Detections
Analytics

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

critical Nessus Plugin ID 61162

Language:

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security fixes :

 - The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important)

 - IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system's networking, preventing legitimate users from accessing its services. (CVE-2011-2699, Important)

 - A malicious CIFS (Common Internet File System) server could send a specially crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted. (CVE-2011-3191, Important)

 - A local attacker could use mount.ecryptfs_private to mount (and then access) a directory they would otherwise not have access to. Note: To correct this issue, a ecryptfs-utils update must also be installed.
 (CVE-2011-1833, Moderate)

 - A flaw in the taskstats subsystem could allow a local, unprivileged user to cause excessive CPU time and memory use. (CVE-2011-2484, Moderate)

 - Mapping expansion handling could allow a local, unprivileged user to cause a denial of service.
 (CVE-2011-2496, Moderate)

 - GRO (Generic Receive Offload) fields could be left in an inconsistent state. An attacker on the local network could use this flaw to cause a denial of service. GRO is enabled by default in all network drivers that support it. (CVE-2011-2723, Moderate)

 - A previous update introduced a regression in the Ethernet bridge implementation. If a system had an interface in a bridge, and an attacker on the local network could send packets to that interface, they could cause a denial of service on that system. Xen hypervisor and KVM (Kernel-based Virtual Machine) hosts often deploy bridge interfaces. (CVE-2011-2942, Moderate)

 - A flaw in the Xen hypervisor IOMMU error handling implementation could allow a privileged guest user, within a guest operating system that has direct control of a PCI device, to cause performance degradation on the host and possibly cause it to hang. (CVE-2011-3131, Moderate)

 - IPv4 and IPv6 protocol sequence number and fragment ID generation could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence number and fragment IDs are now more random.
 (CVE-2011-3188, Moderate)

 - A flaw in the kernel's clock implementation could allow a local, unprivileged user to cause a denial of service.
 (CVE-2011-3209, Moderate)

 - Non-member VLAN (virtual LAN) packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service. (CVE-2011-3347, Moderate)

 - A flaw in the auerswald USB driver could allow a local, unprivileged user to cause a denial of service or escalate their privileges by inserting a specially crafted USB device. (CVE-2009-4067, Low)

 - A flaw in the Trusted Platform Module (TPM) implementation could allow a local, unprivileged user to leak information to user space. (CVE-2011-1160, Low)

 - A local, unprivileged user could possibly mount a CIFS share that requires authentication without knowing the correct password if the mount was already mounted by another local user. (CVE-2011-1585, Low)

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?56da833f

Plugin Details

Severity: Critical

ID: 61162

File Name: sl_20111020_kernel_on_SL5_x.nasl

Version: 1.7

Type: local

Agent: unix

Published: 8/1/2012

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 10/20/2011

Vulnerability Publication Date: 6/24/2011

Reference Information

CVE: CVE-2009-4067, CVE-2011-1160, CVE-2011-1585, CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-2695, CVE-2011-2699, CVE-2011-2723, CVE-2011-2942, CVE-2011-3131, CVE-2011-3188, CVE-2011-3191, CVE-2011-3209, CVE-2011-3347