This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2018-1173-1.NASLSUSE SLES12 Security Update : kernel (SUSE-SU-2018:1173-1)
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
31.1%
The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to receive various security and bugfixes. The following security bugs were fixed :
-
CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability that allowed local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643).
-
CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752).
-
CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the
-INT_MIN value (bnc#1089608). -
CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241)
-
CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162).
-
CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829).
-
CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353).
-
CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088)
-
CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088)
The update package also includes non-security fixes. See advisory for details.
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:1173-1.
# The text itself is copyright (C) SUSE.
#
include("compat.inc");
if (description)
{
script_id(109647);
script_version("1.7");
script_cvs_date("Date: 2019/09/10 13:51:47");
script_cve_id("CVE-2017-18257", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-1087", "CVE-2018-7740", "CVE-2018-8043", "CVE-2018-8781", "CVE-2018-8822", "CVE-2018-8897");
script_name(english:"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1173-1)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote SUSE host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to
receive various security and bugfixes. The following security bugs
were fixed :
- CVE-2018-8781: The udl_fb_mmap function in
drivers/gpu/drm/udl/udl_fb.c had an integer-overflow
vulnerability that allowed local users with access to
the udldrmfb driver to obtain full read and write
permissions on kernel physical pages, resulting in a
code execution in kernel space (bnc#1090643).
- CVE-2018-10124: The kill_something_info function in
kernel/signal.c might have allowed local users to cause
a denial of service via an INT_MIN argument
(bnc#1089752).
- CVE-2018-10087: The kernel_wait4 function in
kernel/exit.c might have allowed local users to cause a
denial of service by triggering an attempted use of the
-INT_MIN value (bnc#1089608).
- CVE-2017-18257: The __get_data_block function in
fs/f2fs/data.c in the Linux kernel allowed local users
to cause a denial of service (integer overflow and loop)
via crafted use of the open and fallocate system calls
with an FS_IOC_FIEMAP ioctl. (bnc#1088241)
- CVE-2018-8822: Incorrect buffer length handling in the
ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c
could be exploited by malicious NCPFS servers to crash
the kernel or execute code (bnc#1086162).
- CVE-2018-8043: The unimac_mdio_probe function in
drivers/net/phy/mdio-bcm-unimac.c did not validate
certain resource availability, which allowed local users
to cause a denial of service (NULL pointer dereference)
(bnc#1084829).
- CVE-2018-7740: The resv_map_release function in
mm/hugetlb.c allowed local users to cause a denial of
service (BUG) via a crafted application that made mmap
system calls and has a large pgoff argument to the
remap_file_pages system call (bnc#1084353).
- CVE-2018-1087: And an unprivileged KVM guest user could
use this flaw to potentially escalate their privileges
inside a guest. (bsc#1087088)
- CVE-2018-8897: An unprivileged system user could use
incorrect set up interrupt stacks to crash the Linux
kernel resulting in DoS issue. (bsc#1087088)
The update package also includes non-security fixes. See advisory for
details.
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1012382"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1031717"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1046610"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1057734"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1070536"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1075428"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1076847"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1077560"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1082153"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1082299"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1083125"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1083745"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1083836"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1084353"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1084610"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1084721"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1084829"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1085042"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1085185"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1085224"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1085402"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1085404"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1086162"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1086194"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1087088"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1087260"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1087845"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1088241"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1088242"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1088600"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1088684"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1089198"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1089608"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1089644"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1089752"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1090643"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2017-18257/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-10087/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-10124/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-1087/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-7740/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-8043/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-8781/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-8822/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-8897/"
