This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
A flaw was found in the handling of process death signals. This
allowed a local user to send arbitrary signals to the suid-process
executed by that user. A successful exploitation of this flaw depends
on the structure of the suid-program and its signal handling.
A flaw was found in the IPv4 forwarding base. This allowed a local
user to cause a denial of service. (CVE-2007-2172, Important)
A flaw was found where a corrupted executable file could cause
cross-region memory mappings on Itanium systems. This allowed a local
user to cause a denial of service. (CVE-2006-4538, Moderate)
A flaw was found in the stack expansion when using the hugetlb kernel
on PowerPC systems. This allowed a local user to cause a denial of
service. (CVE-2007-3739, Moderate)
A flaw was found in the aacraid SCSI driver. This allowed a local user
to make ioctl calls to the driver that should be restricted to
privileged users. (CVE-2007-4308, Moderate)
As well, these updated packages fix the following bug :
- a bug in the TCP header prediction code may have caused
'TCP: Treason uncloaked!' messages to be logged. In
certain situations this may have lead to TCP connections
hanging or aborting.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.9
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60321 ()
CVE ID: CVE-2006-4538CVE-2007-2172CVE-2007-3739CVE-2007-3848CVE-2007-4308
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.