Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2007)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

Description of changes:

* CVE-2012-0879: Denial of service in CLONE_IO.

CLONE_IO reference counting error could be exploited by an
unprivileged local user to cause denial of service.

* CVE-2012-1097: NULL pointer dereference in the ptrace subsystem.

Under certain circumstances, ptrace-ing a process could lead to a NULL
pointer dereference and kernel panic.

* CVE-2012-1090: Denial of service in the CIFS filesystem reference

Under certain circumstances, the CIFS filesystem would open a file on
lookup. If the file was determined later to be a FIFO or any other
special file the file handle would be leaked, leading to reference
counting mismatch and a kernel OOPS on unmount.

An unprivileged local user could use this flaw to crash the system.


- regset: Return -EFAULT, not -EIO, on host-side memory fault (H. Peter
- regset: Prevent NULL pointer reference on readonly regsets (H. Peter
- cifs: fix dentry refcount leak when opening a FIFO on lookup (Jeff Layton)
- block: Fix io_context leak after failure of clone with CLONE_IO (Louis
Rilling) CVE-2012-0879

See also :

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

High / CVSS Base Score : 7.2

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 68670 ()

Bugtraq ID:

CVE ID: CVE-2012-0879