Detections
Analytics
SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2374-1) (Foreshadow)
high Nessus Plugin ID 111837
Language:
Synopsis
The remote SUSE host is missing one or more security updates.Description
The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.143 to receive various security and bugfixes. The following security bugs were fixed :- CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081).
- CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system.
(bnc#1089343).
- CVE-2018-5391: A flaw in the IP packet reassembly could be used by remote attackers to consume CPU time (bnc#1103097).
- CVE-2018-5390: Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bnc#1102340).
- CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bnc#1103119).
- CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE) (bnc#1102851 1103580).
The update package also includes non-security fixes. See advisory for details.
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2018-1606=1
SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2018-1606=1
See Also
https://bugzilla.suse.com/show_bug.cgi?id=1012382
https://bugzilla.suse.com/show_bug.cgi?id=1023711
https://bugzilla.suse.com/show_bug.cgi?id=1064232
https://bugzilla.suse.com/show_bug.cgi?id=1076110
https://bugzilla.suse.com/show_bug.cgi?id=1078216
https://bugzilla.suse.com/show_bug.cgi?id=1082653
https://bugzilla.suse.com/show_bug.cgi?id=1082979
https://bugzilla.suse.com/show_bug.cgi?id=1085042
https://bugzilla.suse.com/show_bug.cgi?id=1085536
https://bugzilla.suse.com/show_bug.cgi?id=1085657
https://bugzilla.suse.com/show_bug.cgi?id=1087081
https://bugzilla.suse.com/show_bug.cgi?id=1087659
https://bugzilla.suse.com/show_bug.cgi?id=1089343
https://bugzilla.suse.com/show_bug.cgi?id=1089525
https://bugzilla.suse.com/show_bug.cgi?id=1090123
https://bugzilla.suse.com/show_bug.cgi?id=1090340
https://bugzilla.suse.com/show_bug.cgi?id=1090435
https://bugzilla.suse.com/show_bug.cgi?id=1090888
https://bugzilla.suse.com/show_bug.cgi?id=1091107
https://bugzilla.suse.com/show_bug.cgi?id=1092001
https://bugzilla.suse.com/show_bug.cgi?id=1092207
https://bugzilla.suse.com/show_bug.cgi?id=1093777
https://bugzilla.suse.com/show_bug.cgi?id=1094120
https://bugzilla.suse.com/show_bug.cgi?id=1094244
https://bugzilla.suse.com/show_bug.cgi?id=1095453
https://bugzilla.suse.com/show_bug.cgi?id=1095643
https://bugzilla.suse.com/show_bug.cgi?id=1096790
https://bugzilla.suse.com/show_bug.cgi?id=1096978
https://bugzilla.suse.com/show_bug.cgi?id=1097034
https://bugzilla.suse.com/show_bug.cgi?id=1097501
https://bugzilla.suse.com/show_bug.cgi?id=1097771
https://bugzilla.suse.com/show_bug.cgi?id=1098599
https://bugzilla.suse.com/show_bug.cgi?id=1099306
https://bugzilla.suse.com/show_bug.cgi?id=1099713
https://bugzilla.suse.com/show_bug.cgi?id=1099792
https://bugzilla.suse.com/show_bug.cgi?id=1099810
https://bugzilla.suse.com/show_bug.cgi?id=1099858
https://bugzilla.suse.com/show_bug.cgi?id=1099918
https://bugzilla.suse.com/show_bug.cgi?id=1099966
https://bugzilla.suse.com/show_bug.cgi?id=1099993
https://bugzilla.suse.com/show_bug.cgi?id=1100089
https://bugzilla.suse.com/show_bug.cgi?id=1100132
https://bugzilla.suse.com/show_bug.cgi?id=1100340
https://bugzilla.suse.com/show_bug.cgi?id=1100843
https://bugzilla.suse.com/show_bug.cgi?id=1100930
https://bugzilla.suse.com/show_bug.cgi?id=1101296
https://bugzilla.suse.com/show_bug.cgi?id=1101331
https://bugzilla.suse.com/show_bug.cgi?id=1101658
https://bugzilla.suse.com/show_bug.cgi?id=1101789
https://bugzilla.suse.com/show_bug.cgi?id=1102188
https://bugzilla.suse.com/show_bug.cgi?id=1102197
https://bugzilla.suse.com/show_bug.cgi?id=1102203
https://bugzilla.suse.com/show_bug.cgi?id=1102205
https://bugzilla.suse.com/show_bug.cgi?id=1102207
https://bugzilla.suse.com/show_bug.cgi?id=1102211
https://bugzilla.suse.com/show_bug.cgi?id=1102214
https://bugzilla.suse.com/show_bug.cgi?id=1102215
https://bugzilla.suse.com/show_bug.cgi?id=1102340
https://bugzilla.suse.com/show_bug.cgi?id=1102394
https://bugzilla.suse.com/show_bug.cgi?id=1102683
https://bugzilla.suse.com/show_bug.cgi?id=1102851
https://bugzilla.suse.com/show_bug.cgi?id=1103097
https://bugzilla.suse.com/show_bug.cgi?id=1103119
https://bugzilla.suse.com/show_bug.cgi?id=1103580
https://bugzilla.suse.com/show_bug.cgi?id=1103717
https://bugzilla.suse.com/show_bug.cgi?id=1103745
https://bugzilla.suse.com/show_bug.cgi?id=1103884
https://bugzilla.suse.com/show_bug.cgi?id=1104174
https://bugzilla.suse.com/show_bug.cgi?id=997935
https://www.suse.com/security/cve/CVE-2017-18344/
https://www.suse.com/security/cve/CVE-2018-14734/
https://www.suse.com/security/cve/CVE-2018-3620/
https://www.suse.com/security/cve/CVE-2018-3646/
https://www.suse.com/security/cve/CVE-2018-5390/
Plugin Details
Severity: High
ID: 111837
File Name: suse_SU-2018-2374-1.nasl
Version: 1.10
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 8/17/2018
Updated: 8/16/2024
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.1
Temporal Score: 5.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C
CVSS Score Source: CVE-2018-14734
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7.5
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:kernel-azure-debugsource, p-cpe:/a:novell:suse_linux:kernel-azure-base, p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo, p-cpe:/a:novell:suse_linux:kernel-azure-devel, p-cpe:/a:novell:suse_linux:kernel-azure
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/16/2018
Vulnerability Publication Date: 7/26/2018
Exploitable With
CANVAS (CANVAS)
Reference Information
CVE: CVE-2017-18344, CVE-2018-14734, CVE-2018-3620, CVE-2018-3646, CVE-2018-5390, CVE-2018-5391