RHEL 4 : kernel (RHSA-2009:0014)

This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated kernel packages that resolve several security issues and fix
various bugs are now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update addresses the following security issues :

* the sendmsg() function in the Linux kernel did not block during UNIX
socket garbage collection. This could, potentially, lead to a local
denial of service. (CVE-2008-5300, Important)

* when fput() was called to close a socket, the __scm_destroy()
function in the Linux kernel could make indirect recursive calls to
itself. This could, potentially, lead to a local denial of service.
(CVE-2008-5029, Important)

* a deficiency was found in the Linux kernel virtual file system (VFS)
implementation. This could allow a local, unprivileged user to make a
series of file creations within deleted directories, possibly causing
a denial of service. (CVE-2008-3275, Moderate)

* a buffer underflow flaw was found in the Linux kernel IB700 SBC
watchdog timer driver. This deficiency could lead to a possible
information leak. By default, the '/dev/watchdog' device is accessible
only to the root user. (CVE-2008-5702, Low)

* the hfs and hfsplus file systems code failed to properly handle
corrupted data structures. This could, potentially, lead to a local
denial of service. (CVE-2008-4933, CVE-2008-5025, Low)

* a flaw was found in the hfsplus file system implementation. This
could, potentially, lead to a local denial of service when write
operations were performed. (CVE-2008-4934, Low)

This update also fixes the following bugs :

* when running Red Hat Enterprise Linux 4.6 and 4.7 on some systems
running Intel® CPUs, the cpuspeed daemon did not run, preventing the
CPU speed from being changed, such as not being reduced to an idle
state when not in use.

* mmap() could be used to gain access to beyond the first megabyte of
RAM, due to insufficient checks in the Linux kernel code. Checks have
been added to prevent this.

* attempting to turn keyboard LEDs on and off rapidly on keyboards
with slow keyboard controllers, may have caused key presses to fail.

* after migrating a hypervisor guest, the MAC address table was not
updated, causing packet loss and preventing network connections to the
guest. Now, a gratuitous ARP request is sent after migration. This
refreshes the ARP caches, minimizing network downtime.

* writing crash dumps with diskdump may have caused a kernel panic on
Non-Uniform Memory Access (NUMA) systems with certain memory
configurations.

* on big-endian systems, such as PowerPC, the getsockopt() function
incorrectly returned 0 depending on the parameters passed to it when
the time to live (TTL) value equaled 255, possibly causing memory
corruption and application crashes.

* a problem in the kernel packages provided by the RHSA-2008:0508
advisory caused the Linux kernel's built-in memory copy procedure to
return the wrong error code after recovering from a page fault on
AMD64 and Intel 64 systems. This may have caused other Linux kernel
functions to return wrong error codes.

* a divide-by-zero bug in the Linux kernel process scheduler, which
may have caused kernel panics on certain systems, has been resolved.

* the netconsole kernel module caused the Linux kernel to hang when
slave interfaces of bonded network interfaces were started, resulting
in a system hang or kernel panic when restarting the network.

* the '/proc/xen/' directory existed even if systems were not running
Red Hat Virtualization. This may have caused problems for third-party
software that checks virtualization-ability based on the existence of
'/proc/xen/'. Note: this update will remove the '/proc/xen/' directory
on systems not running Red Hat Virtualization.

All Red Hat Enterprise Linux 4 users should upgrade to these updated
packages, which contain backported patches to resolve these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2008-3275.html
https://www.redhat.com/security/data/cve/CVE-2008-4933.html
https://www.redhat.com/security/data/cve/CVE-2008-4934.html
https://www.redhat.com/security/data/cve/CVE-2008-5025.html
https://www.redhat.com/security/data/cve/CVE-2008-5029.html
https://www.redhat.com/security/data/cve/CVE-2008-5300.html
https://www.redhat.com/security/data/cve/CVE-2008-5702.html
http://rhn.redhat.com/errata/RHSA-2009-0014.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 35381 ()

Bugtraq ID: 30647

CVE ID: CVE-2008-3275
CVE-2008-4933
CVE-2008-4934
CVE-2008-5025
CVE-2008-5029
CVE-2008-5300
CVE-2008-5702