How to Buy
This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
- a flaw was found in the Linux kernel's Direct-IO
implementation. This could have allowed a local
unprivileged user to cause a denial of service.
- when running ptrace in 31-bit mode on an IBM S/390 or
IBM System z kernel, a local unprivileged user could
cause a denial of service by reading from or writing
into a padding area in the user_regs_struct32 structure.
- the do_truncate() and generic_file_splice_write()
functions did not clear the setuid and setgid bits. This
could have allowed a local unprivileged user to obtain
access to privileged information. (CVE-2008-4210,
- Tobias Klein reported a missing check in the Linux
kernel's Open Sound System (OSS) implementation. This
deficiency could have led to an information leak.
- a potential denial of service attack was discovered in
the Linux kernel's PWC USB video driver. A local
unprivileged user could have used this flaw to bring the
kernel USB subsystem into the busy-waiting state.
- the ext2 and ext3 file systems code failed to properly
handle corrupted data structures, leading to a possible
local denial of service issue when read or write
operations were performed. (CVE-2008-3528, Low)
In addition, these updated packages fix the following bugs :
- when using the CIFS 'forcedirectio' option, appending to
an open file on a CIFS share resulted in that file being
overwritten with the data to be appended.
- a kernel panic occurred when a device with PCI ID
8086:10c8 was present on a system with a loaded ixgbe
- due to an aacraid driver regression, the kernel failed
to boot when trying to load the aacraid driver and
printed the following error message: 'aac_srb:
aac_fib_send failed with status: 8195'.
- due to an mpt driver regression, when RAID 1 was
configured on Primergy systems with an LSI SCSI IME
53C1020/1030 controller, the kernel panicked during
- the mpt driver produced a large number of extraneous
debugging messages when performing a 'Host reset'
- due to a regression in the sym driver, the kernel
panicked when a SCSI hot swap was performed using MCP18
- all cores on a multi-core system now scale their
frequencies in accordance with the policy set by the
system's CPU frequency governor.
- the netdump subsystem suffered from several stability
issues. These are addressed in this updated kernel.
- under certain conditions, the ext3 file system reported
a negative count of used blocks.
- reading /proc/self/mem incorrectly returned 'Invalid
argument' instead of 'input/output error' due to a
- under certain conditions, the kernel panicked when a USB
device was removed while the system was busy accessing
- a race condition in the kernel could have led to a
kernel crash during the creation of a new process.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.6
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60497 ()
CVE ID: CVE-2007-5093CVE-2007-6716CVE-2008-1514CVE-2008-3272CVE-2008-3528CVE-2008-4210
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.