openSUSE 安全性更新:核心 (openSUSE-SU-2014:0840-1)
high Nessus Plugin ID 76228
語系:
概要
遠端 openSUSE 主機缺少安全性更新。說明
Linux 核心已經更新,修正了多個安全性問題和錯誤。已修正的安全性問題:CVE-2014-3153:Linux 核心之 kernel/futex.c 的 futex_requeue 函式不確定呼叫具有兩個不同的 futex 位址,這可讓本機使用者透過有助於不安全等候者修改的特製 FUTEX_REQUEUE 命令取得權限。
CVE-2014-3144:在 Linux 核心之 net/core/filter.c 的 sk_run_filter 函式中,(1) BPF_S_ANC_NLATTR 和 (2) BPF_S_ANC_NLATTR_NEST 延伸模組實作並未檢查特定長度值是否夠大,進而允許本機使用者透過特製的 BPF 指令引發拒絕服務 (整數反向溢位和系統當機)。注意:公告該弱點前,受影響的程式碼已移至
__skb_get_nlattr 和 __skb_get_nlattr_nest 函式。
CVE-2014-3145:在 Linux 核心之 net/core/filter.c 的 sk_run_filter 函式中,BPF_S_ANC_NLATTR_NEST 延伸模組實作在特定減法中使用了相反順序,進而允許本機使用者透過特製的 BPF 指令引發拒絕服務 (過度讀取和系統當機)。請注意:該弱點公告前,受影響的程式碼已移至
__skb_get_nlattr_nest 函式。
CVE-2014-0077:停用可合併緩衝區時,Linux 核心中的 drivers/vhost/net.c 並未正確驗證封包長度,從而允許來賓 OS 使用者透過與 handle_rx 和 get_rx_bufs 函式相關的特製封包,引發拒絕服務 (記憶體損毀和主機 OS 當機),或可能取得主機 OS 上的權限。
CVE-2014-0055:Linux 核心套件 vhost-net 子系統的 drivers/vhost/net.c 中的 get_rx_bufs 函式並未正確處理 vhost_get_vq_desc 錯誤,從而允許來賓 OS 使用者透過不明向量造成拒絕服務 (主機 OS 當機)。
CVE-2014-2678:Linux 核心之 net/rds/iw.c 中的 rds_iw_laddr_check 函式允許本機使用者透過對缺少 RDS 傳輸之系統上的 RDS 通訊端進行繫結系統呼叫,來造成拒絕服務 (NULL 指標解除參照與系統當機),或可能產生其他不明影響。
CVE-2013-7339:Linux 核心之 net/rds/ib.c 中的 rds_ib_laddr_check 函式允許本機使用者透過對缺少 RDS 傳輸之系統上的 RDS 通訊端進行繫結系統呼叫,來造成拒絕服務 (NULL 指標解除參照與系統當機),或可能產生其他不明影響。
CVE-2014-2851:Linux 核心之 net/ipv4/ping.c 的 ping_init_sock 函式中的整數溢位允許本機使用者透過利用不當管理之參照計數器的特製應用程式造成拒絕服務 (釋放後使用及系統當機),或可能取得權限。
- ext4:修正 ext4_alloc_branch() 中的緩衝區重複釋放 (bnc#880599 bnc#876981)。
- patches.fixes/firewire-01-net-fix-use-after-free.patch、patches.fixes/firewire-02-ohci-fix-probe-failure-with-agere-lsi-controllers.patch、patches.fixes/firewire-03-dont-use-prepare_delayed_work。
patch:新增遺漏的錯誤參照 (bnc#881697)。
- firewire:不使用 PREPARE_DELAYED_WORK。
- firewire:ohci:修正 Agere/LSI 控制器的探查失敗。
- firewire:net:修正釋放後使用。
- USB:OHCI:修正 ATI 控制器上全域暫停的問題 (bnc#868315)。
- mm:還原「page-writeback.c:從 dirtyable 記憶體減去 min_free_kbytes」(bnc#879792)。
- usb:musb:tusb6010:使用 musb->tusb_revision 而非 tusb_get_revision 呼叫 (bnc#872715)。
- usb:musb:tusb6010:將 tusb_revision 新增至 struct musb 以儲存修訂版 (bnc#872715)。
- ALSA:hda - 修正 Intel H97/Z97 晶片組上的內建音訊 (bnc#880613)。
- floppy:讀取區塊 0 時,不損毀 bio.bi_flags (bnc#879258)。
- reiserfs:呼叫 tailpack mutex 下的 truncate_setsize (bnc#878115)。
- 更新 Xen 組態檔:將相容性層級設回 4.1 (bnc#851338)。
- 更新組態檔。Guillaume GARDET 報告版本損毀,這是因為 CONFIG_USB_SERIAL_GENERIC 模組化所致
- memcg:淘汰 memory.force_empty knob (bnc#878274)。
- nfsd:重複使用現有的 repcache 項目時,先將其取消雜湊 (bnc#877721)。
- 為 i386 和 x86_64 再次啟用 Socketcan (bnc#858067)
- xhci:延伸 Renesas 卡的 quirk (bnc#877713)。
- xhci:修正 Samsung 筆記型電腦 Renesas 晶片的繼續問題 (bnc#877713)。
- mm:try_to_unmap_cluster() 應該在 mlocking 之前執行 lock_page() (bnc#876102、CVE-2014-3122)。
- drm/i915、HD-audio:提供 nomodeset 時,不繼續探查 (bnc#882648)。
- x86/mm/numa:修正 32 位元核心 NUMA 開機 (bnc#881727)。
解決方案
更新受影響的 kernel 套件。另請參閱
https://bugzilla.novell.com/show_bug.cgi?id=881727
https://bugzilla.novell.com/show_bug.cgi?id=882648
https://lists.opensuse.org/opensuse-updates/2014-06/msg00050.html
https://bugzilla.novell.com/show_bug.cgi?id=851338
https://bugzilla.novell.com/show_bug.cgi?id=858067
https://bugzilla.novell.com/show_bug.cgi?id=868315
https://bugzilla.novell.com/show_bug.cgi?id=869563
https://bugzilla.novell.com/show_bug.cgi?id=870173
https://bugzilla.novell.com/show_bug.cgi?id=870576
https://bugzilla.novell.com/show_bug.cgi?id=871561
https://bugzilla.novell.com/show_bug.cgi?id=872715
https://bugzilla.novell.com/show_bug.cgi?id=873374
