The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-09331 advisory.

  - The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through 4.8.11 does not ensure that memory     is allocated for limb data, which allows local users to cause a denial of service (stack memory corruption     and panic) via an add_key system call for an RSA key with a zero exponent. (CVE-2016-8650)

  - The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative     values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory     corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN     capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.
    (CVE-2016-9793)

  - Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain     privileges or cause a denial of service (double free) by setting the HDLC line discipline. (CVE-2017-2636)

  - A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files     before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to     access unmapped kernel memory. (CVE-2017-2618)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

This plugin has been deprecated as it is a duplicate of oraclelinux_ELSA-2017-0933-1.nasl (plugin ID 99386).

Plugin Deprecated

This plugin has been deprecated and is no longer functional.