Scientific Linux Security Update : kernel on SL6.x i386/x86_64

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

This update fixes the following security issues :

- Missing sanity checks in the Intel i915 driver in the
Linux kernel could allow a local, unprivileged user to
escalate their privileges. (CVE-2010-2962, Important)

- compat_alloc_user_space() in the Linux kernel 32/64-bit
compatibility layer implementation was missing sanity
checks. This function could be abused in other areas of
the Linux kernel if its length argument can be
controlled from user-space. On 64-bit systems, a local,
unprivileged user could use this flaw to escalate their
privileges. (CVE-2010-3081, Important)

- A buffer overflow flaw in niu_get_ethtool_tcam_all() in
the niu Ethernet driver in the Linux kernel, could allow
a local user to cause a denial of service or escalate
their privileges. (CVE-2010-3084, Important)

- A flaw in the IA32 system call emulation provided in
64-bit Linux kernels could allow a local user to
escalate their privileges. (CVE-2010-3301, Important)

- A flaw in sctp_packet_config() in the Linux kernel's
Stream Control Transmission Protocol (SCTP)
implementation could allow a remote attacker to cause a
denial of service. (CVE-2010-3432, Important)

- A missing integer overflow check in snd_ctl_new() in the
Linux kernel's sound subsystem could allow a local,
unprivileged user on a 32-bit system to cause a denial
of service or escalate their privileges. (CVE-2010-3442,
Important)

- A flaw was found in sctp_auth_asoc_get_hmac() in the
Linux kernel's SCTP implementation. When iterating
through the hmac_ids array, it did not reset the last id
element if it was out of range. This could allow a
remote attacker to cause a denial of service.
(CVE-2010-3705, Important)

- A function in the Linux kernel's Reliable Datagram
Sockets (RDS) protocol implementation was missing sanity
checks, which could allow a local, unprivileged user to
escalate their privileges. (CVE-2010-3904, Important)

- A flaw in drm_ioctl() in the Linux kernel's Direct
Rendering Manager (DRM) implementation could allow a
local, unprivileged user to cause an information leak.
(CVE-2010-2803, Moderate)

- It was found that wireless drivers might not always
clear allocated buffers when handling a driver-specific
IOCTL information request. A local user could trigger
this flaw to cause an information leak. (CVE-2010-2955,
Moderate)

- A NULL pointer dereference flaw in ftrace_regex_lseek()
in the Linux kernel's ftrace implementation could allow
a local, unprivileged user to cause a denial of service.
Note: The debugfs file system must be mounted locally to
exploit this issue. It is not mounted by default.
(CVE-2010-3079, Moderate)

- A flaw in the Linux kernel's packet writing driver could
be triggered via the PKT_CTRL_CMD_STATUS IOCTL request,
possibly allowing a local, unprivileged user with access
to '/dev/pktcdvd/control' to cause an information leak.
Note: By default, only users in the cdrom group have
access to '/dev/pktcdvd/control'. (CVE-2010-3437,
Moderate)

- A flaw was found in the way KVM (Kernel-based Virtual
Machine) handled the reloading of fs and gs segment
registers when they had invalid selectors. A privileged
host user with access to '/dev/kvm' could use this flaw
to crash the host. (CVE-2010-3698, Moderate)

This update also fixes several bugs.

The system must be rebooted for this update to take effect.

See also :

http://www.nessus.org/u?5fa9df38

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 8.3
(CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true