RHEL 5 : kernel (RHSA-2010:0723)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated kernel packages that fix multiple security issues and several
bugs are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues :

* A buffer overflow flaw was found in the ecryptfs_uid_hash() function
in the Linux kernel eCryptfs implementation. On systems that have the
eCryptfs netlink transport (Red Hat Enterprise Linux 5 does) or where
the '/dev/ecryptfs' file has world-writable permissions (which it does
not, by default, on Red Hat Enterprise Linux 5), a local, unprivileged
user could use this flaw to cause a denial of service or possibly
escalate their privileges. (CVE-2010-2492, Important)

* A miscalculation of the size of the free space of the initial
directory entry in a directory leaf block was found in the Linux
kernel Global File System 2 (GFS2) implementation. A local,
unprivileged user with write access to a GFS2-mounted file system
could perform a rename operation on that file system to trigger a NULL
pointer dereference, possibly resulting in a denial of service or
privilege escalation. (CVE-2010-2798, Important)

* A flaw was found in the Xen hypervisor implementation when running a
system that has an Intel CPU without Extended Page Tables (EPT)
support. While attempting to dump information about a crashing
fully-virtualized guest, the flaw could cause the hypervisor to crash
the host as well. A user with permissions to configure a
fully-virtualized guest system could use this flaw to crash the host.
(CVE-2010-2938, Moderate)

* Information leak flaws were found in the Linux kernel's Traffic
Control Unit implementation. A local attacker could use these flaws to
cause the kernel to leak kernel memory to user-space, possibly leading
to the disclosure of sensitive information. (CVE-2010-2942, Moderate)

* A flaw was found in the Linux kernel's XFS file system
implementation. The file handle lookup could return an invalid inode
as valid. If an XFS file system was mounted via NFS (Network File
System), a local attacker could access stale data or overwrite
existing data that reused the inodes. (CVE-2010-2943, Moderate)

* An integer overflow flaw was found in the extent range checking code
in the Linux kernel's ext4 file system implementation. A local,
unprivileged user with write access to an ext4-mounted file system
could trigger this flaw by writing to a file at a very large file
offset, resulting in a local denial of service. (CVE-2010-3015,
Moderate)

* An information leak flaw was found in the Linux kernel's USB
implementation. Certain USB errors could result in an uninitialized
kernel buffer being sent to user-space. An attacker with physical
access to a target system could use this flaw to cause an information
leak. (CVE-2010-1083, Low)

Red Hat would like to thank Andre Osterhues for reporting
CVE-2010-2492
Grant Diffey of CenITex for reporting CVE-2010-2798

Toshiyuki Okajima for reporting CVE-2010-3015
and Marcus Meissner for
reporting CVE-2010-1083.

This update also fixes several bugs. Documentation for these bug fixes
will be available shortly from the Technical Notes document linked to
in the References.

Users should upgrade to these updated packages, which contain
backported patches to correct these issues. The system must be
rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2010-1083.html
https://www.redhat.com/security/data/cve/CVE-2010-2492.html
https://www.redhat.com/security/data/cve/CVE-2010-2798.html
https://www.redhat.com/security/data/cve/CVE-2010-2938.html
https://www.redhat.com/security/data/cve/CVE-2010-2942.html
https://www.redhat.com/security/data/cve/CVE-2010-2943.html
https://www.redhat.com/security/data/cve/CVE-2010-3015.html
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/
http://rhn.redhat.com/errata/RHSA-2010-0723.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.9
(CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:N)
CVSS Temporal Score : 6.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 49746 ()

Bugtraq ID: 39042
42124
42237
42477
42527
42529

CVE ID: CVE-2010-1083
CVE-2010-2492
CVE-2010-2798
CVE-2010-2938
CVE-2010-2942
CVE-2010-2943
CVE-2010-3015