Detections
Analytics

EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1220)

high Nessus Plugin ID 123906

Language:

Synopsis

The remote EulerOS Virtualization host is missing multiple security updates.

Description

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

 - An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.i1/4^CVE-2018-17972i1/4%0

 - A flaw was found in the Linux kernel's ext4 filesystem.
 A local user can cause an out-of-bound write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.i1/4^CVE-2018-10883i1/4%0

 - A flaw was found in the Linux kernel's ext4 filesystem.
 A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.i1/4^CVE-2018-10878i1/4%0

 - A flaw was found in the Linux kernel's ext4 filesystem.
 A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.i1/4^CVE-2018-10879i1/4%0

 - A flaw was found in the Linux kernel's ext4 filesystem.
 A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.i1/4^CVE-2018-10881i1/4%0

 - An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel. A NULL pointer dereference may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp. This can lead to a system crash and a denial of service.i1/4^CVE-2018-13094i1/4%0

 - An issue was discovered in the XFS filesystem in fs/xfs/xfs_icache.c in the Linux kernel. There is a NULL pointer dereference leading to a system panic in lookup_slow() on a NULL inode-i1/4zi_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during an allocation.i1/4^CVE-2018-13093i1/4%0

 - In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.i1/4^CVE-2018-18690i1/4%0

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?8b0252f8

Plugin Details

Severity: High

ID: 123906

File Name: EulerOS_SA-2019-1220.nasl

Version: 1.7

Type: local

Published: 4/9/2019

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 4.5

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:kernel-headers, p-cpe:/a:huawei:euleros:kernel-tools, p-cpe:/a:huawei:euleros:kernel-tools-libs, p-cpe:/a:huawei:euleros:kernel-tools-libs-devel, cpe:/o:huawei:euleros:uvp:2.5.3, p-cpe:/a:huawei:euleros:kernel, p-cpe:/a:huawei:euleros:kernel-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/uvp_version

Exploit Ease: No known exploits are available

Patch Publication Date: 4/2/2019

Reference Information

CVE: CVE-2018-10878, CVE-2018-10879, CVE-2018-10881, CVE-2018-10883, CVE-2018-13093, CVE-2018-13094, CVE-2018-17972, CVE-2018-18690