RHEL / CentOS 6.x (64-bit) Malicious Kernel Module Detection (OutlawCountry)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

A malicious kernel module is potentially installed on the remote Linux
host.

Description :

According to diagnostic indicators, the remote Red Hat Enterprise
Linux or CentOS host may have a malicious kernel module known as
OutlawCountry installed. OutlawCountry creates a hidden netfilter
table that allows an authenticated attacker to covertly override
existing netfilter/iptables firewall rules.

Note that only RHEL and CentOS 6.x operating systems running kernel
version 2.6.32 (64-bit) are reportedly affected. OutlawCountry was
disclosed on 2017/06/30 by WikiLeaks as part of their ongoing
'Vault 7' series of leaks.

See also :

https://access.redhat.com/solutions/3099221

Solution :

Refer to the referenced Red Hat solution article.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

Family: Misc.

Nessus Plugin ID: 101166 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now