https://bugzilla.novell.com/show_bug.cgi?id=876102
https://bugzilla.novell.com/show_bug.cgi?id=876981
https://bugzilla.novell.com/show_bug.cgi?id=877257
https://bugzilla.novell.com/show_bug.cgi?id=877713
https://bugzilla.novell.com/show_bug.cgi?id=877721
https://bugzilla.novell.com/show_bug.cgi?id=878115
https://bugzilla.novell.com/show_bug.cgi?id=878274
https://bugzilla.novell.com/show_bug.cgi?id=879258
https://bugzilla.novell.com/show_bug.cgi?id=879792
https://bugzilla.novell.com/show_bug.cgi?id=880599
https://bugzilla.novell.com/show_bug.cgi?id=880613
Plugin 詳細資訊
嚴重性: High
ID: 76228
檔案名稱: openSUSE-2014-441.nasl
版本: 1.15
類型: local
代理程式: unix
已發布: 2014/6/26
已更新: 2022/5/25
支援的感應器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
風險資訊
VPR
風險因素: Critical
分數: 9.7
CVSS v2
風險因素: High
基本分數: 7.2
時間分數: 5.6
媒介: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
弱點資訊
CPE: p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-pae, p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-xen, p-cpe:/a:novell:opensuse:cloop, p-cpe:/a:novell:opensuse:cloop-debuginfo, p-cpe:/a:novell:opensuse:cloop-debugsource, p-cpe:/a:novell:opensuse:cloop-kmp-default, p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:cloop-kmp-desktop, p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:cloop-kmp-pae, p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:cloop-kmp-xen, p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:crash, p-cpe:/a:novell:opensuse:crash-debuginfo, p-cpe:/a:novell:opensuse:crash-debugsource, p-cpe:/a:novell:opensuse:crash-devel, p-cpe:/a:novell:opensuse:crash-eppic, p-cpe:/a:novell:opensuse:crash-eppic-debuginfo, p-cpe:/a:novell:opensuse:crash-gcore, p-cpe:/a:novell:opensuse:crash-gcore-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-default, p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:crash-kmp-desktop, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debugsource, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-debugsource, p-cpe:/a:novell:opensuse:hdjmod-kmp-default, p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop, p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-kmp-pae, p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:hdjmod-kmp-xen, p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:ipset, p-cpe:/a:novell:opensuse:ipset-debuginfo, p-cpe:/a:novell:opensuse:ipset-debugsource, p-cpe:/a:novell:opensuse:ipset-devel, p-cpe:/a:novell:opensuse:ipset-kmp-default, p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:ipset-kmp-desktop, p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:ipset-kmp-pae, p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:ipset-kmp-xen, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debugsource, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo, p-cpe:/a:novell:opensuse:libipset3, p-cpe:/a:novell:opensuse:libipset3-debuginfo, p-cpe:/a:novell:opensuse:ndiswrapper, p-cpe:/a:novell:opensuse:ndiswrapper-debuginfo, p-cpe:/a:novell:opensuse:ndiswrapper-debugsource, p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default, p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop, p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae, p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:pcfclock, p-cpe:/a:novell:opensuse:pcfclock-debuginfo, p-cpe:/a:novell:opensuse:pcfclock-debugsource, p-cpe:/a:novell:opensuse:pcfclock-kmp-default, p