EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1122)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote EulerOS host is missing multiple security updates.

Description :

According to the versions of the kernel packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

- The regulator_ena_gpio_free function in
drivers/regulator/core.c in the Linux kernel allows
local users to gain privileges or cause a denial of
service (use-after-free) via a crafted
application.(CVE-2014-9940)

- Race condition in the sctp_wait_for_sndbuf function in
net/sctp/socket.c in the Linux kernel before 4.9.11
allows local users to cause a denial of service
(assertion failure and panic) via a multithreaded
application that peels off an association in a certain
buffer-full state.(CVE-2017-5986)

- net/sctp/socket.c in the Linux kernel through 4.10.1
does not properly restrict association peel-off
operations during certain wait states, which allows
local users to cause a denial of service (invalid
unlock and double free) via a multithreaded
application. NOTE: this vulnerability exists because of
an incorrect fix for CVE-2017-5986.(CVE-2017-6353)

- The ipxitf_ioctl function in net/ipx/af_ipx.c in the
Linux kernel through 4.11.1 mishandles reference
counts, which allows local users to cause a denial of
service (use-after-free) or possibly have unspecified
other impact via a failed SIOCGIFADDR ioctl call for an
IPX interface.(CVE-2017-7487)

- fs/ext4/inode.c in the Linux kernel before 4.6.2, when
ext4 data=ordered mode is used, mishandles a
needs-flushing-before-commit list, which allows local
users to obtain sensitive information from other users'
files in opportunistic circumstances by waiting for a
hardware reset, creating a new file, making write
system calls, and reading this file.(CVE-2017-7495)

- The NFSv2/NFSv3 server in the nfsd subsystem in the
Linux kernel through 4.10.11 allows remote attackers to
cause a denial of service (system crash) via a long RPC
reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c,
and fs/nfsd/nfsxdr.c.(CVE-2017-7645)

- The inet_csk_clone_lock function in
net/ipv4/inet_connection_sock.c in the Linux kernel
through 4.10.15 allows attackers to cause a denial of
service (double free) or possibly have unspecified
other impact by leveraging use of the accept system
call.(CVE-2017-8890)

- The edge_bulk_in_callback function in
drivers/usb/serial/io_ti.c in the Linux kernel before
4.10.4 allows local users to obtain sensitive
information (in the dmesg ringbuffer and syslog) from
uninitialized kernel memory by using a crafted USB
device (posing as an io_ti USB serial device) to
trigger an integer underflow.(CVE-2017-8924)

- The IPv6 fragmentation implementation in the Linux
kernel through 4.11.1 does not consider that the
nexthdr field may be associated with an invalid option,
which allows local users to cause a denial of service
(out-of-bounds read and BUG) or possibly have
unspecified other impact via crafted socket and send
system calls.(CVE-2017-9074)

- The sctp_v6_create_accept_sk function in
net/sctp/ipv6.c in the Linux kernel through 4.11.1
mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified
other impact via crafted system calls, a related issue
to CVE-2017-8890.(CVE-2017-9075)

- The tcp_v6_syn_recv_sock function in
net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1
mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified
other impact via crafted system calls, a related issue
to CVE-2017-8890.(CVE-2017-9077)

- The __ip6_append_data function in net/ipv6/ip6_output.c
in the Linux kernel through 4.11.3 is too late in
checking whether an overwrite of an skb data structure
may occur, which allows local users to cause a denial
of service (system crash) via crafted system
calls.(CVE-2017-9242)

- The ext4_fill_super function in fs/ext4/super.c in the
Linux kernel through 4.9.8 does not properly validate
meta block groups, which allows physically proximate
attackers to cause a denial of service (out-of-bounds
read and system crash) via a crafted ext4
image.(CVE-2016-10208)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?a51c2169

Solution :

Update the affected kernel packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now