Amazon Linux AMI : kernel (ALAS-2016-703)

high Nessus Plugin ID 91241

Language:

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 7.4

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

The Linux kernel did not properly suppress hugetlbfs support in x86 PV guests, which could allow local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. (CVE-2016-3961 / XSA-174)

A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system. (CVE-2016-0758)

Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling. (CVE-2015-8839)

The following flaws were also fixed in this version :

CVE-2016-4557 : Use after free vulnerability via double fdput

CVE-2016-4581 : Slave being first propagated copy causes oops in propagate_mnt

CVE-2016-4486 : Information leak in rtnetlink

CVE-2016-4485 : Information leak in llc module

CVE-2016-4558 : bpf: refcnt overflow

CVE-2016-4565 : infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko

CVE-2016-0758 : tags with indefinite length can corrupt pointers in asn1_find_indefinite_length()

CVE-2015-8839 : ext4 filesystem page fault race condition with fallocate call.

Solution

Run 'yum update kernel' to update your system.

See Also

https://alas.aws.amazon.com/ALAS-2016-703.html

Plugin Details

Severity: High

ID: 91241

File Name: ala_ALAS-2016-703.nasl

Version: 2.7

Type: local

Agent: unix

Published: 5/19/2016

Updated: 4/11/2019

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: High

VPR Score: 7.4

CVSS v2.0

Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:amazon:linux:*:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:kernel:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:kernel-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:kernel-debuginfo-common-x86_64:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:kernel-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:kernel-headers:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:kernel-tools:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:kernel-tools-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:kernel-tools-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:perf:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:perf-debuginfo:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:kernel-doc:*:*:*:*:*:*:*, p-cpe:2.3:a:amazon:linux:kernel-debuginfo-common-i686:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/18/2016

Exploitable With

Metasploit (Linux BPF doubleput UAF Privilege Escalation)

Reference Information

CVE: CVE-2016-4557, CVE-2016-4486, CVE-2016-0758, CVE-2016-4565, CVE-2016-4485, CVE-2016-4581, CVE-2015-8839, CVE-2016-3961, CVE-2016-4558

ALAS: 2016-703