Detections
Analytics
RHEL 6 : MRG (RHSA-2013:0829)
high Nessus Plugin ID 76660
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
Updated kernel-rt packages that fix several security issues and multiple bugs are now available for Red Hat Enterprise MRG 2.3.The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Security fixes :
* It was found that the kernel-rt update RHBA-2012:0044 introduced an integer conversion issue in the Linux kernel's Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-2094, Important)
A public exploit for CVE-2013-2094 that affects Red Hat Enterprise MRG 2 is available. Refer to Red Hat Knowledge Solution 373743, linked to in the References, for further information and mitigation instructions for users who are unable to immediately apply this update.
* An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the Intel i915 driver in the Linux kernel handled the allocation of the buffer used for relocation copies. A local user with console access could use this flaw to cause a denial of service or escalate their privileges. (CVE-2013-0913, Important)
* It was found that the Linux kernel used effective user and group IDs instead of real ones when passing messages with SCM_CREDENTIALS ancillary data. A local, unprivileged user could leverage this flaw with a set user ID (setuid) application, allowing them to escalate their privileges. (CVE-2013-1979, Important)
* A race condition in install_user_keyrings(), leading to a NULL pointer dereference, was found in the key management facility. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-1792, Moderate)
* A NULL pointer dereference flaw was found in the Linux kernel's XFS file system implementation. A local user who is able to mount an XFS file system could use this flaw to cause a denial of service.
(CVE-2013-1819, Moderate)
* An information leak was found in the Linux kernel's POSIX signals implementation. A local, unprivileged user could use this flaw to bypass the Address Space Layout Randomization (ASLR) security feature.
(CVE-2013-0914, Low)
* A use-after-free flaw was found in the tmpfs implementation. A local user able to mount and unmount a tmpfs file system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1767, Low)
* A NULL pointer dereference flaw was found in the Linux kernel's USB Inside Out Edgeport Serial Driver implementation. A local user with physical access to a system and with access to a USB device's tty file could use this flaw to cause a denial of service. (CVE-2013-1774, Low)
* A format string flaw was found in the ext3_msg() function in the Linux kernel's ext3 file system implementation. A local user who is able to mount an ext3 file system could use this flaw to cause a denial of service or, potentially, escalate their privileges.
(CVE-2013-1848, Low)
* A heap-based buffer overflow flaw was found in the Linux kernel's cdc-wdm driver, used for USB CDC WCM device management. An attacker with physical access to a system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1860, Low)
* A heap-based buffer overflow in the way the tg3 Ethernet driver parsed the vital product data (VPD) of devices could allow an attacker with physical access to a system to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1929, Low)
* Information leaks in the Linux kernel's cryptographic API could allow a local user who has the CAP_NET_ADMIN capability to leak kernel stack memory to user-space. (CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, Low)
* Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel stack memory to user-space.
(CVE-2013-2634, CVE-2013-2635, CVE-2013-3076, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225, CVE-2013-3231, Low)
Red Hat would like to thank Andy Lutomirski for reporting CVE-2013-1979. CVE-2013-1792 was discovered by Mateusz Guzik of Red Hat EMEA GSS SEG Team.
Solution
Update the affected packages.See Also
https://access.redhat.com/solutions/373743
https://access.redhat.com/errata/RHBA-2012:0044
http://www.nessus.org/u?687515f3
https://access.redhat.com/errata/RHSA-2013:0829
https://access.redhat.com/security/cve/cve-2013-1792
https://access.redhat.com/security/cve/cve-2013-1767
https://access.redhat.com/security/cve/cve-2013-0913
https://access.redhat.com/security/cve/cve-2013-1774
https://access.redhat.com/security/cve/cve-2013-2094
https://access.redhat.com/security/cve/cve-2013-1929
https://access.redhat.com/security/cve/cve-2013-3231
https://access.redhat.com/security/cve/cve-2013-2635
https://access.redhat.com/security/cve/cve-2013-1860
https://access.redhat.com/security/cve/cve-2013-3225
https://access.redhat.com/security/cve/cve-2013-3224
https://access.redhat.com/security/cve/cve-2013-2634
https://access.redhat.com/security/cve/cve-2013-3076
https://access.redhat.com/security/cve/cve-2013-2548
https://access.redhat.com/security/cve/cve-2013-1819
https://access.redhat.com/security/cve/cve-2013-3222
https://access.redhat.com/security/cve/cve-2013-0914
https://access.redhat.com/security/cve/cve-2013-1848
https://access.redhat.com/security/cve/cve-2013-2546
Plugin Details
Severity: High
ID: 76660
File Name: redhat-RHSA-2013-0829.nasl
Version: 1.19
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 7/22/2014
Updated: 9/16/2022
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.6
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 6.3
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2013-2094
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo, cpe:/o:redhat:enterprise_linux:6, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64, p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo, p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-debuginfo, p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-firmware, p-cpe:/a:redhat:enterprise_linux:mrg-rt-release, p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug, p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc, p-cpe:/a:redhat:enterprise_linux:kernel-rt-vanilla
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/20/2013
Vulnerability Publication Date: 2/28/2013
CISA Known Exploited Vulnerability Due Dates: 10/6/2022
Exploitable With
CANVAS (CANVAS)
Core Impact
Reference Information
CVE: CVE-2013-0913, CVE-2013-0914, CVE-2013-1767, CVE-2013-1774, CVE-2013-1792, CVE-2013-1819, CVE-2013-1848, CVE-2013-1860, CVE-2013-1929, CVE-2013-1979, CVE-2013-2094, CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, CVE-2013-2634, CVE-2013-2635, CVE-2013-3076, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225, CVE-2013-3231
BID: 58177, 58202, 58301, 58368, 58382, 58426, 58427, 58510, 58597, 58600, 58908, 59377, 59383, 59385, 59390, 59398, 59538, 59846
RHSA: 2013:0829