Amazon Linux AMI : kernel Multiple Vulnerabilities (ALAS-2011-16)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

Package updates are available for Amazon Linux AMI that fix the
following vulnerabilities :

A malicious CIFS (Common Internet File System) server could send a
specially-crafted response to a directory read request that would
result in a denial of service or privilege escalation on a system that
has a CIFS share mounted.

IPv4 and IPv6 protocol sequence number and fragment ID generation
could allow a man-in-the-middle attacker to inject packets and
possibly hijack connections. Protocol sequence number and fragment IDs
are now more random.

A flaw was found in the way the Linux kernel's Performance Events
implementation handled PERF_COUNT_SW_CPU_CLOCK counter overflow. A
local, unprivileged user could use this flaw to cause a denial of
service.

A flaw in skb_gro_header_slow() in the Linux kernel could lead to GRO
(Generic Receive Offload) fields being left in an inconsistent state.
An attacker on the local network could use this flaw to trigger a
denial of service. GRO is enabled by default in all network drivers
that support it.

GRO (Generic Receive Offload) fields could be left in an inconsistent
state. An attacker on the local network could use this flaw to cause a
denial of service. GRO is enabled by default in all network drivers
that support it.

A race condition flaw was found in the Linux kernel's eCryptfs
implementation. A local attacker could use the mount.ecryptfs_private
utility to mount (and then access) a directory they would otherwise
not have access to. Note: To correct this issue, the RHSA-2011:1241
ecryptfs-utils update, which provides the user-space part of the fix,
must also be installed.

A local attacker could use mount.ecryptfs_private to mount (and then
access) a directory they would otherwise not have access to. Note: To
correct this issue, the RHSA-2011:1241 ecryptfs-utils update must also
be installed.

A race condition flaw was found in the way mount.ecryptfs_private
checked the permissions of the directory to mount. A local attacker
could use this flaw to mount (and then access) a directory they would
otherwise not have access to. Note: The fix for this issue is
incomplete until a kernel-space change is made. Future Red Hat
Enterprise Linux 5 and 6 kernel updates will correct this issue.

See also :

https://admin.fedoraproject.org/updates/kernel-2.6.35.14-97.fc14
http://www.nessus.org/u?7175576a

Solution :

Run 'yum upgrade kernel' to upgrade your system.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69575 ()

Bugtraq ID:

CVE ID: CVE-2011-1833
CVE-2011-2723
CVE-2011-2918
CVE-2011-3188
CVE-2011-3191