Scientific Linux Security Update : kernel on SL7.x x86_64 (BlueBorne)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Security Fix(es) :

- A stack-based buffer overflow flaw was found in the way
the Bluetooth subsystem of the Linux kernel processed
pending L2CAP configuration responses from a client. On
systems with the stack protection feature enabled in the
kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on
all architectures other than s390x and ppc64[le]), an
unauthenticated attacker able to initiate a connection
to a system via Bluetooth could use this flaw to crash
the system. Due to the nature of the stack protection
feature, code execution cannot be fully ruled out,
although we believe it is unlikely. On systems without
the stack protection feature (ppc64[le]; the Bluetooth
modules are not built on s390x), an unauthenticated
attacker able to initiate a connection to a system via
Bluetooth could use this flaw to remotely execute
arbitrary code on the system with ring 0 (kernel)
privileges. (CVE-2017-1000251, Important)

See also :

http://www.nessus.org/u?0584310f

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 8.3
(CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 103175 ()

Bugtraq ID:

CVE ID: CVE-2017-1000251

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now