Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2008)

This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.

Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

Description of changes:

* CVE-2012-1090: Denial of service in the CIFS filesystem reference

Under certain circumstances, the CIFS filesystem would open a file on
lookup. If the file was determined later to be a FIFO or any other
special file the file handle would be leaked, leading to reference
counting mismatch and a kernel OOPS on unmount.

An unprivileged local user could use this flaw to crash the system.

* CVE-2012-1097: NULL pointer dereference in the ptrace subsystem.

Under certain circumstances, ptrace-ing a process could lead to a NULL
pointer dereference and kernel panic.


- regset: Return -EFAULT, not -EIO, on host-side memory fault (H. Peter
- regset: Prevent NULL pointer reference on readonly regsets (H. Peter
- cifs: fix dentry refcount leak when opening a FIFO on lookup (Jeff Layton)

See also :

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

High / CVSS Base Score : 7.2

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 68671 ()

Bugtraq ID:

CVE ID: CVE-2012-1090