Virtuozzo 7 : readykernel-patch (VZA-2017-029)

high Nessus Plugin ID 99599
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Virtuozzo host is missing a security update.

Description

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :

- It was found that keyctl_set_reqkey_keyring() function leaked thread keyring which could allow an unprivileged local user to exhaust kernel memory.

- net/sctp/socket.c in the Linux kernel through 4.10.1 did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application.

- Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 could allow local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peeled off an association in a certain buffer-full state.

- Andrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options.
A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption).

- A vulnerability was discovered in the handling of pid namespaces in the kernel. A privileged user inside a container could trigger a kernel crash (NULL pointer dereference in proc_flush_task()) using a sequence of system calls including wait4().

Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the readykernel patch.

See Also

https://help.virtuozzo.com/customer/portal/articles/2792896

http://www.nessus.org/u?93e4e6f8

http://www.nessus.org/u?eaf94943

http://www.nessus.org/u?c1472b55

Plugin Details

Severity: High

ID: 99599

File Name: Virtuozzo_VZA-2017-029.nasl

Version: 3.10

Type: local

Published: 4/24/2017

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:virtuozzo:virtuozzo:readykernel, cpe:/o:virtuozzo:virtuozzo:7

Required KB Items: Host/local_checks_enabled, Host/Virtuozzo/release, Host/Virtuozzo/rpm-list, Host/readykernel-info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/20/2017

Exploitable With

Core Impact

Reference Information

CVE: CVE-2016-9793, CVE-2017-5986, CVE-2017-6353, CVE-2017-7472