RHEL 6 : MRG (RHSA-2014:0100)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated kernel-rt packages that fix multiple security issues and
several bugs are now available for Red Hat Enterprise MRG 2.4.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel's TCP/IP protocol suite
implementation handled sending of certain UDP packets over sockets
that used the UDP_CORK option when the UDP Fragmentation Offload (UFO)
feature was enabled on the output device. A local, unprivileged user
could use this flaw to cause a denial of service or, potentially,
escalate their privileges on the system. (CVE-2013-4470, Important)

* A flaw was found in the way the perf_trace_event_perm() function in
the Linux kernel checked permissions for the function tracer
functionality. An unprivileged local user could use this flaw to
enable function tracing and cause a denial of service on the system.
(CVE-2013-2930, Moderate)

* A flaw was found in the way the net_ctl_permissions() function in
the Linux kernel checked access permissions. A local, unprivileged
user could potentially use this flaw to access certain files in
/proc/sys/net regardless of the underlying file system permissions.
(CVE-2013-4270, Moderate)

* A flaw was found in the way the Linux kernel's Adaptec RAID
controller (aacraid) checked permissions of compat IOCTLs. A local
attacker could use this flaw to bypass intended security restrictions.
(CVE-2013-6383, Moderate)

* A flaw was found in the way the get_dumpable() function return value
was interpreted in the ptrace subsystem of the Linux kernel. When
'fs.suid_dumpable' was set to 2, a local, unprivileged local user
could use this flaw to bypass intended ptrace restrictions and obtain
potentially sensitive information. (CVE-2013-2929, Low)

* An invalid pointer dereference flaw was found in the Marvell 8xxx
Libertas WLAN (libertas) driver in the Linux kernel. A local user able
to write to a file that is provided by the libertas driver and located
on the debug file system (debugfs) could use this flaw to crash the
system. Note: The debugfs file system must be mounted locally to
exploit this issue. It is not mounted by default. (CVE-2013-6378, Low)

* A NULL pointer dereference flaw was found in the Linux kernel's IPv6
source address-based routing implementation. A local attacker who has
the CAP_NET_ADMIN capability could use this flaw to crash the system.
(CVE-2013-6431, Low)

Red Hat would like to thank Hannes Frederic Sowa for reporting
CVE-2013-4470. The CVE-2013-4270 issue was discovered by Miroslav
Vadkerti of Red Hat.

This update also fixes multiple bugs. Documentation for these changes
will be available shortly from the Technical Notes document linked to
in the References section.

Users should upgrade to these updated packages, which upgrade the
kernel-rt kernel to version kernel-rt-3.8.13-rt27, correct these
issues, and fix the bugs noted in the Red Hat Enterprise MRG 2
Technical Notes. The system must be rebooted for this update to take
effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2013-2929.html
https://www.redhat.com/security/data/cve/CVE-2013-2930.html
https://www.redhat.com/security/data/cve/CVE-2013-4270.html
https://www.redhat.com/security/data/cve/CVE-2013-4470.html
https://www.redhat.com/security/data/cve/CVE-2013-6378.html
https://www.redhat.com/security/data/cve/CVE-2013-6383.html
https://www.redhat.com/security/data/cve/CVE-2013-6431.html
http://www.nessus.org/u?ae491241
http://rhn.redhat.com/errata/RHSA-2014-0100.html
http://www.nessus.org/u?687515f3

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 76672 ()

Bugtraq ID: 63359
63886
63888
64111
64137
64318
64471

CVE ID: CVE-2013-2929
CVE-2013-2930
CVE-2013-4270
CVE-2013-4470
CVE-2013-6378
CVE-2013-6383
CVE-2013-6431

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now