Amazon Linux AMI : kernel (ALAS-2016-703)

high Nessus Plugin ID 91241
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Amazon Linux AMI host is missing a security update.

Description

The Linux kernel did not properly suppress hugetlbfs support in x86 PV guests, which could allow local PV guest users to cause a denial of service (guest OS crash) by attempting to access a hugetlbfs mapped area. (CVE-2016-3961 / XSA-174)

A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system. (CVE-2016-0758)

Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated with a different user's file after unsynchronized hole punching and page-fault handling. (CVE-2015-8839)

The following flaws were also fixed in this version :

CVE-2016-4557 : Use after free vulnerability via double fdput

CVE-2016-4581 : Slave being first propagated copy causes oops in propagate_mnt

CVE-2016-4486 : Information leak in rtnetlink

CVE-2016-4485 : Information leak in llc module

CVE-2016-4558 : bpf: refcnt overflow

CVE-2016-4565 : infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko

CVE-2016-0758 : tags with indefinite length can corrupt pointers in asn1_find_indefinite_length()

CVE-2015-8839 : ext4 filesystem page fault race condition with fallocate call.

Solution

Run 'yum update kernel' to update your system.

See Also

https://alas.aws.amazon.com/ALAS-2016-703.html

Plugin Details

Severity: High

ID: 91241

File Name: ala_ALAS-2016-703.nasl

Version: 2.7

Type: local

Agent: unix

Published: 5/19/2016

Updated: 4/11/2019

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:kernel, p-cpe:/a:amazon:linux:kernel-debuginfo, p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686, p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64, p-cpe:/a:amazon:linux:kernel-devel, p-cpe:/a:amazon:linux:kernel-doc, p-cpe:/a:amazon:linux:kernel-headers, p-cpe:/a:amazon:linux:kernel-tools, p-cpe:/a:amazon:linux:kernel-tools-debuginfo, p-cpe:/a:amazon:linux:kernel-tools-devel, p-cpe:/a:amazon:linux:perf, p-cpe:/a:amazon:linux:perf-debuginfo, cpe:/o:amazon:linux

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/18/2016

Exploitable With

Metasploit (Linux BPF doubleput UAF Privilege Escalation)

Reference Information

CVE: CVE-2015-8839, CVE-2016-0758, CVE-2016-3961, CVE-2016-4485, CVE-2016-4486, CVE-2016-4557, CVE-2016-4558, CVE-2016-4565, CVE-2016-4581

ALAS: 2016-703