This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
This update fixes the following security issues :
- multiple flaws were found in the mmap and mremap
implementations. A local user could use these flaws to
cause a local denial of service or escalate their
privileges. (CVE-2010-0291, Important)
- a NULL pointer dereference flaw was found in the Fast
Userspace Mutexes (futexes) implementation. The unlock
code path did not check if the futex value associated
with pi_state->owner had been modified. A local user
could use this flaw to modify the futex value, possibly
leading to a denial of service or privilege escalation
when the pi_state->owner pointer is dereferenced.
- a NULL pointer dereference flaw was found in the Linux
kernel Network File System (NFS) implementation. A local
user on a system that has an NFS-mounted file system
could use this flaw to cause a denial of service or
escalate their privileges on that system.
- a flaw was found in the sctp_process_unk_param()
function in the Linux kernel Stream Control Transmission
Protocol (SCTP) implementation. A remote attacker could
send a specially crafted SCTP packet to an SCTP
listening port on a target system, causing a kernel
panic (denial of service). (CVE-2010-1173, Important)
- a flaw was found in the Linux kernel Transparent
Inter-Process Communication protocol (TIPC)
implementation. If a client application, on a local
system where the tipc module is not yet in network mode,
attempted to send a message to a remote TIPC node, it
would dereference a NULL pointer on the local system,
causing a kernel panic (denial of service).
- a buffer overflow flaw was found in the Linux kernel
Global File System 2 (GFS2) implementation. In certain
cases, a quota could be written past the end of a memory
page, causing memory corruption, leaving the quota
stored on disk in an invalid state. A user with write
access to a GFS2 file system could trigger this flaw to
cause a kernel crash (denial of service) or escalate
their privileges on the GFS2 server. This issue can only
be triggered if the GFS2 file system is mounted with the
'quota=on' or 'quota=account' mount option.
- a race condition between finding a keyring by name and
destroying a freed keyring was found in the Linux kernel
key management facility. A local user could use this
flaw to cause a kernel panic (denial of service) or
escalate their privileges. (CVE-2010-1437, Important)
- a flaw was found in the link_path_walk() function in the
Linux kernel. Using the file descriptor returned by the
open() function with the O_NOFOLLOW flag on a
subordinate NFS-mounted file system, could result in a
NULL pointer dereference, causing a denial of service or
privilege escalation. (CVE-2010-1088, Moderate)
- a missing permission check was found in the
gfs2_set_flags() function in the Linux kernel GFS2
implementation. A local user could use this flaw to
change certain file attributes of files, on a GFS2 file
system, that they do not own. (CVE-2010-1641, Low)
Red Hat would like to thank Jukka Taimisto and Olli Jarva of
Codenomicon Ltd, Nokia Siemens Networks, and Wind River on behalf of
their customer, for responsibly reporting CVE-2010-1173
Mikocevic for responsibly reporting CVE-2010-1436
and Dan Rosenberg
for responsibly reporting CVE-2010-1641.
This update also fixes several bugs.
The system must be rebooted for this update to take effect.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.8
Public Exploit Available : true
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60810 ()
CVE ID: CVE-2010-0291CVE-2010-0622CVE-2010-1087CVE-2010-1088CVE-2010-1173CVE-2010-1187CVE-2010-1436CVE-2010-1437CVE-2010-1641
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.