This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
This update fixes the following security issues :
- A flaw was found in the way the xen_iret() function in
the Linux kernel used the DS (the CPU's Data Segment)
register. A local, unprivileged user in a 32-bit,
para-virtualized Xen hypervisor guest could use this
flaw to crash the guest or, potentially, escalate their
privileges. (CVE-2013-0228, Important)
- A flaw was found in the way file permission checks for
the '/dev/cpu/[x]/msr' files were performed in
restricted root environments (for example, when using a
capability-based security model). A local user with the
ability to write to these files could use this flaw to
escalate their privileges to kernel level, for example,
by writing to the SYSENTER_EIP_MSR register.
The system must be rebooted for this update to take effect.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.2
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 65564 ()
CVE ID: CVE-2013-0228CVE-2013-0268
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.