Oracle Linux 5 / 6 : Unbreakable Enterprise kernel Security (ELSA-2014-3083)

medium Nessus Plugin ID 78580

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-3083 advisory.

- sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not ensure possession of a read/write lock, which allows local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access.
(CVE-2014-4653)

- The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allows local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call. (CVE-2014-4654)

- The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 does not properly maintain the user_ctl_count value, which allows local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. (CVE-2014-4655)

- The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. (CVE-2014-5077)

- The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings. (CVE-2014-3122)

- Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read- write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program. (CVE-2013-2596)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2014-3083.html

Plugin Details

Severity: Medium

ID: 78580

File Name: oraclelinux_ELSA-2014-3083.nasl

Version: 1.17

Type: local

Agent: unix

Published: 10/20/2014

Updated: 9/16/2022

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 6

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2013-2596

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek-firmware, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-headers, p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.9.el5uekdebug, p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.9.el5uek, cpe:/o:oracle:linux:5, p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.9.el5uek, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.9.el6uek, p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.9.el6uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:ofa-2.6.32-400.36.9.el6uekdebug, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.9.el6uekdebug, p-cpe:/a:oracle:linux:mlnx_en-2.6.32-400.36.9.el5uekdebug, cpe:/o:oracle:linux:6

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/17/2014

Vulnerability Publication Date: 4/13/2013

CISA Known Exploited Vulnerability Due Dates: 10/6/2022

Reference Information

CVE: CVE-2013-2596, CVE-2014-3122, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-5077

BID: 59264, 67162, 68162, 68164, 68881