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop, p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:pcfclock-kmp-pae, p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:python-virtualbox, p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-debugsource, p-cpe:/a:novell:opensuse:vhba-kmp-default, p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-desktop, p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-pae, p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:vhba-kmp-xen, p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:virtualbox, p-cpe:/a:novell:opensuse:virtualbox-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-debugsource, p-cpe:/a:novell:opensuse:virtualbox-devel, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae, p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-tools, p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-guest-x11, p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae, p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-qt, p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo, p-cpe:/a:novell:opensuse:virtualbox-websrv, p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo, p-cpe:/a:novell:opensuse:xen, p-cpe:/a:novell:opensuse:xen-debugsource, p-cpe:/a:novell:opensuse:xen-devel, p-cpe:/a:novell:opensuse:xen-doc-html, p-cpe:/a:novell:opensuse:xen-kmp-default, p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:xen-kmp-desktop, p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:xen-kmp-pae, p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:xen-libs, p-cpe:/a:novell:opensuse:xen-libs-32bit, p-cpe:/a:novell:opensuse:xen-libs-debuginfo, p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit, p-cpe:/a:novell:opensuse:xen-tools, p-cpe:/a:novell:opensuse:xen-tools-debuginfo, p-cpe:/a:novell:opensuse:xen-tools-domu, p-cpe:/a:novell:opensuse:xen-tools-domu-debuginfo, p-cpe:/a:novell:opensuse:xen-xend-tools, p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons, p-cpe:/a:novell:opensuse:xtables-addons-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons-debugsource, p-cpe:/a:novell:opensuse:xtables-addons-kmp-default, p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop, p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae, p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen, p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo, cpe:/o:novell:opensuse:13.1, p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:iscsitarget, p-cpe:/a:novell:opensuse:iscsitarget-debuginfo, p-cpe:/a:novell:opensuse:iscsitarget-debugsource, p-cpe:/a:novell:opensuse:iscsitarget-kmp-default, p-cpe:/a:novell:opensuse:iscsitarget-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop, p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae, p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae-debuginfo, p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen, p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource
必要的 KB 項目: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
可被惡意程式利用: true
可輕鬆利用: Exploits are available
修補程式發佈日期: 2014/6/19
CISA 已知遭惡意利用弱點到期日: 2022/6/15
可惡意利用
CANVAS (CANVAS)
Core Impact
Metasploit (Android "Towelroot" Futex Requeue Kernel Exploit)
參考資訊
CVE: CVE-2013-7339, CVE-2014-0055, CVE-2014-0077, CVE-2014-2678, CVE-2014-2851, CVE-2014-3122, CVE-2014-3144, CVE-2014-3145, CVE-2014-3153
BID: 66351, 66441, 66543, 66678, 66779, 67162, 67309, 67321, 67906