This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
- It was found that the Xen hypervisor did not always lock
'page_alloc_lock' and 'grant_table.lock' in the same
order. This could potentially lead to a deadlock. A
malicious guest administrator could use this flaw to
cause a denial of service on the host. (CVE-2013-4494,
This update also fixes the following bugs :
- A recent patch to the CIFS code that introduced the
NTLMSSP (NT LAN Manager Security Support Provider)
authentication mechanism caused a regression in CIFS
behavior. As a result of the regression, an encryption
key that is returned during the SMB negotiation protocol
response was only used for the first session that was
created on the SMB client. Any subsequent mounts to the
same server did not use the encryption key returned by
the initial negotiation with the server. As a
consequence, it was impossible to mount multiple SMB
shares with different credentials to the same server. A
patch has been applied to correct this problem so that
an encryption key or a server challenge is now provided
for every SMB session during the SMB negotiation
- The igb driver previously used a 16-bit mask when
writing values of the flow control high-water mark to
hardware registers on a network device. Consequently,
the values were truncated on some network devices,
disrupting the flow control. A patch has been applied to
the igb driver so that it now uses a 32-bit mask as
- The IPMI driver did not properly handle kernel panic
messages. Consequently, when a kernel panic occurred on
a system that was utilizing IPMI without Kdump being set
up, a second kernel panic could be triggered. A patch
has been applied to the IPMI driver to fix this problem,
and a message handler now properly waits for a response
to panic event messages.
The system must be rebooted for this update to take effect.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.2
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 72210 ()
CVE ID: CVE-2013-4494
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.