RHEL 4 : kernel (RHSA-2009:0331)

medium Nessus Plugin ID 35919

Synopsis

The remote Red Hat host is missing one or more security updates for kernel.

Description

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2009:0331 advisory.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update addresses the following security issues:

* a buffer overflow was found in the Linux kernel Partial Reliable Stream Control Transmission Protocol (PR-SCTP) implementation. This could, potentially, lead to a denial of service if a Forward-TSN chunk is received with a large stream ID. (CVE-2009-0065, Important)

* a memory leak was found in keyctl handling. A local, unprivileged user could use this flaw to deplete kernel memory, eventually leading to a denial of service. (CVE-2009-0031, Important)

* a deficiency was found in the Remote BIOS Update (RBU) driver for Dell systems. This could allow a local, unprivileged user to cause a denial of service by reading zero bytes from the image_type or packet_size file in /sys/devices/platform/dell_rbu/. (CVE-2009-0322, Important)

* a deficiency was found in the libATA implementation. This could, potentially, lead to a denial of service. Note: by default, /dev/sg* devices are accessible only to the root user. (CVE-2008-5700, Low)

This update also fixes the following bugs:

* when the hypervisor changed a page table entry (pte) mapping from read-only to writable via a make_writable hypercall, accessing the changed page immediately following the change caused a spurious page fault. When trying to install a para-virtualized Red Hat Enterprise Linux 4 guest on a Red Hat Enterprise Linux 5.3 dom0 host, this fault crashed the installer with a kernel backtrace. With this update, the spurious page fault is handled properly. (BZ#483748)

* net_rx_action could detect its cpu poll_list as non-empty, but have that same list reduced to empty by the poll_napi path. This resulted in garbage data being returned when net_rx_action calls list_entry, which subsequently resulted in several possible crash conditions. The race condition in the network code which caused this has been fixed. (BZ#475970, BZ#479681, BZ#480741)

* a misplaced memory barrier at unlock_buffer() could lead to a concurrent h_refcounter update which produced a reference counter leak and, later, a double free in ext3_xattr_release_block(). Consequent to the double free, ext3 reported an error

ext3_free_blocks_sb: bit already cleared for block [block number]

and mounted itself as read-only. With this update, the memory barrier is now placed before the buffer head lock bit, forcing the write order and preventing the double free. (BZ#476533)

* when the iptables module was unloaded, it was assumed the correct entry for removal had been found if wrapper->ops->pf matched the value passed in by reg->pf. If several ops ranges were registered against the same protocol family, however, (which was likely if you had both ip_conntrack and ip_contrack_* loaded) this assumption could lead to NULL list pointers and cause a kernel panic. With this update, wrapper->ops is matched to pointer values reg, which ensures the correct entry is removed and results in no NULL list pointers. (BZ#477147)

* when the pidmap page (used for tracking process ids, pids) incremented to an even page (ie the second, fourth, sixth, etc. pidmap page), the alloc_pidmap() routine skipped the page. This resulted in holes in the allocated pids. For example, after pid 32767, you would expect 32768 to be allocated. If the page skipping behavior presented, however, the pid allocated after 32767 was 65536. With this update, alloc_pidmap() no longer skips alternate pidmap pages and allocated pid holes no longer occur. This fix also corrects an error which allowed pid_max to be set higher than the pid_max limit has been corrected. (BZ#479182)

All Red Hat Enterprise Linux 4 users should upgrade to these updated packages, which contain backported patches to resolve these issues. The system must be rebooted for this update to take effect.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL kernel package based on the guidance in RHSA-2009:0331.

See Also

http://www.nessus.org/u?ee47db58

http://www.redhat.com/security/updates/classification/#important

https://bugzilla.redhat.com/show_bug.cgi?id=474495

https://bugzilla.redhat.com/show_bug.cgi?id=475970

https://bugzilla.redhat.com/show_bug.cgi?id=476533

https://bugzilla.redhat.com/show_bug.cgi?id=477147

https://bugzilla.redhat.com/show_bug.cgi?id=478800

https://bugzilla.redhat.com/show_bug.cgi?id=479182

https://bugzilla.redhat.com/show_bug.cgi?id=479681

https://bugzilla.redhat.com/show_bug.cgi?id=480592

https://bugzilla.redhat.com/show_bug.cgi?id=480741

https://bugzilla.redhat.com/show_bug.cgi?id=482866

https://bugzilla.redhat.com/show_bug.cgi?id=483748

https://access.redhat.com/errata/RHSA-2009:0331

Plugin Details

Severity: Medium

ID: 35919

File Name: redhat-RHSA-2009-0331.nasl

Version: 1.29

Type: local

Agent: unix

Published: 3/13/2009

Updated: 11/4/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2009-0065

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2009-0322

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kernel-smp-devel, p-cpe:/a:redhat:enterprise_linux:kernel, p-cpe:/a:redhat:enterprise_linux:kernel-hugemem-devel, cpe:/o:redhat:enterprise_linux:4, p-cpe:/a:redhat:enterprise_linux:kernel-largesmp-devel, p-cpe:/a:redhat:enterprise_linux:kernel-xenu, p-cpe:/a:redhat:enterprise_linux:kernel-largesmp, p-cpe:/a:redhat:enterprise_linux:kernel-hugemem, p-cpe:/a:redhat:enterprise_linux:kernel-smp, p-cpe:/a:redhat:enterprise_linux:kernel-devel, p-cpe:/a:redhat:enterprise_linux:kernel-xenu-devel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/12/2009

Vulnerability Publication Date: 12/22/2008

Reference Information

CVE: CVE-2008-5700, CVE-2009-0031, CVE-2009-0065, CVE-2009-0322

BID: 33113

CWE: 119

RHSA: 2009:0331