openSUSE 安全更新:kernel (openSUSE-SU-2014:0840-1)
high Nessus 插件 ID 76228
语言:
简介
远程 openSUSE 主机缺少安全更新。描述
Linux 内核已更新,修复了安全问题和缺陷。已修复的安全问题:CVE-2014-3153:Linux 内核的 kernel/futex.c 中的 futex_requeue 函数无法确保调用具有两个不同的 futex 地址,从而允许本地用户通过便于不安全等待程序进行修改的构建的 FUTEX_REQUEUE 命令获得权限。
CVE-2014-3144:Linux 内核的 net/core/filter.c 的 sk_run_filter 函数中的 (1) BPF_S_ANC_NLATTR 和 (2) BPF_S_ANC_NLATTR_NEST 扩展实现未检查某个特定长度值是否足够大,从而允许本地用户通过构建的 BPF 指令造成拒绝服务(整数下溢和系统崩溃)。注意:在漏洞公布之前,受影响的代码已经移动到 __skb_get_nlattr 和 __skb_get_nlattr_nest 函数。
CVE-2014-3145:Linux 内核中 net/core/filter.c 的 sk_run_filter 函数中的 BPF_S_ANC_NLATTR_NEST 扩展实现在某个特定减法中使用了逆序,从而允许本地用户通过构建的 BPF 指令造成拒绝服务(读取越界和系统崩溃)。注意:在漏洞公布之前,受影响的代码已经移动到 __skb_get_nlattr_nest 函数。
CVE-2014-0077:在禁用可合并缓冲区的情况下,Linux 内核中的 drivers/vhost/net.c 未正确验证数据包长度,从而允许客户机操作系统用户通过与 handle_rx 和 get_rx_bufs 函数相关的构建数据包造成拒绝服务(内存损坏和主机操作系统崩溃)或获得主机操作系统上的权限。
CVE-2014-0055:Linux 内核程序包的 vhost-net 子系统的 drivers/vhost/net.c 中的 get_rx_bufs 函数未正确处理 vhost_get_vq_desc 错误,从而允许客户机操作系统用户通过不明矢量造成拒绝服务(主机操作系统崩溃)。
CVE-2014-2678:Linux 内核的 net/rds/iw.c 中的 rds_iw_laddr_check 函数允许本地用户通过对系统上缺少 RDS 传输的 RDS 套接字的 bind 系统调用造成拒绝服务(空指针取消引用和系统崩溃)或造成其他不明影响。
CVE-2013-7339:Linux 内核的 net/rds/ib.c 中的 rds_ib_laddr_check 函数允许本地用户通过对系统上缺少 RDS 传输的 RDS 套接字的 bind 系统调用造成拒绝服务(空指针取消引用和系统崩溃)或造成其他不明影响。
CVE-2014-2851:Linux 内核的 net/ipv4/ping.c 的 ping_init_sock 函数中的整数溢出允许本地用户通过利用未正确管理的引用计数器构建的应用程序造成拒绝服务(释放后使用错误和系统崩溃)或获得权限。
- ext4:修复 ext4_alloc_branch() 中的缓冲区双重释放 (bnc#880599 bnc#876981)。
- patches.fixes/firewire-01-net-fix-use-after-free.patch、patches.fixes/firewire-02-ohci-fix-probe-failure-with-agere-lsi-controllers.patch、patches.fixes/firewire-03-dont-use-prepare_delayed_work。
patch:添加缺少的缺陷参考 (bnc#881697)。
- firewire:不使用 PREPARE_DELAYED_WORK。
- firewire:ohci:修复 Agere/LSI 控制器的探测失败。
- firewire:net:修复释放后使用。
- USB:OHCI:修复 ATI 控制器全局挂起问题 (bnc#868315)。
- mm:恢复“page-writeback.c:从 dirtyable 内存减去 min_free_kbytes”(bnc#879792)。
- usb:musb:tusb6010:使用 musb->tusb_revision,而不是 tusb_get_revision 调用 (bnc#872715)。
- usb:musb:tusb6010:向 struct musb 添加 tusb_revision 以存储修订 (bnc#872715)。
- ALSA:hda - 修复 Intel H97/Z97 芯片组中的板载音频 (bnc#880613)。
- floppy:添加区块 0 时不损坏 bio.bi_flags (bnc#879258)。
- reiserfs:调用 tailpack 互斥体下的 truncate_setsize (bnc#878115)。
- 更新 Xen 配置文件:将兼容性级别设置回 4.1 (bnc#851338)。
- 更新到配置文件。Guillaume GARDET 报告了因为 CONFIG_USB_SERIAL_GENERIC 模块化造成的版本受损。
- memcg:弃用 memory.force_empty 旋钮 (bnc#878274)。
- nfsd:重复使用现有 repcache 条目时,首先将其反哈希 (bnc#877721)。
- 再次为 i386 和 x86_64 启用 Socketcan (bnc#858067)
- xhci:扩展 Renesas 卡的 quirk (bnc#877713)。
- xhci:修复三星笔记本电脑中 Renesas 芯片上的恢复问题 (bnc#877713)。
- mm:try_to_unmap_cluster() 应在 mlocking 前执行 lock_page()(bnc#876102,CVE-2014-3122)。
- drm/i915,HD-audio:提供了 nomodeset 时不继续探测 (bnc#882648)。
- x86/mm/numa:修复 32 位内核 NUMA 引导 (bnc#881727)。
解决方案
更新受影响的 kernel 程序包。另见
https://bugzilla.novell.com/show_bug.cgi?id=881727
https://bugzilla.novell.com/show_bug.cgi?id=882648
https://lists.opensuse.org/opensuse-updates/2014-06/msg00050.html
https://bugzilla.novell.com/show_bug.cgi?id=851338
https://bugzilla.novell.com/show_bug.cgi?id=858067
https://bugzilla.novell.com/show_bug.cgi?id=868315
https://bugzilla.novell.com/show_bug.cgi?id=869563
https://bugzilla.novell.com/show_bug.cgi?id=870173
https://bugzilla.novell.com/show_bug.cgi?id=870576
https://bugzilla.novell.com/show_bug.cgi?id=871561
https://bugzilla.novell.com/show_bug.cgi?id=872715
