Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2016-104)

High Nessus Plugin ID 121162

Synopsis

The remote Virtuozzo host is missing multiple security updates.

Description

According to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :

- Stack overflow via ecryptfs and /proc/$pid/environ. It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially use this flaw to escalate their privileges on the system.

- Use after free in tcp_xmit_retransmit_queue. A use after free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions.
This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection.

- block: fix use-after-free in seq file. Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed.

- block: fix use-after-free in sys_ioprio_get(). Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call.

Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected parallels-server-bm-release / vzkernel / etc packages.

See Also

https://access.redhat.com/solutions/2374831

https://infosec.cert-pa.it/cve-2016-7910.html

https://infosec.cert-pa.it/cve-2016-7911.html

https://source.android.com/security/bulletin/2016-11-01.html

Plugin Details

Severity: High

ID: 121162

File Name: Virtuozzo_VZA-2016-104.nasl

Version: 1.2

Type: local

Published: 2019/01/14

Updated: 2019/04/02

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release, p-cpe:/a:virtuozzo:virtuozzo:vzkernel, p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel, p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware, p-cpe:/a:virtuozzo:virtuozzo:vzmodules, p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel, cpe:/o:virtuozzo:virtuozzo:6

Required KB Items: Host/local_checks_enabled, Host/Virtuozzo/release, Host/Virtuozzo/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2016/11/21

Reference Information

CVE: CVE-2016-1583, CVE-2016-6828, CVE-2016-7910, CVE-2016-7911