Oracle Linux 5 : ELSA-2013-0747-1: / kernel (ELSA-2013-07471) (deprecated)

medium Nessus Plugin ID 181115

Synopsis

This plugin has been deprecated.

Description

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-07471 advisory.

- The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages.
NOTE: some of these details are obtained from third party information. (CVE-2013-0231)

- The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. (CVE-2013-0216)

- net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.
(CVE-2012-6537)

- The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. (CVE-2012-6542)

- The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
(CVE-2012-6546)

- The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (CVE-2012-6547)

- The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability. (CVE-2013-1826)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

This plugin has been deprecated as it is a duplicate of oraclelinux_ELSA-2013-0747-1.nasl (plugin ID 68808).

See Also

https://linux.oracle.com/errata/ELSA-2013-0747-1.html

Plugin Details

Severity: Medium

ID: 181115

File Name: oraclelinux_ELSA-2013-07471.nasl

Version: 1.2

Type: local

Agent: unix

Published: 9/7/2023

Updated: 10/6/2023

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.2

Temporal Score: 4.9

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2013-1826

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:ocfs2-2.6.18-348.4.1.0.1.el5pae, cpe:/o:oracle:linux:5, p-cpe:/a:oracle:linux:kernel-xen, p-cpe:/a:oracle:linux:kernel-devel, p-cpe:/a:oracle:linux:ocfs2-2.6.18-348.4.1.0.1.el5, p-cpe:/a:oracle:linux:kernel-pae-devel, p-cpe:/a:oracle:linux:ocfs2-2.6.18-348.4.1.0.1.el5debug, p-cpe:/a:oracle:linux:oracleasm-2.6.18-348.4.1.0.1.el5pae, p-cpe:/a:oracle:linux:kernel-xen-devel, p-cpe:/a:oracle:linux:kernel-pae, p-cpe:/a:oracle:linux:oracleasm-2.6.18-348.4.1.0.1.el5xen, p-cpe:/a:oracle:linux:oracleasm-2.6.18-348.4.1.0.1.el5, p-cpe:/a:oracle:linux:oracleasm-2.6.18-348.4.1.0.1.el5debug, p-cpe:/a:oracle:linux:kernel-debug-devel, p-cpe:/a:oracle:linux:kernel-debug, p-cpe:/a:oracle:linux:ocfs2-2.6.18-348.4.1.0.1.el5xen, p-cpe:/a:oracle:linux:kernel-headers, p-cpe:/a:oracle:linux:kernel

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/16/2013

Vulnerability Publication Date: 2/5/2013

Reference Information

CVE: CVE-2012-6537, CVE-2012-6542, CVE-2012-6546, CVE-2012-6547, CVE-2013-0216, CVE-2013-0231, CVE-2013-1826