The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4211 advisory.

  - The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to     cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system     calls. (CVE-2018-10675)

  - The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8     doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the     show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read     arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).
    (CVE-2017-18344)

  - The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation     to /dev/snd/seq by a local user. (CVE-2018-7566)

  - The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create     files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and     is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a     plain file whose group ownership is that group. The intended behavior was that the non-member can trigger     creation of a directory (but not a plain file) whose group ownership is that group. The non-member can     escalate privileges by making the plain file executable and SGID. (CVE-2018-13405)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4211)

high Nessus Plugin ID 117446

Version 1.12