-2018-7566)

  - kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c
    (CVE-2018-7757)

  - kernel: Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow attackers to execute code
    in kernel space (CVE-2018-8781)

  - kernel: Buffer overflow in hidp_process_report (CVE-2018-9363)

  - kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image
    allowing denial of service (CVE-2018-10322)

  - kernel: out-of-bound access in ext4_ext_drop_refs function with a crafted ext4 image (CVE-2018-10877)

  - kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)

  - kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)

  - kernel: stack-out-of-bounds write in ext4_update_inline_data function (CVE-2018-10880)

  - kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image
    (CVE-2018-10881)

  - kernel: stack-out-of-bounds write infs/jbd2/transaction.c (CVE-2018-10882)

  - kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)

  - kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)

  - kernel: Stack-based buffer overflow in drivers/scsi/sr_ioctl.c allows denial of service or other
    unspecified impact (CVE-2018-11506)

  - kernel: NULL pointer dereference if close and fchownat system calls share a socket file descriptor
    (CVE-2018-12232)

  - kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-
    members (CVE-2018-13405)

  - kernel: crash (possible privesc) in kernel crypto api. (CVE-2018-14619)

  - kernel: a bug in ip_frag_reasm() can cause a crash in ip_do_fragment() (CVE-2018-14641)

  - kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via
    crafted packet (CVE-2018-1000026)

  - kernel: NULL pointer dereference on OOM kill of large mlocked process (CVE-2018-1000200)

  - kernel: Infoleak caused by incorrect handling of the SG_IO ioctl (CVE-2018-1000204)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://access.redhat.com/security/data/csaf/v2/advisories/2018/rhsa-2018_2948.json
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?035201b1");
  # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2b0cc1e7");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/articles/3553061");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/articles/3658021");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1516257");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1528312");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1528323");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1533909");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1539508");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1539706");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1541846");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1547824");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1548412");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1550142");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1551051");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1551565");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1552048");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1553361");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1560777");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1560788");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1560793");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1566890");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568744");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1571062");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1571623");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1573699");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1575472");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1577408");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1583210");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1589324");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1590215");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1590799");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1596795");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1596802");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1596806");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1596812");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1596828");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1596842");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1596846");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1599161");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1601704");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1609664");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1610958");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1622004");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1623067");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1629636");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:2948");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#important");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/vulnerabilities/ssbd");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-9363");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_cwe_id(119, 120, 121, 122, 125, 190, 20, 200, 266, 284, 362, 391, 400, 416, 456, 476, 628, 787, 835);
  script_set_attribute(attribute:"vendor_severity", value:"Important");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/11/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/10/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/31");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-alt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');
include('ksplice.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

if (get_one_kb_item('Host/ksplice/kernel-cves'))
{
  rm_kb_item(name:'Host/uptrack-uname-r');
  var cve_list = make_list('CVE-2017-13166', 'CVE-2017-16648', 'CVE-2017-17805', 'CVE-2017-17806', 'CVE-2017-18075', 'CVE-2017-18208', 'CVE-2017-18344', 'CVE-2018-1065', 'CVE-2018-1068', 'CVE-2018-1092', 'CVE-2018-1094', 'CVE-2018-1095', 'CVE-2018-1118', 'CVE-2018-1120', 'CVE-2018-3639', 'CVE-2018-5344', 'CVE-2018-5390', 'CVE-2018-5391', 'CVE-2018-5750', 'CVE-2018-5803', 'CVE-2018-5848', 'CVE-2018-7566', 'CVE-2018-7757', 'CVE-2018-8781', 'CVE-2018-9363', 'CVE-2018-10322', 'CVE-2018-10877', 'CVE-2018-10878', 'CVE-2018-10879', 'CVE-2018-10880', 'CVE-2018-10881', 'CVE-2018-10882', 'CVE-2018-10883', 'CVE-2018-10940', 'CVE-2018-11506', 'CVE-2018-12232', 'CVE-2018-13405', 'CVE-2018-14619', 'CVE-2018-14641', 'CVE-2018-1000026', 'CVE-2018-1000200', 'CVE-2018-1000204');
  if (ksplice_cves_check(cve_list))
  {
    audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2018:2948');
  }
  else
  {
    __rpm_report = ksplice_reporting_text();
  }
}

