7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
30.6%
The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.140 to receive various security and bugfixes. The following security bugs were fixed :
CVE-2018-13053: The alarm_timer_nsleep function had an integer overflow via a large relative timeout because ktime_add_safe was not used (bnc#1099924)
CVE-2018-9385: Prevent overread of the ‘driver_override’ buffer (bsc#1100491)
CVE-2018-13405: The inode_init_owner function allowed local users to create files with an unintended group ownership allowing attackers to escalate privileges by making a plain file executable and SGID (bnc#1100416)
CVE-2018-13406: An integer overflow in the uvesafb_setcmap function could have result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1100418)
The update package also includes non-security fixes. See advisory for details.
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2018:2051-1.
# The text itself is copyright (C) SUSE.
#
include("compat.inc");
if (description)
{
script_id(111329);
script_version("1.5");
script_cvs_date("Date: 2019/09/10 13:51:48");
script_cve_id("CVE-2018-13053", "CVE-2018-13405", "CVE-2018-13406", "CVE-2018-9385");
script_name(english:"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:2051-1)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote SUSE host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.140 to
receive various security and bugfixes. The following security bugs
were fixed :
- CVE-2018-13053: The alarm_timer_nsleep function had an
integer overflow via a large relative timeout because
ktime_add_safe was not used (bnc#1099924)
- CVE-2018-9385: Prevent overread of the 'driver_override'
buffer (bsc#1100491)
- CVE-2018-13405: The inode_init_owner function allowed
local users to create files with an unintended group
ownership allowing attackers to escalate privileges by
making a plain file executable and SGID (bnc#1100416)
- CVE-2018-13406: An integer overflow in the
uvesafb_setcmap function could have result in local
attackers being able to crash the kernel or potentially
elevate privileges because kmalloc_array is not used
(bnc#1100418)
The update package also includes non-security fixes. See advisory for
details.
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1012382"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1064232"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1075876"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1076110"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1085185"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1085657"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1089525"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1090435"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1090888"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1091171"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1092207"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1094244"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1094248"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1094643"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1095453"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1096790"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1097034"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1097140"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1097492"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1097501"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1097551"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1097808"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1097931"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1097961"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1098016"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1098236"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1098425"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1098435"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1098527"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1098599"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1099042"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1099183"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1099279"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1099713"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1099732"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1099792"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1099810"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1099918"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1099924"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1099966"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1099993"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1100089"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1100340"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1100416"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1100418"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1100491"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1100843"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1101296"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-13053/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-13405/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-13406/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-9385/"
);
# https://www.suse.com/support/update/announcement/2018/suse-su-20182051-1/
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?32f591a4"
);
script_set_attribute(
attribute:"solution",
value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch
SUSE-SLE-WE-12-SP3-2018-1385=1
SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