);
# https://www.suse.com/support/update/announcement/2018/suse-su-20181173-1/
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?4e590564"
);
script_set_attribute(
attribute:"solution",
value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE OpenStack Cloud 7:zypper in -t patch
SUSE-OpenStack-Cloud-7-2018-814=1
SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch
SUSE-SLE-SAP-12-SP2-2018-814=1
SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-2018-814=1
SUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2018-814=1
OpenStack Cloud Magnum Orchestration 7:zypper in -t patch
SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-814=1"
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_73-default");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/07");
script_set_attribute(attribute:"patch_publication_date", value:"2018/05/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/09");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP2", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"kgraft-patch-4_4_121-92_73-default-1-3.3.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", cpu:"s390x", reference:"kernel-default-man-4.4.121-92.73.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"kernel-default-4.4.121-92.73.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"kernel-default-base-4.4.121-92.73.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"kernel-default-base-debuginfo-4.4.121-92.73.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"kernel-default-debuginfo-4.4.121-92.73.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"kernel-default-debugsource-4.4.121-92.73.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"kernel-default-devel-4.4.121-92.73.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"kernel-syms-4.4.121-92.73.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | 12 | cpe:/o:novell:suse_linux:12 |
| novell | suse_linux | kernel-default-debuginfo | p-cpe:/a:novell:suse_linux:kernel-default-debuginfo |
| novell | suse_linux | kernel-default-base | p-cpe:/a:novell:suse_linux:kernel-default-base |
| novell | suse_linux | kernel-default-debugsource | p-cpe:/a:novell:suse_linux:kernel-default-debugsource |
| novell | suse_linux | kernel-default-devel | p-cpe:/a:novell:suse_linux:kernel-default-devel |
| novell | suse_linux | kernel-default-base-debuginfo | p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo |
| novell | suse_linux | kernel-syms | p-cpe:/a:novell:suse_linux:kernel-syms |
| novell | suse_linux | kernel-default | p-cpe:/a:novell:suse_linux:kernel-default |
| novell | suse_linux | kgraft-patch-4_4_121-92_73-default | p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_73-default |
| novell | suse_linux | kernel-default-man | p-cpe:/a:novell:suse_linux:kernel-default-man |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18257
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10087
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10124
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1087
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7740
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8043
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8781
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8822
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8897
www.nessus.org/u?4e590564
bugzilla.suse.com/show_bug.cgi?id=1012382
bugzilla.suse.com/show_bug.cgi?id=1031717
bugzilla.suse.com/show_bug.cgi?id=1046610
bugzilla.suse.com/show_bug.cgi?id=1057734
bugzilla.suse.com/show_bug.cgi?id=1070536
bugzilla.suse.com/show_bug.cgi?id=1075428
bugzilla.suse.com/show_bug.cgi?id=1076847
bugzilla.suse.com/show_bug.cgi?id=1077560
bugzilla.suse.com/show_bug.cgi?id=1082153
bugzilla.suse.com/show_bug.cgi?id=1082299
bugzilla.suse.com/show_bug.cgi?id=1083125
bugzilla.suse.com/show_bug.cgi?id=1083745
bugzilla.suse.com/show_bug.cgi?id=1083836
bugzilla.suse.com/show_bug.cgi?id=1084353
bugzilla.suse.com/show_bug.cgi?id=1084610
bugzilla.suse.com/show_bug.cgi?id=1084721
bugzilla.suse.com/show_bug.cgi?id=1084829
bugzilla.suse.com/show_bug.cgi?id=1085042
bugzilla.suse.com/show_bug.cgi?id=1085185
bugzilla.suse.com/show_bug.cgi?id=1085224
bugzilla.suse.com/show_bug.cgi?id=1085402
bugzilla.suse.com/show_bug.cgi?id=1085404
bugzilla.suse.com/show_bug.cgi?id=1086162
bugzilla.suse.com/show_bug.cgi?id=1086194
bugzilla.suse.com/show_bug.cgi?id=1087088
bugzilla.suse.com/show_bug.cgi?id=1087260
bugzilla.suse.com/show_bug.cgi?id=1087845
bugzilla.suse.com/show_bug.cgi?id=1088241
bugzilla.suse.com/show_bug.cgi?id=1088242
bugzilla.suse.com/show_bug.cgi?id=1088600
bugzilla.suse.com/show_bug.cgi?id=1088684
bugzilla.suse.com/show_bug.cgi?id=1089198
bugzilla.suse.com/show_bug.cgi?id=1089608
bugzilla.suse.com/show_bug.cgi?id=1089644
bugzilla.suse.com/show_bug.cgi?id=1089752
bugzilla.suse.com/show_bug.cgi?id=1090643
www.suse.com/security/cve/CVE-2017-18257/
www.suse.com/security/cve/CVE-2018-10087/
www.suse.com/security/cve/CVE-2018-10124/
www.suse.com/security/cve/CVE-2018-1087/
www.suse.com/security/cve/CVE-2018-7740/
www.suse.com/security/cve/CVE-2018-8043/
www.suse.com/security/cve/CVE-2018-8781/
www.suse.com/security/cve/CVE-2018-8822/
www.suse.com/security/cve/CVE-2018-8897/
Related
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
31.1%