Scientific Linux Security Update : kexec-tools on SL7.x x86_64 (20150512)

low Nessus Plugin ID 83452

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

It was found that the module-setup.sh script provided by kexec-tools created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files. (CVE-2015-0267)

This update also fixes the following bug :

- On Atomic Host systems, the kdump tool previously saved kernel crash dumps in the /sysroot/crash file instead of the /var/crash file. The parsing error that caused this problem has been fixed, and the kernel crash dumps are now correctly saved in /var/crash.

In addition, this update adds the following enhancement :

- The makedumpfile command now supports the new sadump format that can represent more than 16 TB of physical memory space. This allows users of makedumpfile to read dump files over 16 TB, generated by sadump on certain upcoming server models.

Solution

Update the affected kexec-tools, kexec-tools-debuginfo and / or kexec-tools-eppic packages.

See Also

http://www.nessus.org/u?e4175a0f

Plugin Details

Severity: Low

ID: 83452

File Name: sl_20150512_kexec_tools_on_SL7_x.nasl

Version: 2.5

Type: local

Agent: unix

Published: 5/14/2015

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:fermilab:scientific_linux:kexec-tools, p-cpe:/a:fermilab:scientific_linux:kexec-tools-debuginfo, p-cpe:/a:fermilab:scientific_linux:kexec-tools-eppic, x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 5/12/2015

Vulnerability Publication Date: 5/19/2015

Reference Information

CVE: CVE-2015-0267