Amazon Linux AMI : kernel / nvidia (ALAS-2013-148)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

A malicious Network File System version 4 (NFSv4) server could return
a crafted reply to a GETACL request, causing a denial of service on
the client. (CVE-2012-2375 , Moderate)

A divide-by-zero flaw was found in the TCP Illinois congestion control
algorithm implementation in the Linux kernel. If the TCP Illinois
congestion control algorithm were in use (the sysctl
net.ipv4.tcp_congestion_control variable set to 'illinois'), a local,
unprivileged user could trigger this flaw and cause a denial of
service. (CVE-2012-4565 , Moderate)

A NULL pointer dereference flaw was found in the way a new node's hot
added memory was propagated to other nodes' zonelists. By utilizing
this newly added memory from one of the remaining nodes, a local,
unprivileged user could use this flaw to cause a denial of service.
(CVE-2012-5517 , Moderate)

It was found that a prevoius kernel release did not correctly fix the
CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system
code. A local, unprivileged user with the ability to mount an ext4
file system could use this flaw to cause a denial of service.
(CVE-2012-2100 , Low)

A flaw was found in the way the Linux kernel's IPv6 implementation
handled overlapping, fragmented IPv6 packets. A remote attacker could
potentially use this flaw to bypass protection mechanisms (such as a
firewall or intrusion detection system (IDS)) when sending network
packets to a target system. (CVE-2012-4444 , Low)

See also :

http://www.nessus.org/u?6c52dc62

Solution :

Run 'yum update kernel nvidia' to update your system. You will need to
reboot your system in order for the new kernel to be running.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69707 ()

Bugtraq ID:

CVE ID: CVE-2012-2100
CVE-2012-2375
CVE-2012-4444
CVE-2012-4565
CVE-2012-5517