Ubuntu 18.10 : linux-aws vulnerabilities (USN-3832-1)

High Nessus Plugin ID 119302

Synopsis

The remote Ubuntu host is missing one or more security-related
patches.

Description

Jann Horn discovered that the procfs file system implementation in the
Linux kernel did not properly restrict the ability to inspect the
kernel stack of an arbitrary task. A local attacker could use this to
expose sensitive information. (CVE-2018-17972)

Jann Horn discovered that the mremap() system call in the Linux kernel
did not properly flush the TLB when completing, potentially leaving
access to a physical page after it has been released to the page
allocator. A local attacker could use this to cause a denial of
service (system crash), expose sensitive information, or possibly
execute arbitrary code. (CVE-2018-18281)

It was discovered that the BPF verifier in the Linux kernel did not
correctly compute numeric bounds in some situations. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2018-18445)

Daniel Dadap discovered that the module loading implementation in the
Linux kernel did not properly enforce signed module loading when
booted with UEFI Secure Boot in some situations. A local privileged
attacker could use this to execute untrusted code in the kernel.
(CVE-2018-18653)

Jann Horn discovered that the Linux kernel mishandles mapping UID or
GID ranges inside nested user namespaces in some situations. A local
attacker could use this to bypass access controls on resources outside
the namespace. (CVE-2018-18955)

Philipp Wendler discovered that the overlayfs implementation in the
Linux kernel did not properly verify the directory contents
permissions from within a unprivileged user namespace. A local
attacker could use this to expose sensitive information (protected
file names). (CVE-2018-6559).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution

Update the affected linux-image-4.18-aws and / or linux-image-aws
packages.

See Also

https://usn.ubuntu.com/3832-1/

Plugin Details

Severity: High

ID: 119302

File Name: ubuntu_USN-3832-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2018/11/30

Modified: 2018/12/07

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:linux-image-4.18-aws, p-cpe:/a:canonical:ubuntu_linux:linux-image-aws, cpe:/o:canonical:ubuntu_linux:18.10

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2018/11/30

Exploitable With

Metasploit (Linux Nested User Namespace idmap Limit Local Privilege Escalation)

Reference Information

CVE: CVE-2018-17972, CVE-2018-18281, CVE-2018-18445, CVE-2018-18653, CVE-2018-18955, CVE-2018-6559

USN: 3832-1