How to Buy
This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
CVE-2007-5966 kernel: non-root can trigger cpu_idle soft lockup
CVE-2009-1385 kernel: e1000_clean_rx_irq() denial of service
CVE-2009-1388 kernel: do_coredump() vs ptrace_start() deadlock
CVE-2009-1389 kernel: r8169: fix crash when large packets are received
CVE-2009-1895 kernel: personality: fix PER_CLEAR_ON_SETID
CVE-2009-2406 kernel: ecryptfs stack overflow in parse_tag_11_packet()
CVE-2009-2407 kernel: ecryptfs heap overflow in parse_tag_3_packet()
Security fixes :
- the possibility of a timeout value overflow was found in
the Linux kernel high-resolution timers functionality,
hrtimers. This could allow a local, unprivileged user to
execute arbitrary code, or cause a denial of service
(kernel panic). (CVE-2007-5966, Important)
- a flaw was found in the Intel PRO/1000 network driver in
the Linux kernel. Frames with sizes near the MTU of an
interface may be split across multiple hardware receive
descriptors. Receipt of such a frame could leak through
a validation check, leading to a corruption of the
length check. A remote attacker could use this flaw to
send a specially crafted packet that would cause a
denial of service or code execution. (CVE-2009-1385,
- Michael Tokarev reported a flaw in the Realtek r8169
Ethernet driver in the Linux kernel. This driver allowed
interfaces using this driver to receive frames larger
than could be handled, which could lead to a remote
denial of service or code execution. (CVE-2009-1389,
- the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not
cleared when a setuid or setgid program was executed. A
local, unprivileged user could use this flaw to bypass
the mmap_min_addr protection mechanism and perform a
NULL pointer dereference attack, or bypass the Address
Space Layout Randomization (ASLR) security feature.
- Ramon de Carvalho Valle reported two flaws in the Linux
kernel eCryptfs implementation. A local attacker with
permissions to perform an eCryptfs mount could modify
the metadata of the files in that eCrypfts mount to
cause a buffer overflow, leading to a denial of service
or privilege escalation. (CVE-2009-2406, CVE-2009-2407,
- Konstantin Khlebnikov discovered a race condition in the
ptrace implementation in the Linux kernel. This race
condition can occur when the process tracing and the
process being traced participate in a core dump. A
local, unprivileged user could use this flaw to trigger
a deadlock, resulting in a partial denial of service.
Bug fixes :
- possible host (dom0) crash when installing a Xen
para-virtualized guest while another para-virtualized
guest was rebooting. (BZ#497812)
- no audit record for a directory removal if the directory
and its subtree were recursively watched by an audit
- running 'echo 1 > /proc/sys/vm/drop_caches' on systems
under high memory load could cause a kernel panic.
- on 32-bit systems, core dumps for some multithreaded
applications did not include all thread information.
- a stack buffer used by get_event_name() was not large
enough for the nul terminator sprintf() writes. This
could lead to an invalid pointer or kernel panic.
- when using the aic94xx driver, a system with SATA drives
may not boot due to a bug in libsas. (BZ#506029)
- incorrect stylus button handling when moving it away
then returning it to the tablet for Wacom Cintiq 21UX
and Intuos tablets. (BZ#508275)
- CPU 'soft lockup' messages and possibly a system hang on
systems with certain Broadcom network devices and
running the Linux kernel from the kernel-xen package.
- on 64-bit PowerPC, getitimer() failed for programs using
the ITIMER_REAL timer and that were also compiled for
64-bit systems (this caused such programs to abort).
- write operations could be blocked even when using
- the 'pci=nomsi' option was required for installing and
booting Red Hat Enterprise Linux 5.2 on systems with VIA
VT3364 chipsets. (BZ#507529)
- shutting down, destroying, or migrating Xen guests with
large amounts of memory could cause other guests to be
temporarily unresponsive. (BZ#512311)
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.8
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60634 ()
CVE ID: CVE-2007-5966CVE-2009-1385CVE-2009-1388CVE-2009-1389CVE-2009-1895CVE-2009-2406CVE-2009-2407
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.