Detections
Analytics
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3609)
high Nessus Plugin ID 102773
Language:
Synopsis
The remote Oracle Linux host is missing one or more security updates.Description
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3609 advisory.- fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638900] {CVE-2017-1000365} {CVE-2017-1000365}
- dentry name snapshots (Al Viro) [Orabug: 26630805] {CVE-2017-7533}
- mnt: Add a per mount namespace limit on the number of mounts (Eric W. Biederman) [Orabug: 26585933] {CVE-2016-6213} {CVE-2016-6213}
- ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26578179] {CVE-2017-9242}
- KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug:
26585981] {CVE-2016-9604} {CVE-2016-9604}
- l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26586030] {CVE-2016-10200}
- ovl: move super block magic number to magic.h (Stephen Hemminger) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576}
- ovl: use a minimal buffer in ovl_copy_xattr (Vito Caputo) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576}
- ovl: allow zero size xattr (Miklos Szeredi) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576}
- ovl: default permissions (Miklos Szeredi) [Orabug: 22876737] {CVE-2016-1575} {CVE-2016-1576}
- nfsd: encoders mustnt use unitialized values in error cases (J. Bruce Fields) [Orabug: 26572867] {CVE-2017-8797}
- nfsd: fix undefined behavior in nfsd4_layout_verify (Ari Kauppi) [Orabug: 26572867] {CVE-2017-8797}
- MacSec: fix backporting error in patches for CVE-2017-7477 (Alexey Kodanev) [Orabug: 26481629] [Orabug:
26368162] {CVE-2017-7477} {CVE-2017-7477}
- ping: implement proper locking (Eric Dumazet) [Orabug: 26540266] {CVE-2017-2671}
- ipv6: Fix leak in ipv6_gso_segment(). (David S. Miller) [Orabug: 26403963] {CVE-2017-9074}
- ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Ben Hutchings) [Orabug: 26403963] {CVE-2017-9074}
- ipv6: Check ip6_find_1stfragopt() return value properly. (David S. Miller) [Orabug: 26403963] {CVE-2017-9074}
- ipv6: Prevent overrun when parsing v6 header options (Craig Gallek) [Orabug: 26403963] {CVE-2017-9074}
- ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug:
26403948] {CVE-2017-1000380}
- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403948] {CVE-2017-1000380}
- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403936] {CVE-2017-1000363}
- NFSv4: Fix callback server shutdown (Trond Myklebust) [Orabug: 26403976] {CVE-2017-9059}
- SUNRPC: Refactor svc_set_num_threads() (Trond Myklebust) [Orabug: 26403976] {CVE-2017-9059}
- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26403998] {CVE-2017-9077}
- dccp/tcp: do not inherit mc_list from parent (Eric Dumazet) [Orabug: 26107472] {CVE-2017-8890}
- nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366002] {CVE-2017-7645}
- macsec: dynamically allocate space for sglist (Jason A. Donenfeld) [Orabug: 26372610] {CVE-2017-7477}
- macsec: avoid heap overflow in skb_to_sgvec (Jason A. Donenfeld) [Orabug: 26372610] {CVE-2017-7477}
- mm: fix new crash in unmapped_area_topdown() (Hugh Dickins) [Orabug: 26326144] {CVE-2017-1000364}
- mm: larger stack guard gap, between vmas (Hugh Dickins) [Orabug: 26326144] {CVE-2017-1000364}
- net/packet: fix overflow in check for tp_reserve (Andrey Konovalov) [Orabug: 25813773] {CVE-2017-7308}
- net/packet: fix overflow in check for tp_frame_nr (Andrey Konovalov) [Orabug: 25813773] {CVE-2017-7308}
- net/packet: fix overflow in check for priv area size (Andrey Konovalov) [Orabug: 25813773] {CVE-2017-7308}
- nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25974739] {CVE-2017-7895}
- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25876402] {CVE-2016-10229}
- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25805996] {CVE-2017-7184}
- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug:
25805996] {CVE-2017-7184}
- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25802678] {CVE-2017-2636}
- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25802678] {CVE-2017-2636}
- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25802599] {CVE-2017-6345}
- ip: fix IP_CHECKSUM handling (Paolo Abeni) [Orabug: 25802576] {CVE-2017-6347}
- udp: fix IP_CHECKSUM handling (Eric Dumazet) [Orabug: 25802576] {CVE-2017-6347}
- udp: do not expect udp headers in recv cmsg IP_CMSG_CHECKSUM (Willem de Bruijn) [Orabug: 25802576] {CVE-2017-6347}
- tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25802549] {CVE-2017-6214}
- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25802515] {CVE-2017-5986}
- ext4: store checksum seed in superblock (Darrick J. Wong) [Orabug: 25802481] {CVE-2016-10208}
- ext4: reserve code points for the project quota feature (Theodore Tso) [Orabug: 25802481] {CVE-2016-10208}
- ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25802481] {CVE-2016-10208}
- ext4: clean up feature test macros with predicate functions (Darrick J. Wong) [Orabug: 25802481] {CVE-2016-10208}
- KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25802278] {CVE-2017-2583} {CVE-2017-2583}
- Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790370] {CVE-2016-9644}
- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766884] {CVE-2016-8399} {CVE-2016-8399}
- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751395] {CVE-2017-7187}
- ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25717094] {CVE-2017-5669}
- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25340071] {CVE-2016-10088}
- block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25134541] {CVE-2016-7910}
- HID: hid-cypress: validate length of report (Greg Kroah-Hartman) [Orabug: 25795985] {CVE-2017-7273}
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 102773
File Name: oraclelinux_ELSA-2017-3609.nasl
Version: 3.17
Type: local
Agent: unix
Published: 8/25/2017
Updated: 10/22/2024
Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.5
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2017-12134
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:oracle:linux:kernel-uek-debug-devel, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-103.3.8.el6uek, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, cpe:/o:oracle:linux:6, p-cpe:/a:oracle:linux:kernel-uek-firmware, p-cpe:/a:oracle:linux:dtrace-modules-shared-headers, p-cpe:/a:oracle:linux:dtrace-modules-provider-headers, p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-103.3.8.el7uek
Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled
Exploit Ease: No known exploits are available
Patch Publication Date: 8/23/2017
Vulnerability Publication Date: 6/19/2017
Reference Information
CVE: CVE-2017-1000365, CVE-2017-12134
IAVA: 2017-A-0253-S
IAVB: 2017-B-0108-S