Debian DLA-1392-1 : linux security update

high Nessus Plugin ID 110314

Synopsis

The remote Debian host is missing a security update.

Description

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service.

CVE-2018-1093

Wen Xu reported that a crafted ext4 filesystem image could trigger an out-of-bounds read in the ext4_valid_block_bitmap() function. A local user able to mount arbitrary filesystems could use this for denial of service.

CVE-2018-1130

The syzbot software found that the DCCP implementation of sendmsg() does not check the socket state, potentially leading to a NULL pointer dereference. A local user could use this to cause a denial of service (crash).

CVE-2018-8897

Nick Peterson of Everdox Tech LLC discovered that #DB exceptions that are deferred by MOV SS or POP SS are not properly handled, allowing an unprivileged user to crash the kernel and cause a denial of service.

CVE-2018-10940

Dan Carpenter reported that the cdrom driver does not correctly validate the parameter to the CDROM_MEDIA_CHANGED ioctl. A user with access to a cdrom device could use this to cause a denial of service (crash).

For Debian 7 'Wheezy', these problems have been fixed in version 3.2.102-1. This version also includes bug fixes from upstream version 3.2.102, including a fix for a regression in the SCTP implementation in version 3.2.101.

We recommend that you upgrade your linux packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Upgrade the affected packages.

See Also

https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html

https://packages.debian.org/source/wheezy/linux

Plugin Details

Severity: High

ID: 110314

File Name: debian_DLA-1392.nasl

Version: 1.8

Type: local

Agent: unix

Published: 6/5/2018

Updated: 9/26/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-8897

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all-sparc, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-5kc-malta, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-vexpress, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-sb1a-bcm91480b, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-sb1a-bcm91480b, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-orion5x, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-itanium, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-versatile, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-mx5, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-loongson-2f, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-powerpc64, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-s390x-dbg, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-mv78xx0, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-r5k-cobalt, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-powerpc-smp, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-sparc64-smp, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-sb1-bcm91250a, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-s390x, p-cpe:/a:debian:debian_linux:xen-linux-system-3.2.0-4-686-pae, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-amd64, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-omap, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all-armhf, p-cpe:/a:debian:debian_linux:linux-libc-dev, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-loongson-2f, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-octeon, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-r4k-ip22, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-versatile, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all-amd64, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-r5k-cobalt, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-powerpc-smp, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-powerpc, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-vexpress, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-sparc64, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-itanium, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-486, p-cpe:/a:debian:debian_linux:linux-support-3.2.0-4, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-rt-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-mckinley, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-kirkwood, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-rt-686-pae-dbg, p-cpe:/a:debian:debian_linux:linux-manual-3.2, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all-s390x, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-mv78xx0, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-486, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-s390x, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-iop32x, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-common-rt, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all-powerpc, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-r4k-ip22, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-rt-686-pae, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-omap, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-r5k-ip32, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-rt-686-pae, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all-ia64, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-octeon, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-686-pae, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-kirkwood, p-cpe:/a:debian:debian_linux:xen-linux-system-3.2.0-4-amd64, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-iop32x, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all-armel, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-mckinley, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-amd64-dbg, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-rt-amd64, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-sb1-bcm91250a, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-686-pae, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-sparc64-smp, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all-s390, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all-mips, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-orion5x, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-s390x-tape, p-cpe:/a:debian:debian_linux:linux-doc-3.2, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-amd64, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-powerpc64, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all-i386, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-common, p-cpe:/a:debian:debian_linux:linux-source-3.2, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-ixp4xx, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-powerpc, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-mx5, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-rt-amd64, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-ixp4xx, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-4kc-malta, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-686-pae-dbg, p-cpe:/a:debian:debian_linux:linux-image-3.2.0-4-5kc-malta, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-all-mipsel, cpe:/o:debian:debian_linux:7.0, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-r5k-ip32, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-4kc-malta, p-cpe:/a:debian:debian_linux:linux-headers-3.2.0-4-sparc64

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/1/2018

Exploitable With

Metasploit (Microsoft Windows POP/MOV SS Local Privilege Elevation Vulnerability)

Reference Information

CVE: CVE-2018-1093, CVE-2018-10940, CVE-2018-1130, CVE-2018-8897