RHEL 6 : kernel-rt (RHSA-2017:1647) (Stack Clash)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

An update for kernel-rt is now available for Red Hat Enterprise MRG 2.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The kernel-rt packages provide the Real Time Linux Kernel, which
enables fine-tuning for systems with extremely high determinism
requirements.

Security Fix(es) :

* A flaw was found in the way memory was being allocated on the stack
for user space binaries. If heap (or different memory region) and
stack memory regions were adjacent to each other, an attacker could
use this flaw to jump over the stack guard gap, cause controlled
memory corruption on process stack or the adjacent memory region, and
thus increase their privileges on the system. This is a kernel-side
mitigation which increases the stack guard gap size from one page to 1
MiB to make successful exploitation of this issue more difficult.
(CVE-2017-1000364, Important)

* The NFS2/3 RPC client could send long arguments to the NFS server.
These encoded arguments are stored in an array of memory pages, and
accessed using pointer variables. Arbitrarily long arguments could
make these pointers point outside the array and cause an out-of-bounds
memory access. A remote user or program could use this flaw to crash
the kernel, resulting in denial of service. (CVE-2017-7645, Important)

* The NFSv2 and NFSv3 server implementations in the Linux kernel
through 4.10.13 lacked certain checks for the end of a buffer. A
remote attacker could trigger a pointer-arithmetic error or possibly
cause other unspecified impacts using crafted requests related to
fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)

* A flaw was found in the Linux kernel's handling of packets with the
URG flag. Applications using the splice() and tcp_splice_read()
functionality could allow a remote attacker to force the kernel to
enter a condition in which it could loop indefinitely. (CVE-2017-6214,
Moderate)

Red Hat would like to thank Qualys Research Labs for reporting
CVE-2017-1000364 and Ari Kauppi for reporting CVE-2017-7895.

Bug Fix(es) :

* kernel-rt packages have been upgraded to the 3.10.0-514 source tree,
which provides a number of bug fixes over the previous version.
(BZ#1452745)

See also :

https://www.redhat.com/security/data/cve/CVE-2017-1000364.html
https://www.redhat.com/security/data/cve/CVE-2017-6214.html
https://www.redhat.com/security/data/cve/CVE-2017-7645.html
https://www.redhat.com/security/data/cve/CVE-2017-7895.html
http://rhn.redhat.com/errata/RHSA-2017-1647.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 101103 ()

Bugtraq ID:

CVE ID: CVE-2017-1000364
CVE-2017-6214
CVE-2017-7645
CVE-2017-7895

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now