This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
These updated kernel packages fix the following security issues :
A flaw was found in the virtual filesystem (VFS). A local unprivileged
user could truncate directories to which they had write permission
this could render the contents of the directory inaccessible.
A flaw was found in the implementation of ptrace. A local unprivileged
user could trigger this flaw and possibly cause a denial of service
(system hang). (CVE-2007-5500, Important)
A flaw was found in the way the Red Hat Enterprise Linux 4 kernel
handled page faults when a CPU used the NUMA method for accessing
memory on Itanium architectures. A local unprivileged user could
trigger this flaw and cause a denial of service (system panic).
A possible NULL pointer dereference was found in the chrp_show_cpuinfo
function when using the PowerPC architecture. This may have allowed a
local unprivileged user to cause a denial of service (crash).
A flaw was found in the way core dump files were created. If a local
user can get a root-owned process to dump a core file into a
directory, which the user has write access to, they could gain read
access to that core file. This could potentially grant unauthorized
access to sensitive information. (CVE-2007-6206, Moderate)
Two buffer overflow flaws were found in the Linux kernel ISDN
subsystem. A local unprivileged user could use these flaws to cause a
denial of service. (CVE-2007-6063, CVE-2007-6151, Moderate)
As well, these updated packages fix the following bug :
- when moving volumes that contain multiple segments, and
a mirror segment is not the first in the mapping table,
running the 'pvmove /dev/[device] /dev/[device]' command
caused a kernel panic. A 'kernel: Unable to handle
kernel paging request at virtual address [address]'
error was logged by syslog.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.8
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60354 ()
CVE ID: CVE-2007-4130CVE-2007-5500CVE-2007-6063CVE-2007-6151CVE-2007-6206CVE-2007-6694CVE-2008-0001
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.