var constraints = [
  {
    'repo_relative_urls': [
      'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',
      'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',
      'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',
      'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',
      'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',
      'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',
      'content/dist/rhel/power-le/7/7.9/ppc64le/debug',
      'content/dist/rhel/power-le/7/7.9/ppc64le/highavailability/debug',
      'content/dist/rhel/power-le/7/7.9/ppc64le/highavailability/os',
      'content/dist/rhel/power-le/7/7.9/ppc64le/highavailability/source/SRPMS',
      'content/dist/rhel/power-le/7/7.9/ppc64le/optional/debug',
      'content/dist/rhel/power-le/7/7.9/ppc64le/optional/os',
      'content/dist/rhel/power-le/7/7.9/ppc64le/optional/source/SRPMS',
      'content/dist/rhel/power-le/7/7.9/ppc64le/os',
      'content/dist/rhel/power-le/7/7.9/ppc64le/resilientstorage/debug',
      'content/dist/rhel/power-le/7/7.9/ppc64le/resilientstorage/os',
      'content/dist/rhel/power-le/7/7.9/ppc64le/resilientstorage/source/SRPMS',
      'content/dist/rhel/power-le/7/7.9/ppc64le/source/SRPMS',
      'content/dist/rhel/power-le/7/7Server/ppc64le/debug',
      'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',
      'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',
      'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',
      'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',
      'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',
      'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',
      'content/dist/rhel/power-le/7/7Server/ppc64le/os',
      'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',
      'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',
      'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',
      'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',
      'content/dist/rhel/power/7/7.9/ppc64/debug',
      'content/dist/rhel/power/7/7.9/ppc64/optional/debug',
      'content/dist/rhel/power/7/7.9/ppc64/optional/os',
      'content/dist/rhel/power/7/7.9/ppc64/optional/source/SRPMS',
      'content/dist/rhel/power/7/7.9/ppc64/os',
      'content/dist/rhel/power/7/7.9/ppc64/source/SRPMS',
      'content/dist/rhel/power/7/7Server/ppc64/debug',
      'content/dist/rhel/power/7/7Server/ppc64/optional/debug',
      'content/dist/rhel/power/7/7Server/ppc64/optional/os',
      'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',
      'content/dist/rhel/power/7/7Server/ppc64/os',
      'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',
      'content/fastrack/rhel/power/7/ppc64/debug',
      'content/fastrack/rhel/power/7/ppc64/optional/debug',
      'content/fastrack/rhel/power/7/ppc64/optional/os',
      'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',
      'content/fastrack/rhel/power/7/ppc64/os',
      'content/fastrack/rhel/power/7/ppc64/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'kernel-4.14.0-115.el7a', 'cpu':'ppc64le', 'release':'7', 'el_string':'el7a', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-bootwrapper-4.14.0-115.el7a', 'cpu':'ppc64le', 'release':'7', 'el_string':'el7a', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-debug-4.14.0-115.el7a', 'cpu':'ppc64le', 'release':'7', 'el_string':'el7a', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-debug-devel-4.14.0-115.el7a', 'cpu':'ppc64le', 'release':'7', 'el_string':'el7a', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-devel-4.14.0-115.el7a', 'cpu':'ppc64le', 'release':'7', 'el_string':'el7a', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-headers-4.14.0-115.el7a', 'cpu':'ppc64le', 'release':'7', 'el_string':'el7a', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-tools-4.14.0-115.el7a', 'cpu':'ppc64le', 'release':'7', 'el_string':'el7a', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-tools-libs-4.14.0-115.el7a', 'cpu':'ppc64le', 'release':'7', 'el_string':'el7a', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'kernel-tools-libs-devel-4.14.0-115.el7a', 'cpu':'ppc64le', 'release':'7', 'el_string':'el7a', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'perf-4.14.0-115.el7a', 'cpu':'ppc64le', 'release':'7', 'el_string':'el7a', 'rpm_spec_vers_cmp':TRUE},
      {'reference':'python-perf-4.14.0-115.el7a', 'cpu':'ppc64le', 'release':'7', 'el_string':'el7a', 'rpm_spec_vers_cmp':TRUE}
    ]
  }
];

var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);