https://bugzilla.novell.com/show_bug.cgi?id=873374
https://bugzilla.novell.com/show_bug.cgi?id=876102
https://bugzilla.novell.com/show_bug.cgi?id=876981
https://bugzilla.novell.com/show_bug.cgi?id=877257
https://bugzilla.novell.com/show_bug.cgi?id=877713
https://bugzilla.novell.com/show_bug.cgi?id=877721
https://bugzilla.novell.com/show_bug.cgi?id=878115
https://bugzilla.novell.com/show_bug.cgi?id=878274
https://bugzilla.novell.com/show_bug.cgi?id=879258
https://bugzilla.novell.com/show_bug.cgi?id=879792
https://bugzilla.novell.com/show_bug.cgi?id=880599
https://bugzilla.novell.com/show_bug.cgi?id=880613
插件详情
严重性: High
ID: 76228
文件名: openSUSE-2014-441.nasl
版本: 1.15
类型: local
代理: unix
发布时间: 2014/6/26
最近更新时间: 2022/5/25
支持的传感器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
风险信息
VPR
风险因素: Critical
分数: 9.7
CVSS v2
风险因素: High
基本分数: 7.2
时间分数: 5.6
矢量: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
漏洞信息
CPE: p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-pae, p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-xen, p-cpe:/a:novell:opensuse:cloop, p-cpe:/a:novell:opensuse:cloop-debuginfo, p-cpe:/a:novell:opensuse:cloop-debugsource, p-cpe:/a:novell:opensuse:cloop-kmp-default, p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:cloop-kmp-desktop, p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:cloop-kmp-pae, p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:cloop-kmp-xen, p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:crash, p-cpe:/a:novell:opensuse:crash-debuginfo, p-cpe:/a:novell:opensuse:crash-debugsource, p-cpe:/a:novell:opensuse:crash-devel, p-cpe:/a:novell:opensuse:crash-eppic, p-cpe:/a:novell:opensuse:crash-eppic-debuginfo, p-cpe:/a:novell:opensuse:crash-gcore, p-cpe:/a:novell:opensuse:crash-gcore-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-default, p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-desktop, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debugsource, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-debugsource, p-cpe:/a:novell:opensuse:hdjmod-kmp-default, p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop, p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-kmp-pae, p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-kmp-xen, p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:ipset, p-cpe:/a:novell:opensuse:ipset-debuginfo, p-cpe:/a:novell:opensuse:ipset-debugsource, p-cpe:/a:novell:opensuse:ipset-devel, p-cpe:/a:novell:opensuse:ipset-kmp-default, p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:ipset-kmp-desktop, p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:ipset-kmp-pae, p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:ipset-kmp-xen, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debugsource, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo, p-cpe:/a:novell:opensuse:libipset3, p-cpe:/a:novell:opensuse:libipset3-debuginfo, p-cpe:/a:novell:opensuse:ndiswrapper, p-cpe:/a:novell:opensuse:ndiswrapper-debuginfo, p-cpe:/a:novell:opensuse:ndiswrapper-debugsource, p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default, p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop, p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae, p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:pcfclock, p-cpe:/a:novell:opensuse:pcfclock-debuginfo, p-cpe:/a:novell:opensuse:pcfclock-debugsource, p-cpe:/a:novell:opensuse:pcfclock-kmp-default, p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop, p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:pcfclock-kmp-pae, p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:python-virtualbox, p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-debugsource, p-cpe:/a:novell:opensuse:vhba-kmp-default, p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-desktop, p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-pae, p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-xen, p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:virtualbox, p-cpe:/a:novell:opensuse:virtualbox-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-debugsource, p-cpe:/a:novell:opensuse:virtualbox-devel, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-tools, p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-x11, p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-qt, p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-websrv, p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo, p-cpe:/a:novell:opensuse:xen, p-cpe:/a:novell:opensuse:xen-debugsource, p-cpe:/a:novell:opensuse:xen-devel, p-cpe:/a:novell:opensuse:xen-doc-html, p-cpe:/a:novell:opensuse:xen-kmp-default, p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:xen-kmp-desktop, p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:xen-kmp-pae, p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:xen-libs, p-cpe:/a:novell:opensuse:xen-libs-32bit, p-cpe:/a:novell:opensuse:xen-libs-debuginfo, p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit, p-cpe:/a:novell:opensuse:xen-tools, p-cpe:/a:novell:opensuse:xen-tools-debuginfo, p-cpe:/a:novell:opensuse:xen-tools-domu, p-cpe:/a:novell:opensuse:xen-tools-domu-debuginfo, p-cpe:/a:novell:opensuse:xen-xend-tools, p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons, p-cpe:/a:novell:opensuse:xtables-addons-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons-debugsource, p-cpe:/a:novell:opensuse:xtables-addons-kmp-default, p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop, p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae, p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen, p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo, cpe:/o:novell:opensuse:13.1, p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:iscsitarget, p-cpe:/a:novell:opensuse:iscsitarget-debuginfo, p-cpe:/a:novell:opensuse:iscsitarget-debugsource, p-cpe:/a:novell:opensuse:iscsitarget-kmp-default, p-cpe:/a:novell:opensuse:iscsitarget-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop, p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae, p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen, p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource
必需的 KB 项: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
可利用: true
易利用性: Exploits are available
补丁发布日期: 2014/6/19
CISA 已知可遭利用的漏洞到期日期: 2022/6/15
可利用的方式
CANVAS (CANVAS)
Core Impact
Metasploit (Android "Towelroot" Futex Requeue Kernel Exploit)
参考资料信息
CVE: CVE-2013-7339, CVE-2014-0055, CVE-2014-0077, CVE-2014-2678, CVE-2014-2851, CVE-2014-3122, CVE-2014-3144, CVE-2014-3145, CVE-2014-3153
BID: 66351, 66441, 66543, 66678, 66779, 67162, 67309, 67321, 67906