Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3013)
high Nessus Plugin ID 81871
Language:
Synopsis
The remote Oracle Linux host is missing one or more security updates.Description
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-3013 advisory.- kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of- bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application. (CVE-2014-7825)
- kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. (CVE-2014-7826)
- net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers. (CVE-2014-8160)
- The pmd_none_or_trans_huge_or_clear_bad function in include/asm-generic/pgtable.h in the Linux kernel before 3.13 on NUMA systems does not properly determine whether a Page Middle Directory (PMD) entry is a transparent huge-table entry, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted MADV_WILLNEED madvise system call that leverages the absence of a page-table lock. (CVE-2014-8173)
- Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call.
(CVE-2014-8884)
- The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601. (CVE-2014-8369)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 81871
File Name: oraclelinux_ELSA-2015-3013.nasl
Version: 1.16
Type: local
Agent: unix
Published: 3/17/2015
Updated: 9/8/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent
Risk Information
CVSS Score Source: CVE-2014-8173
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 6.3
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Temporal Vector: E:ND/RL:OF/RC:C
CVSS v3
Risk Factor: High
Base Score: 7.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: cpe:/o:oracle:linux:6, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-55.1.8.el6uek, p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-55.1.8.el7uek, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware
Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled
Exploit Ease: No known exploits are available
Patch Publication Date: 3/13/2015
Vulnerability Publication Date: 9/25/2014
Reference Information
CVE: CVE-2014-3601, CVE-2014-7826, CVE-2014-8160, CVE-2014-8173, CVE-2014-8369, CVE-2014-8884