Amazon Linux AMI : kernel (ALAS-2013-166)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

It was found that a deadlock could occur in the Out of Memory (OOM)
killer. A process could trigger this deadlock by consuming a large
amount of memory, and then causing request_module() to be called. A
local, unprivileged user could use this flaw to cause a denial of
service (excessive memory consumption). (CVE-2012-4398)

A flaw was found in the way the KVM (Kernel-based Virtual Machine)
subsystem handled guests attempting to run with the X86_CR4_OSXSAVE
CPU feature flag set. On hosts without the XSAVE CPU feature, a local,
unprivileged user could use this flaw to crash the host system. (The
'grep --color xsave /proc/cpuinfo' command can be used to verify if
your system has the XSAVE CPU feature.) (CVE-2012-4461)

A memory disclosure flaw was found in the way the load_script()
function in the binfmt_script binary format handler handled excessive
recursions. A local, unprivileged user could use this flaw to leak
kernel stack memory to user-space by executing specially crafted
scripts. (CVE-2012-4530)

A race condition was found in the way the Linux kernel's ptrace
implementation handled PTRACE_SETREGS requests when the debuggee was
woken due to a SIGKILL signal instead of being stopped. A local,
unprivileged user could use this flaw to escalate their privileges.
(CVE-2013-0871)

See also :

http://www.nessus.org/u?a19bd707

Solution :

Run 'yum update kernel' to update your system. You will need to reboot
your system in order for the new kernel to be running.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69725 ()

Bugtraq ID:

CVE ID: CVE-2012-4398
CVE-2012-4461
CVE-2012-4530
CVE-2013-0871