This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote Oracle Linux host is missing one or more security updates.
Description of changes:
* CVE-2012-1090: Denial of service in the CIFS filesystem reference
Under certain circumstances, the CIFS filesystem would open a file on
lookup. If the file was determined later to be a FIFO or any other
special file the file handle would be leaked, leading to reference
counting mismatch and a kernel OOPS on unmount.
An unprivileged local user could use this flaw to crash the system.
* CVE-2012-1097: NULL pointer dereference in the ptrace subsystem.
Under certain circumstances, ptrace-ing a process could lead to a NULL
pointer dereference and kernel panic.
- regset: Return -EFAULT, not -EIO, on host-side memory fault (H. Peter
- regset: Prevent NULL pointer reference on readonly regsets (H. Peter
- cifs: fix dentry refcount leak when opening a FIFO on lookup (Jeff Layton)
See also :
Update the affected unbreakable enterprise kernel packages.
Risk factor :
High / CVSS Base Score : 7.2