Scientific Linux Security Update : kernel on SL4.x i386/x86_64

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

CVE-2009-3889 CVE-2009-3939 kernel: megaraid_sas permissions in sysfs

CVE-2009-3080 kernel: gdth: Prevent negative offsets in ioctl

CVE-2009-4005 kernel: isdn: hfc_usb: fix read buffer overflow

CVE-2009-4020 kernel: hfs buffer overflow

This update fixes the following security issues :

- an array index error was found in the gdth driver in the
Linux kernel. A local user could send a specially
crafted IOCTL request that would cause a denial of
service or, possibly, privilege escalation.
(CVE-2009-3080, Important)

- a flaw was found in the collect_rx_frame() function in
the HiSax ISDN driver (hfc_usb) in the Linux kernel. An
attacker could use this flaw to send a specially crafted
HDLC packet that could trigger a buffer out of bounds,
possibly resulting in a denial of service.
(CVE-2009-4005, Important)

- permission issues were found in the megaraid_sas driver
(for SAS based RAID controllers) in the Linux kernel.
The 'dbg_lvl' and 'poll_mode_io' files on the sysfs file
system ('/sys/') had world-writable permissions. This
could allow local, unprivileged users to change the
behavior of the driver. (CVE-2009-3889, CVE-2009-3939,
Moderate)

- a buffer overflow flaw was found in the hfs_bnode_read()
function in the HFS file system implementation in the
Linux kernel. This could lead to a denial of service if
a user browsed a specially crafted HFS file system, for
example, by running 'ls'. (CVE-2009-4020, Low)

This update also fixes the following bugs :

- if a process was using ptrace() to trace a
multi-threaded process, and that multi-threaded process
dumped its core, the process performing the trace could
hang in wait4(). This issue could be triggered by
running 'strace -f' on a multi-threaded process that was
dumping its core, resulting in the strace command
hanging. (BZ#555869)

- a bug in the ptrace() implementation could have, in some
cases, caused ptrace_detach() to create a zombie process
if the process being traced was terminated with a
SIGKILL signal. (BZ#555869)

- the kernel-2.6.9-89.0.19.EL update resolved an issue
(CVE-2009-4537) in the Realtek r8169 Ethernet driver.
This update implements a better solution for that issue.
Note: This is not a security regression. The original
fix was complete. This update is adding the official
upstream fix. (BZ#556406)

The system must be rebooted for this update to take effect.

See also :

http://www.nessus.org/u?9fafa8aa
https://bugzilla.redhat.com/show_bug.cgi?id=555869
https://bugzilla.redhat.com/show_bug.cgi?id=556406

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60728 ()

Bugtraq ID:

CVE ID: CVE-2009-3080
CVE-2009-3889
CVE-2009-3939
CVE-2009-4005
CVE-2009-4020
CVE-2009-4537