RHEL / CentOS 6.x (64-bit) Malicious Kernel Module Detection (OutlawCountry)

High Nessus Plugin ID 101166


A malicious kernel module is potentially installed on the remote Linux host.


According to diagnostic indicators, the remote Red Hat Enterprise Linux or CentOS host may have a malicious kernel module known as OutlawCountry installed. OutlawCountry creates a hidden netfilter table that allows an authenticated attacker to covertly override existing netfilter/iptables firewall rules.

Note that only RHEL and CentOS 6.x operating systems running kernel version 2.6.32 (64-bit) are reportedly affected. OutlawCountry was disclosed on 2017/06/30 by WikiLeaks as part of their ongoing 'Vault 7' series of leaks.


Refer to the referenced Red Hat solution article.

See Also


Plugin Details

Severity: High

ID: 101166

File Name: outlaw_country.nasl

Version: 1.2

Type: local

Family: Misc.

Published: 2017/06/30

Modified: 2017/06/30

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C


Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux, cpe:/o:centos:centos

Required KB Items: Host/local_checks_enabled

Vulnerability Publication Date: 2017/06/30