This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
This update fixes the following security issues :
- multiple flaws were found in the mmap and mremap
implementations. A local user could use these flaws to
cause a local denial of service or escalate their
privileges. (CVE-2010-0291, Important)
- a NULL pointer dereference flaw was found in the Fast
Userspace Mutexes (futexes) implementation. The unlock
code path did not check if the futex value associated
with pi_state->owner had been modified. A local user
could use this flaw to modify the futex value, possibly
leading to a denial of service or privilege escalation
when the pi_state->owner pointer is dereferenced.
- a NULL pointer dereference flaw was found in the Linux
kernel Network File System (NFS) implementation. A local
user on a system that has an NFS-mounted file system
could use this flaw to cause a denial of service or
escalate their privileges on that system.
- a flaw was found in the sctp_process_unk_param()
function in the Linux kernel Stream Control Transmission
Protocol (SCTP) implementation. A remote attacker could
send a specially crafted SCTP packet to an SCTP
listening port on a target system, causing a kernel
panic (denial of service). (CVE-2010-1173, Important)
- a flaw was found in the Linux kernel Transparent
Inter-Process Communication protocol (TIPC)
implementation. If a client application, on a local
system where the tipc module is not yet in network mode,
attempted to send a message to a remote TIPC node, it
would dereference a NULL pointer on the local system,
causing a kernel panic (denial of service).
- a buffer overflow flaw was found in the Linux kernel
Global File System 2 (GFS2) implementation. In certain
cases, a quota could be written past the end of a memory
page, causing memory corruption, leaving the quota
stored on disk in an invalid state. A user with write
access to a GFS2 file system could trigger this flaw to
cause a kernel crash (denial of service) or escalate
their privileges on the GFS2 server. This issue can only
be triggered if the GFS2 file system is mounted with the
'quota=on' or 'quota=account' mount option.
- a race condition between finding a keyring by name and
destroying a freed keyring was found in the Linux kernel
key management facility. A local user could use this
flaw to cause a kernel panic (denial of service) or
escalate their privileges. (CVE-2010-1437, Important)
- a flaw was found in the link_path_walk() function in the
Linux kernel. Using the file descriptor returned by the
open() function with the O_NOFOLLOW flag on a
subordinate NFS-mounted file system, could result in a
NULL pointer dereference, causing a denial of service or
privilege escalation. (CVE-2010-1088, Moderate)
- a missing permission check was found in the
gfs2_set_flags() function in the Linux kernel GFS2
implementation. A local user could use this flaw to
change certain file attributes of files, on a GFS2 file
system, that they do not own. (CVE-2010-1641, Low)
Red Hat would like to thank Jukka Taimisto and Olli Jarva of
Codenomicon Ltd, Nokia Siemens Networks, and Wind River on behalf of
their customer, for responsibly reporting CVE-2010-1173
Mikocevic for responsibly reporting CVE-2010-1436
and Dan Rosenberg
for responsibly reporting CVE-2010-1641.
This update also fixes several bugs.
The system must be rebooted for this update to take effect.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 7.8