Scientific Linux Security Update : kernel on SL5.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

These new kernel packages contain fixes for the following security
issues :

- A flaw was found in the backported stack unwinder fixes
in Red Hat Enterprise Linux 5. On AMD64 and Intel 64
platforms, a local user could trigger this flaw and
cause a denial of service. (CVE-2007-4574, Important)

- A flaw was found in the handling of process death
signals. This allowed a local user to send arbitrary
signals to the suid-process executed by that user. A
successful exploitation of this flaw depends on the
structure of the suid-program and its signal handling.
(CVE-2007-3848, Important)

- A flaw was found in the Distributed Lock Manager (DLM)
in the cluster manager. This allowed a remote user who
is able to connect to the DLM port to cause a denial of
service. (CVE-2007-3380, Important)

- A flaw was found in the aacraid SCSI driver. This
allowed a local user to make ioctl calls to the driver
which should otherwise be restricted to privileged
users. (CVE-2007-4308, Moderate)

- A flaw was found in the prio_tree handling of the
hugetlb support that allowed a local user to cause a
denial of service. This only affected kernels with
hugetlb support. (CVE-2007-4133, Moderate)

- A flaw was found in the eHCA driver on PowerPC
architectures that allowed a local user to access 60k of
physical address space. This address space could contain
sensitive information. (CVE-2007-3850, Moderate)

- A flaw was found in ptrace support that allowed a local
user to cause a denial of service via a NULL pointer
dereference. (CVE-2007-3731, Moderate)

- A flaw was found in the usblcd driver that allowed a
local user to cause a denial of service by writing data
to the device node. To exploit this issue, write access
to the device node was needed. (CVE-2007-3513, Moderate)

- A flaw was found in the random number generator
implementation that allowed a local user to cause a
denial of service or possibly gain privileges. If the
root user raised the default wakeup threshold over the
size of the output pool, this flaw could be exploited.
(CVE-2007-3105, Low)

In addition to the security issues described above, several bug fixes
preventing possible system crashes and data corruption were also
included.

See also :

http://www.nessus.org/u?a23cf847

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60272 ()

Bugtraq ID:

CVE ID: CVE-2007-3105
CVE-2007-3380
CVE-2007-3513
CVE-2007-3731
CVE-2007-3848
CVE-2007-3850
CVE-2007-4133
CVE-2007-4308
CVE-2007-4574