Scientific Linux Security Update : kernel on SL7.x x86_64 (20181030)

high Nessus Plugin ID 119187

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

Security Fix(es) :

- A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)

- kernel: out-of-bounds access in the show_timer function in kernel/time /posix-timers.c (CVE-2017-18344)

- kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)

- kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)

- kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)

- kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)

- kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)

- kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)

- kernel: Salsa20 encryption algorithm does not correctly handle zero- length inputs allowing local attackers to cause denial of service (CVE-2017-17805)

- kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)

- kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)

- kernel: a NULL pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)

- kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)

- kernel: Missing length check of payload in
_sctp_make_chunk() function allows denial of service (CVE-2018-5803)

- kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)

- kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)

- kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)

- kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)

- kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)

- kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)

- kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)

- kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)

- kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)

- kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)

- kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)

- kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)

- kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)

- kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)

- kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?faf0e575

Plugin Details

Severity: High

ID: 119187

File Name: sl_20181030_kernel_on_SL7_x.nasl

Version: 1.9

Type: local

Agent: unix

Published: 11/27/2018

Updated: 5/31/2022

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 6.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2017-10661

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:fermilab:scientific_linux:bpftool, p-cpe:/a:fermilab:scientific_linux:kernel, p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists, p-cpe:/a:fermilab:scientific_linux:kernel-debug, p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel, p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64, p-cpe:/a:fermilab:scientific_linux:kernel-devel, p-cpe:/a:fermilab:scientific_linux:kernel-doc, p-cpe:/a:fermilab:scientific_linux:kernel-headers, p-cpe:/a:fermilab:scientific_linux:kernel-tools, p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs, p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel, p-cpe:/a:fermilab:scientific_linux:perf, p-cpe:/a:fermilab:scientific_linux:perf-debuginfo, p-cpe:/a:fermilab:scientific_linux:python-perf, p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo, x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/30/2018

Vulnerability Publication Date: 5/2/2016

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2015-8830, CVE-2016-4913, CVE-2017-0861, CVE-2017-10661, CVE-2017-17805, CVE-2017-18208, CVE-2017-18232, CVE-2017-18344, CVE-2018-1000026, CVE-2018-10322, CVE-2018-10878, CVE-2018-10879, CVE-2018-10881, CVE-2018-10883, CVE-2018-10902, CVE-2018-1092, CVE-2018-1094, CVE-2018-10940, CVE-2018-1118, CVE-2018-1120, CVE-2018-1130, CVE-2018-13405, CVE-2018-5344, CVE-2018-5391, CVE-2018-5803, CVE-2018-5848, CVE-2018-7740, CVE-2018-7757, CVE-2018-8781