Test Kennung:	1.3.6.1.4.1.25623.1.1.2.2019.1062
Kategorie:	Huawei EulerOS Local Security Checks
Titel:	Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1062)
Zusammenfassung:	The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2019-1062 advisory.
Beschreibung:	Summary: The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2019-1062 advisory. Vulnerability Insight: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members.(CVE-2018-13405) A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in the Linux kernel allows a local user to cause a denial of service by a number of certain crafted system calls.(CVE-2018-1130) A flaw was found in the Linux kernel, before 4.16.6 where the cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.(CVE-2018-10940) The madvise_willneed function in the Linux kernel allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.(CVE-2017-18208) fuse-backed file mmap-ed onto process cmdline arguments causes denial of service.(CVE-2018-1120) Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel allows local users to cause a denial of service (kernel memory exhaustion) via multiple read accesses to files in the /sys/class/sas_phy directory.(CVE-2018-7757) A vulnerability was found in the Linux kernel's kernel/events/core.c:perf_cpu_time_max_percent_handler() function. Local privileged users could exploit this flaw to cause a denial of service due to integer overflow or possibly have unspecified other impact.(CVE-2017-18255) A flaw was found in the Linux kernel in the way a local user could create keyrings for other users via keyctl commands. This may allow an attacker to set unwanted defaults, a denial of service, or possibly leak keyring information between users.(CVE-2017-18270) The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c.(CVE-2017-7889) The code in the drivers/scsi/libsas/sas_scsi_host.c file in the Linux kernel allow a physically proximate attacker to cause a memory leak in the ATA command queue and, thus, denial of service by triggering certain failure conditions.(CVE-2018-10021) A flaw was found in the Linux kernel's client-side implementation of the cifs protocol. This flaw allows an attacker controlling the server to kernel panic a client which has the CIFS server mounted.(CVE-2018-1066) A flaw was found in the alarm_timer_nsleep() function in kernel/time/alarmtimer.c in the Linux kernel. The ktime_add_safe() function is not used and an integer overflow can happen causing an alarm not to fire or possibly a denial-of-service if using a large relative timeout.(CVE-2018-13053) An issue was discovered in the XFS filesystem in fs/xfs/libxfs/xfs_attr_leaf.c in ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'kernel' package(s) on Huawei EulerOS V2.0SP2. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-7889 BugTraq ID: 97690 http://www.securityfocus.com/bid/97690 Debian Security Information: DSA-3945 (Google Search) http://www.debian.org/security/2017/dsa-3945 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a4866aa812518ed1a37d8ea0c881dc946409de94 http://www.openwall.com/lists/oss-security/2017/04/16/4 https://github.com/torvalds/linux/commit/a4866aa812518ed1a37d8ea0c881dc946409de94 RedHat Security Advisories: RHSA-2017:1842 https://access.redhat.com/errata/RHSA-2017:1842 RedHat Security Advisories: RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2077 RedHat Security Advisories: RHSA-2017:2669 https://access.redhat.com/errata/RHSA-2017:2669 RedHat Security Advisories: RHSA-2018:1854 https://access.redhat.com/errata/RHSA-2018:1854 https://usn.ubuntu.com/3583-1/ https://usn.ubuntu.com/3583-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-1066 BugTraq ID: 103378 http://www.securityfocus.com/bid/103378 Debian Security Information: DSA-4187 (Google Search) https://www.debian.org/security/2018/dsa-4187 Debian Security Information: DSA-4188 (Google Search) https://www.debian.org/security/2018/dsa-4188 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cabfb3680f78981d26c078a26e5c748531257ebb https://bugzilla.redhat.com/show_bug.cgi?id=1539599 https://github.com/torvalds/linux/commit/cabfb3680f78981d26c078a26e5c748531257ebb https://patchwork.kernel.org/patch/10187633/ https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html https://usn.ubuntu.com/3880-1/ https://usn.ubuntu.com/3880-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-1120 BugTraq ID: 104229 http://www.securityfocus.com/bid/104229 https://www.exploit-db.com/exploits/44806/ https://security.gentoo.org/glsa/201805-14 https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html http://seclists.org/oss-sec/2018/q2/122 RedHat Security Advisories: RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:2948 RedHat Security Advisories: RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3083 RedHat Security Advisories: RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2018:3096 https://usn.ubuntu.com/3752-1/ https://usn.ubuntu.com/3752-2/ https://usn.ubuntu.com/3752-3/ https://usn.ubuntu.com/3910-1/ https://usn.ubuntu.com/3910-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-1130 https://syzkaller.appspot.com/bug?id=833568de043e0909b2aeaef7be136db39d21ba94 https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html https://marc.info/?l=linux-netdev&m=152036596825220&w=2 https://usn.ubuntu.com/3654-1/ https://usn.ubuntu.com/3654-2/ https://usn.ubuntu.com/3656-1/ https://usn.ubuntu.com/3697-1/ https://usn.ubuntu.com/3697-2/ https://usn.ubuntu.com/3698-1/ https://usn.ubuntu.com/3698-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-7757 BugTraq ID: 103348 http://www.securityfocus.com/bid/103348 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a491b1ab11ca0556d2fda1ff1301e862a2d44c4 https://github.com/torvalds/linux/commit/4a491b1ab11ca0556d2fda1ff1301e862a2d44c4 https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2018-7995 BugTraq ID: 103356 http://www.securityfocus.com/bid/103356 https://bugzilla.suse.com/show_bug.cgi?id=1084755 https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=b3b7c4795ccab5be71f080774c45bbbcc75c2aaf https://lkml.org/lkml/2018/3/2/970
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.