RHEL 4 : kernel (RHSA-2005:366)

high Nessus Plugin ID 18095

Synopsis

The remote Red Hat host is missing one or more security updates for kernel.

Description

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2005:366 advisory.

The Linux kernel handles the basic functions of the operating system.

A flaw in the fib_seq_start function was discovered. A local user could use this flaw to cause a denial of service (system crash) via /proc/net/route.
(CAN-2005-1041)

A flaw in the tmpfs file system was discovered. A local user could use this flaw to cause a denial of service (system crash). (CAN-2005-0977)

An integer overflow flaw was found when writing to a sysfs file. A local user could use this flaw to overwrite kernel memory, causing a denial of service (system crash) or arbitrary code execution. (CAN-2005-0867)

Keith Owens reported a flaw in the Itanium unw_unwind_to_user function. A local user could use this flaw to cause a denial of service (system crash) on Itanium architectures. (CAN-2005-0135)

A flaw in the NFS client O_DIRECT error case handling was discovered. A local user could use this flaw to cause a denial of service (system crash).
(CAN-2005-0207)

A small memory leak when defragmenting local packets was discovered that affected the Linux 2.6 kernel netfilter subsystem. A local user could send a large number of carefully crafted fragments leading to memory exhaustion (CAN-2005-0210)

A flaw was discovered in the Linux PPP driver. On systems allowing remote users to connect to a server using ppp, a remote client could cause a denial of service (system crash). (CAN-2005-0384)

A flaw was discovered in the ext2 file system code. When a new directory is created, the ext2 block written to disk is not initialized, which could lead to an information leak if a disk image is made available to unprivileged users. (CAN-2005-0400)

A flaw in fragment queuing was discovered that affected the Linux kernel netfilter subsystem. On systems configured to filter or process network packets (e.g. firewalling), a remote attacker could send a carefully crafted set of fragmented packets to a machine and cause a denial of service (system crash). In order to sucessfully exploit this flaw, the attacker would need to know or guess some aspects of the firewall ruleset on the target system. (CAN-2005-0449)

A number of flaws were found in the Linux 2.6 kernel. A local user could use these flaws to read kernel memory or cause a denial of service (crash).
(CAN-2005-0529, CAN-2005-0530, CAN-2005-0531)

An integer overflow in sys_epoll_wait in eventpoll.c was discovered. A local user could use this flaw to overwrite low kernel memory. This memory is usually unused, not usually resulting in a security consequence.
(CAN-2005-0736)

A flaw when freeing a pointer in load_elf_library was discovered. A local user could potentially use this flaw to cause a denial of service (crash).
(CAN-2005-0749)

A flaw was discovered in the bluetooth driver system. On systems where the bluetooth modules are loaded, a local user could use this flaw to gain elevated (root) privileges. (CAN-2005-0750)

A race condition was discovered that affected the Radeon DRI driver. A local user who has DRI privileges on a Radeon graphics card may be able to use this flaw to gain root privileges. (CAN-2005-0767)

Multiple range checking flaws were discovered in the iso9660 file system handler. An attacker could create a malicious file system image which would cause a denial or service or potentially execute arbitrary code if mounted.
(CAN-2005-0815)

A flaw was discovered when setting line discipline on a serial tty. A local user may be able to use this flaw to inject mouse movements or keystrokes when another user is logged in. (CAN-2005-0839)

Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum.

Please note that

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL kernel package based on the guidance in RHSA-2005:366.

See Also

http://www.nessus.org/u?cb3aaf5e

https://access.redhat.com/errata/RHSA-2005:366

https://access.redhat.com/security/updates/classification/#important

https://bugzilla.redhat.com/show_bug.cgi?id=147468

https://bugzilla.redhat.com/show_bug.cgi?id=148868

https://bugzilla.redhat.com/show_bug.cgi?id=148878

https://bugzilla.redhat.com/show_bug.cgi?id=149466

https://bugzilla.redhat.com/show_bug.cgi?id=149589

https://bugzilla.redhat.com/show_bug.cgi?id=151240

https://bugzilla.redhat.com/show_bug.cgi?id=151249

https://bugzilla.redhat.com/show_bug.cgi?id=151902

https://bugzilla.redhat.com/show_bug.cgi?id=152177

https://bugzilla.redhat.com/show_bug.cgi?id=152399

https://bugzilla.redhat.com/show_bug.cgi?id=152405

https://bugzilla.redhat.com/show_bug.cgi?id=152410

https://bugzilla.redhat.com/show_bug.cgi?id=152417

https://bugzilla.redhat.com/show_bug.cgi?id=152561

https://bugzilla.redhat.com/show_bug.cgi?id=154219

https://bugzilla.redhat.com/show_bug.cgi?id=154551

Plugin Details

Severity: High

ID: 18095

File Name: redhat-RHSA-2005-366.nasl

Version: 1.38

Type: local

Agent: unix

Published: 4/19/2005

Updated: 11/4/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2005-0867

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2005-0839

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel, p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel, cpe:/o:redhat:enterprise_linux:4, p-cpe:/a:redhat:enterprise_linux:kernel-hugemem, p-cpe:/a:redhat:enterprise_linux:kernel-smp, p-cpe:/a:redhat:enterprise_linux:kernel-devel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/9/2005

Vulnerability Publication Date: 3/9/2005

Reference Information

CVE: CVE-2005-0135, CVE-2005-0207, CVE-2005-0210, CVE-2005-0384, CVE-2005-0400, CVE-2005-0449, CVE-2005-0529, CVE-2005-0530, CVE-2005-0531, CVE-2005-0736, CVE-2005-0749, CVE-2005-0750, CVE-2005-0767, CVE-2005-0815, CVE-2005-0839, CVE-2005-0867, CVE-2005-0977, CVE-2005-1041

RHSA: 2005:366