Oracle Linux 4 : kernel (ELSA-2009-1211)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

From Red Hat Security Advisory 2009:1211 :

Updated kernel packages that fix several security issues and several
bugs are now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

These updated packages fix the following security issues :

* Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver
in the Linux kernel. This driver allowed interfaces using this driver
to receive frames larger than what could be handled. This could lead
to a remote denial of service or code execution. (CVE-2009-1389,
Important)

* a buffer overflow flaw was found in the CIFSTCon() function of the
Linux kernel Common Internet File System (CIFS) implementation. When
mounting a CIFS share, a malicious server could send an overly-long
string to the client, possibly leading to a denial of service or
privilege escalation on the client mounting the CIFS share.
(CVE-2009-1439, Important)

* several flaws were found in the way the Linux kernel CIFS
implementation handles Unicode strings. CIFS clients convert Unicode
strings sent by a server to their local character sets, and then write
those strings into memory. If a malicious server sent a long enough
string, it could write past the end of the target memory region and
corrupt other memory areas, possibly leading to a denial of service or
privilege escalation on the client mounting the CIFS share.
(CVE-2009-1633, Important)

These updated packages also fix the following bugs :

* when using network bonding in the 'balance-tlb' or 'balance-alb'
mode, the primary setting for the primary slave device was lost when
said device was brought down (ifdown). Bringing the slave interface
back up (ifup) did not restore the primary setting (the device was not
made the active slave). (BZ#507563)

* a bug in timer_interrupt() may have caused the system time to move
up to two days or more into the future, or to be delayed for several
minutes. This bug only affected Intel 64 and AMD64 systems that have
the High Precision Event Timer (HPET) enabled in the BIOS, and could
have caused problems for applications that require timing to be
accurate. (BZ#508835)

* a race condition was resolved in the Linux kernel block layer
between show_partition() and rescan_partitions(). This could have
caused a NULL pointer dereference in show_partition(), leading to a
system crash (kernel panic). This issue was most likely to occur on
systems running monitoring software that regularly scanned hard disk
partitions, or from repeatedly running commands that probe for
partition information. (BZ#512310)

* previously, the Stratus memory tracker missed certain modified
pages. With this update, information about the type of page (small
page or huge page) is passed to the Stratus memory tracker, which
resolves this issue. The fix for this issue does not affect systems
that do not use memory tracking. (BZ#513182)

* a bug may have caused a system crash when using the cciss driver,
due to an uninitialized kernel structure. A reported case of this
issue occurred after issuing consecutive SCSI TUR commands (sg_turs
sends SCSI test-unit-ready commands in a loop). (BZ#513189)

* a bug in the SCSI implementation caused 'Aborted Command - internal
target failure' errors to be sent to Device-Mapper Multipath, without
retries, resulting in Device-Mapper Multipath marking the path as
failed and making a path group switch. With this update, all errors
that return a sense key in the SCSI mid layer (including 'Aborted
Command - internal target failure') are retried. (BZ#514007)

Users should upgrade to these updated packages, which contain
backported patches to correct these issues. The system must be
rebooted for this update to take effect.

See also :

https://oss.oracle.com/pipermail/el-errata/2009-August/001118.html

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 67911 ()

Bugtraq ID: 35281

CVE ID: CVE-2009-1389
CVE-2009-1439
CVE-2009-1633