var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
  foreach var pkg ( constraint_array['pkgs'] ) {
    var reference = NULL;
    var _release = NULL;
    var sp = NULL;
    var _cpu = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var epoch = NULL;
    var allowmaj = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        _release &&
        rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
        (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
        rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
  else extra = rpm_report_get();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-bootwrapper / kernel-debug / kernel-debug-devel / etc');
}
VendorProductVersionCPE
redhatenterprise_linuxkernelp-cpe:/a:redhat:enterprise_linux:kernel
redhatenterprise_linuxkernel-altp-cpe:/a:redhat:enterprise_linux:kernel-alt
redhatenterprise_linuxkernel-bootwrapperp-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper
redhatenterprise_linuxkernel-debugp-cpe:/a:redhat:enterprise_linux:kernel-debug
redhatenterprise_linuxkernel-debug-develp-cpe:/a:redhat:enterprise_linux:kernel-debug-devel
redhatenterprise_linuxkernel-develp-cpe:/a:redhat:enterprise_linux:kernel-devel
redhatenterprise_linuxkernel-headersp-cpe:/a:redhat:enterprise_linux:kernel-headers
redhatenterprise_linuxkernel-toolsp-cpe:/a:redhat:enterprise_linux:kernel-tools
redhatenterprise_linuxkernel-tools-libsp-cpe:/a:redhat:enterprise_linux:kernel-tools-libs
redhatenterprise_linuxkernel-tools-libs-develp-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel
Rows per page:
1-10 of 131

References

Related

redhat 3
nessus 62
centos 1
oraclelinux 4
openvas 53
suse 48
ibm 2
altlinux 1
mageia 6
osv 2
debian 2
ubuntu 7
photon 3
cloudfoundry 2
fedora 2
ubuntucve 1
redhat
redhat
(RHSA-2018:2948) Important: kernel-alt security, bug fix, and enhancement update
2018-10-30 08:15:20
(RHSA-2018:3096) Important: kernel-rt security, bug fix, and enhancement update
2018-10-30 04:18:28
(RHSA-2018:3083) Important: kernel security, bug fix, and enhancement update
2018-10-30 04:16:59
nessus
nessus
CentOS 7 : kernel (CESA-2018:3083)
2018-11-16 00:00:00
RHEL 7 : kernel (RHSA-2018:3083)
2018-10-31 00:00:00
Scientific Linux Security Update : kernel on SL7.x x86_64 (20181030)
2018-11-27 00:00:00
centos
centos
bpftool, kernel, perf, python security update
2018-11-15 18:40:28
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2018-11-05 00:00:00
Unbreakable Enterprise kernel security update
2019-04-08 00:00:00
Unbreakable Enterprise kernel security update
2019-04-09 00:00:00
openvas
openvas
openSUSE: Security Advisory for kernel (openSUSE-SU-2018:2404-1)
2018-08-18 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2380-1)
2021-06-09 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1507)
2020-01-23 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2018-08-17 12:32:52
Security update for the Linux Kernel (important)
2018-08-17 12:20:07
Security update for the Linux Kernel (Live Patch 9 for SLE 12 SP3) (important)
2018-04-20 15:16:43
ibm
ibm
Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities
2019-06-27 08:40:01
Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM
2019-05-17 16:05:02
altlinux
altlinux
Security fix for the ALT Linux 8 package kernel-image-std-pae version 1:4.4.140-alt0.M80P.1
2018-07-16 00:00:00
mageia
mageia
Updated kernel packages fixes security vulnerabilities
2018-07-25 11:24:17
Updated kernel-tmb packages fix security vulnerabilities
2018-05-31 23:34:08
Updated kernel-linus packages fix security vulnerabilities
2018-08-15 18:45:26
osv
osv
linux-4.9 - security update
2018-07-14 00:00:00
linux-4.9 - security update
2018-08-13 00:00:00
debian
debian
[SECURITY] [DLA 1423-1] linux-4.9 new package
2018-07-18 15:37:11
[SECURITY] [DLA 1466-1] linux-4.9 security update
2018-08-15 12:18:26
ubuntu
ubuntu
Linux kernel (Xenial HWE) vulnerabilities
2018-08-24 00:00:00
Linux kernel vulnerabilities
2018-08-24 00:00:00
Linux kernel (HWE) vulnerabilities
2019-02-04 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0132
2018-05-03 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0122
2018-04-05 00:00:00
Important Photon OS Security Update - PHSA-2018-0122
2018-04-05 00:00:00
cloudfoundry
cloudfoundry
USN-3753-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
USN-3871-4: Linux kernel (HWE) vulnerabilities | Cloud Foundry
2019-02-15 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: kernel-4.15.8-300.fc27
2018-03-13 23:26:22
[SECURITY] Fedora 28 Update: kernel-4.17.2-200.fc28
2018-06-23 20:49:26
ubuntucve
ubuntucve
CVE-2018-10879
2018-07-26 00:00:00

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.783 High

EPSS

Percentile

98.3%

JSON
Related for REDHAT-RHSA-2018-2948.NASL
redhat3nessus62centos1oraclelinux4openvas53suse48ibm2altlinux1mageia6osv2debian2ubuntu7photon3cloudfoundry2fedora2ubuntucve1