Amazon Linux AMI : kernel (ALAS-2017-868)

High Nessus Plugin ID 102367

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

Exploitable memory corruption due to UFO to non-UFO path switch (CVE-2017-1000112)

heap out-of-bounds in AF_PACKET sockets (CVE-2017-1000111)

The mq_notify function in the Linux kernel does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to possibly cause a situation where a value may be used after being freed (use-after-free) which may lead to memory corruption or other unspecified other impact.
(CVE-2017-11176 )

Solution

Run 'yum update kernel' to update your system.

CPE: p-cpe:/a:amazon:linux:kernel, p-cpe:/a:amazon:linux:kernel-debuginfo, p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686, p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:kernel-devel, p-cpe:/a:amazon:linux:kernel-doc, p-cpe:/a:amazon:linux:kernel-headers, p-cpe:/a:amazon:linux:kernel-tools, p-cpe:/a:amazon:linux:kernel-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-devel, p-cpe:/a:amazon:linux:perf, p-cpe:/a:amazon:linux:perf-debuginfo, cpe:/o:amazon:linux

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/10/26

Vulnerability Publication Date: 2017/07/11

Exploitable With

Core Impact

Metasploit (Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation)

Reference Information

CVE: CVE-2017-1000111, CVE-2017-1000112, CVE-2017-11176

ALAS: 2017-868

Amazon Linux AMI : kernel (ALAS-2017-868)

Synopsis

Description

Solution

See Also

Plugin Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerability Information

Exploitable With

Reference Information