Detections
Analytics

Oracle Linux 6 : kernel (ELSA-2011-0421)

high Nessus Plugin ID 68247

Language:

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0421 advisory.

 - [fs] Revert '[fs] inotify: stop kernel memory leak on file creation failure' (Eric Paris) [656831 656832] {CVE-2010-4250}
 - [dvb] kernel: av7110 negative array offset (Mauro Carvalho Chehab) [672403 672404] {CVE-2011-0521}
 - [fs] sunrpc: Correct a misapplied patch (J. Bruce Fields) [678094 678146] {CVE-2011-0714}
 - [netdrv] orinoco: fix TKIP countermeasure behaviour (Stanislaw Gruszka) [667908 667909] {CVE-2010-4648}
 - [s390x] remove task_show_regs (Danny Feng) [677854 677855] {CVE-2011-0710}
 - [ib] cm: Bump reference count on cm_id before invoking callback (Doug Ledford) [676190 676191] {CVE-2011-0695}
 - [rdma] cm: Fix crash in request handlers (Doug Ledford) [676190 676191] {CVE-2011-0695}
 - [net] bridge: Fix mglist corruption that leads to memory corruption (Herbert Xu) [678172 659421] {CVE-2011-0716}
 - [netdrv] cxgb3/cxgb3_main.c: prevent reading uninitialized stack memory (Doug Ledford) [633156 633157] {CVE-2010-3296}
 - [net] clear heap allocations for privileged ethtool actions (Jiri Pirko) [672434 672435] {CVE-2010-4655}
 - [usb] iowarrior: don't trust report_size for buffer size (Don Zickus) [672421 672422] {CVE-2010-4656}
 - [fs] inotify: stop kernel memory leak on file creation failure (Eric Paris) [656831 656832] {CVE-2010-4250}
 - [net] sctp: fix kernel panic resulting from mishandling of icmp dest unreachable msg (Neil Horman) [667028 667029] {CVE-2010-4526}
 - [mm] install_special_mapping skips security_file_mmap check (Frantisek Hrbata) [662198 662199] {CVE-2010-4346}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2011-0421.html

Plugin Details

Severity: High

ID: 68247

File Name: oraclelinux_ELSA-2011-0421.nasl

Version: 1.15

Type: local

Agent: unix

Published: 7/12/2013

Updated: 10/22/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2011-0521

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2010-4656

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-devel, p-cpe:/a:oracle:linux:perf, p-cpe:/a:oracle:linux:kernel-firmware, p-cpe:/a:oracle:linux:kernel-debug-devel, p-cpe:/a:oracle:linux:kernel-debug, p-cpe:/a:oracle:linux:kernel-headers, p-cpe:/a:oracle:linux:kernel, cpe:/o:oracle:linux:6

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 4/7/2011

Vulnerability Publication Date: 5/6/2010

Reference Information

CVE: CVE-2010-3296, CVE-2010-4346, CVE-2010-4526, CVE-2010-4648, CVE-2010-4655, CVE-2010-4656, CVE-2011-0521, CVE-2011-0695, CVE-2011-0710, CVE-2011-0716, CVE-2011-1478

BID: 43221, 45323, 45661, 45972, 45986, 46069, 46322, 46421, 46433, 46839, 47056

RHSA: 2011:0421