Virtuozzo 7 : readykernel-patch (VZA-2017-043)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Virtuozzo host is missing a security update.

Description :

According to the version of the vzkernel package and the
readykernel-patch installed, the Virtuozzo installation on the remote
host is affected by the following vulnerabilities :

- The tcp_v6_syn_recv_sock function in
net/ipv6/tcp_ipv6.c in the Linux kernel mishandles
inheritance, which allows local users to cause a denial
of service or possibly have unspecified other impact
via crafted system calls, a related issue to
CVE-2017-8890. An unprivileged local user could use
this flaw to induce kernel memory corruption on the
system, leading to a crash. Due to the nature of the
flaw, privilege escalation cannot be fully ruled out,
although we believe it is unlikely.

- The IPv6 DCCP implementation in the Linux kernel
mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified
other impact via crafted system calls, a related issue
to CVE-2017-8890. An unprivileged local user could use
this flaw to induce kernel memory corruption on the
system, leading to a crash. Due to the nature of the
flaw, privilege escalation cannot be fully ruled out,
although we believe it is unlikely.

- The sctp_v6_create_accept_sk function in
net/sctp/ipv6.c in the Linux kernel mishandles
inheritance, which allows local users to cause a denial
of service or possibly have unspecified other impact
via crafted system calls, a related issue to
CVE-2017-8890. An unprivileged local user could use
this flaw to induce kernel memory corruption on the
system, leading to a crash. Due to the nature of the
flaw, privilege escalation cannot be fully ruled out,
although we believe it is unlikely.

- The IPv6 fragmentation implementation in the Linux
kernel through 4.11.1 does not consider that the
nexthdr field may be associated with an invalid option,
which allows local users to cause a denial of service
(out-of-bounds read and BUG) or possibly have
unspecified other impact via crafted socket and send
system calls.

- The inet_csk_clone_lock function in
net/ipv4/inet_connection_sock.c in the Linux kernel
allows attackers to cause a denial of service (double
free) or possibly have unspecified other impact by
leveraging use of the accept system call. An
unprivileged local user could use this flaw to induce
kernel memory corruption on the system, leading to a
crash. Due to the nature of the flaw, privilege
escalation cannot be fully ruled out, although we
believe it is unlikely.

- A vulnerability was found in the Linux kernel. An
unprivileged local user could trigger oops in
shash_async_export() by attempting to force the
in-kernel hashing algorithms into decrypting an empty
data set.

Note that Tenable Network Security has extracted the preceding
description block directly from the Virtuozzo security advisory.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://help.virtuozzo.com/customer/portal/articles/2816865
http://www.nessus.org/u?e35a0d51

Solution :

Update the readykernel patch.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Virtuozzo Local Security Checks

Nessus Plugin ID: 100599 ()

Bugtraq ID:

CVE ID: CVE-2016-8646
CVE-2017-8890
CVE-2017-9074
CVE-2017-9075
CVE-2017-9076
CVE-2017-9077

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now