patch SUSE-SLE-SDK-12-SP3-2018-1385=1
SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2018-1385=1
SUSE Linux Enterprise Live Patching 12-SP3:zypper in -t patch
SUSE-SLE-Live-Patching-12-SP3-2018-1385=1
SUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch
SUSE-SLE-HA-12-SP3-2018-1385=1
SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP3-2018-1385=1
SUSE CaaS Platform ALL :
To install this update, use the SUSE CaaS Platform Velum dashboard. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
SUSE CaaS Platform 3.0 :
To install this update, use the SUSE CaaS Platform Velum dashboard. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-default-man");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:kernel-syms");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/02");
script_set_attribute(attribute:"patch_publication_date", value:"2018/07/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/25");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP3", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES12", sp:"3", cpu:"s390x", reference:"kernel-default-man-4.4.140-94.42.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-4.4.140-94.42.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-4.4.140-94.42.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-base-debuginfo-4.4.140-94.42.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debuginfo-4.4.140-94.42.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-debugsource-4.4.140-94.42.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-default-devel-4.4.140-94.42.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"kernel-syms-4.4.140-94.42.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-4.4.140-94.42.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-debuginfo-4.4.140-94.42.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-debugsource-4.4.140-94.42.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-devel-4.4.140-94.42.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-extra-4.4.140-94.42.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-default-extra-debuginfo-4.4.140-94.42.1")) flag++;
if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"kernel-syms-4.4.140-94.42.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | kernel-default | p-cpe:/a:novell:suse_linux:kernel-default |
novell | suse_linux | kernel-default-base | p-cpe:/a:novell:suse_linux:kernel-default-base |
novell | suse_linux | kernel-default-base-debuginfo | p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo |
novell | suse_linux | kernel-default-debuginfo | p-cpe:/a:novell:suse_linux:kernel-default-debuginfo |
novell | suse_linux | kernel-default-debugsource | p-cpe:/a:novell:suse_linux:kernel-default-debugsource |
novell | suse_linux | kernel-default-devel | p-cpe:/a:novell:suse_linux:kernel-default-devel |
novell | suse_linux | kernel-default-extra | p-cpe:/a:novell:suse_linux:kernel-default-extra |
novell | suse_linux | kernel-default-extra-debuginfo | p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo |
novell | suse_linux | kernel-default-man | p-cpe:/a:novell:suse_linux:kernel-default-man |
novell | suse_linux | kernel-syms | p-cpe:/a:novell:suse_linux:kernel-syms |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13053
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13405
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13406
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9385
www.nessus.org/u?32f591a4
bugzilla.suse.com/show_bug.cgi?id=1012382
bugzilla.suse.com/show_bug.cgi?id=1064232
bugzilla.suse.com/show_bug.cgi?id=1075876
bugzilla.suse.com/show_bug.cgi?id=1076110
bugzilla.suse.com/show_bug.cgi?id=1085185
bugzilla.suse.com/show_bug.cgi?id=1085657
bugzilla.suse.com/show_bug.cgi?id=1089525
bugzilla.suse.com/show_bug.cgi?id=1090435
bugzilla.suse.com/show_bug.cgi?id=1090888
bugzilla.suse.com/show_bug.cgi?id=1091171
bugzilla.suse.com/show_bug.cgi?id=1092207
bugzilla.suse.com/show_bug.cgi?id=1094244
bugzilla.suse.com/show_bug.cgi?id=1094248
bugzilla.suse.com/show_bug.cgi?id=1094643
bugzilla.suse.com/show_bug.cgi?id=1095453
bugzilla.suse.com/show_bug.cgi?id=1096790
bugzilla.suse.com/show_bug.cgi?id=1097034
bugzilla.suse.com/show_bug.cgi?id=1097140
bugzilla.suse.com/show_bug.cgi?id=1097492
bugzilla.suse.com/show_bug.cgi?id=1097501
bugzilla.suse.com/show_bug.cgi?id=1097551
bugzilla.suse.com/show_bug.cgi?id=1097808
bugzilla.suse.com/show_bug.cgi?id=1097931
bugzilla.suse.com/show_bug.cgi?id=1097961
bugzilla.suse.com/show_bug.cgi?id=1098016
bugzilla.suse.com/show_bug.cgi?id=1098236
bugzilla.suse.com/show_bug.cgi?id=1098425
bugzilla.suse.com/show_bug.cgi?id=1098435
bugzilla.suse.com/show_bug.cgi?id=1098527
bugzilla.suse.com/show_bug.cgi?id=1098599
bugzilla.suse.com/show_bug.cgi?id=1099042
bugzilla.suse.com/show_bug.cgi?id=1099183
bugzilla.suse.com/show_bug.cgi?id=1099279
bugzilla.suse.com/show_bug.cgi?id=1099713
bugzilla.suse.com/show_bug.cgi?id=1099732
bugzilla.suse.com/show_bug.cgi?id=1099792
bugzilla.suse.com/show_bug.cgi?id=1099810
bugzilla.suse.com/show_bug.cgi?id=1099918
bugzilla.suse.com/show_bug.cgi?id=1099924
bugzilla.suse.com/show_bug.cgi?id=1099966
bugzilla.suse.com/show_bug.cgi?id=1099993
bugzilla.suse.com/show_bug.cgi?id=1100089
bugzilla.suse.com/show_bug.cgi?id=1100340
bugzilla.suse.com/show_bug.cgi?id=1100416
bugzilla.suse.com/show_bug.cgi?id=1100418
bugzilla.suse.com/show_bug.cgi?id=1100491
bugzilla.suse.com/show_bug.cgi?id=1100843
bugzilla.suse.com/show_bug.cgi?id=1101296
www.suse.com/security/cve/CVE-2018-13053/
www.suse.com/security/cve/CVE-2018-13405/
www.suse.com/security/cve/CVE-2018-13406/
www.suse.com/security/cve/CVE-2018-9385/
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
30.6%