Scientific Linux Security Update : kernel on SL4.x i386/x86_64

high Nessus Plugin ID 60728

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

CVE-2009-3889 CVE-2009-3939 kernel: megaraid_sas permissions in sysfs

CVE-2009-3080 kernel: gdth: Prevent negative offsets in ioctl

CVE-2009-4005 kernel: isdn: hfc_usb: fix read buffer overflow

CVE-2009-4020 kernel: hfs buffer overflow

This update fixes the following security issues :

- an array index error was found in the gdth driver in the Linux kernel. A local user could send a specially crafted IOCTL request that would cause a denial of service or, possibly, privilege escalation.
(CVE-2009-3080, Important)

- a flaw was found in the collect_rx_frame() function in the HiSax ISDN driver (hfc_usb) in the Linux kernel. An attacker could use this flaw to send a specially crafted HDLC packet that could trigger a buffer out of bounds, possibly resulting in a denial of service.
(CVE-2009-4005, Important)

- permission issues were found in the megaraid_sas driver (for SAS based RAID controllers) in the Linux kernel.
The 'dbg_lvl' and 'poll_mode_io' files on the sysfs file system ('/sys/') had world-writable permissions. This could allow local, unprivileged users to change the behavior of the driver. (CVE-2009-3889, CVE-2009-3939, Moderate)

- a buffer overflow flaw was found in the hfs_bnode_read() function in the HFS file system implementation in the Linux kernel. This could lead to a denial of service if a user browsed a specially crafted HFS file system, for example, by running 'ls'. (CVE-2009-4020, Low)

This update also fixes the following bugs :

- if a process was using ptrace() to trace a multi-threaded process, and that multi-threaded process dumped its core, the process performing the trace could hang in wait4(). This issue could be triggered by running 'strace -f' on a multi-threaded process that was dumping its core, resulting in the strace command hanging. (BZ#555869)

- a bug in the ptrace() implementation could have, in some cases, caused ptrace_detach() to create a zombie process if the process being traced was terminated with a SIGKILL signal. (BZ#555869)

- the kernel-2.6.9-89.0.19.EL update resolved an issue (CVE-2009-4537) in the Realtek r8169 Ethernet driver.
This update implements a better solution for that issue.
Note: This is not a security regression. The original fix was complete. This update is adding the official upstream fix. (BZ#556406)

The system must be rebooted for this update to take effect.

Solution

Update the affected packages.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=555869

https://bugzilla.redhat.com/show_bug.cgi?id=556406

http://www.nessus.org/u?256ab77b

Plugin Details

Severity: High

ID: 60728

File Name: sl_20100202_kernel_on_SL4_x.nasl

Version: 1.11

Type: local

Agent: unix

Published: 8/1/2012

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2/2/2010

Reference Information

CVE: CVE-2009-3080, CVE-2009-3889, CVE-2009-3939, CVE-2009-4005, CVE-2009-4020, CVE-2009-4537

CWE: 119, 20, 264