RHEL 6 : MRG (RHSA-2014:0557)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated kernel-rt packages that fix multiple security issues are now
available for Red Hat Enterprise MRG 2.5.

The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

* A race condition leading to a use-after-free flaw was
found in the way the Linux kernel's TCP/IP protocol
suite implementation handled the addition of fragments
to the LRU (Last-Recently Used) list under certain
conditions. A remote attacker could use this flaw to
crash the system or, potentially, escalate their
privileges on the system by sending a large amount of
specially crafted fragmented packets to that system.
(CVE-2014-0100, Important)

* A race condition flaw, leading to heap-based buffer
overflows, was found in the way the Linux kernel's N_TTY
line discipline (LDISC) implementation handled
concurrent processing of echo output and TTY write
operations originating from user space when the
underlying TTY driver was PTY. An unprivileged, local
user could use this flaw to crash the system or,
potentially, escalate their privileges on the system.
(CVE-2014-0196, Important)

* A flaw was found in the way the Linux kernel's floppy
driver handled user space provided data in certain error
code paths while processing FDRAWCMD IOCTL commands. A
local user with write access to /dev/fdX could use this
flaw to free (using the kfree() function) arbitrary
kernel memory. (CVE-2014-1737, Important)

* It was found that the Linux kernel's floppy driver
leaked internal kernel memory addresses to user space
during the processing of the FDRAWCMD IOCTL command. A
local user with write access to /dev/fdX could use this
flaw to obtain information about the kernel heap
arrangement. (CVE-2014-1738, Low)

Note: A local user with write access to /dev/fdX could use these two
flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate
their privileges on the system.

* A use-after-free flaw was found in the way the
ping_init_sock() function of the Linux kernel handled
the group_info reference counter. A local, unprivileged
user could use this flaw to crash the system or,
potentially, escalate their privileges on the system.
(CVE-2014-2851, Important)

* It was found that a remote attacker could use a race
condition flaw in the ath_tx_aggr_sleep() function to
crash the system by creating large network traffic on
the system's Atheros 9k wireless network adapter.
(CVE-2014-2672, Moderate)

* A NULL pointer dereference flaw was found in the
rds_iw_laddr_check() function in the Linux kernel's
implementation of Reliable Datagram Sockets (RDS). A
local, unprivileged user could use this flaw to crash
the system. (CVE-2014-2678, Moderate)

* A race condition flaw was found in the way the Linux
kernel's mac80211 subsystem implementation handled
synchronization between TX and STA wake-up code paths.
A remote attacker could use this flaw to crash the
system. (CVE-2014-2706, Moderate)

* It was found that the try_to_unmap_cluster() function in
the Linux kernel's Memory Managment subsystem did not
properly handle page locking in certain cases, which
could potentially trigger the BUG_ON() macro in the
mlock_vma_page() function. A local, unprivileged user
could use this flaw to crash the system. (CVE-2014-3122,
Moderate)

Users are advised to upgrade to these updated packages, which upgrade
the kernel-rt kernel to version kernel-rt-3.10.33-rt32.34 and correct
these issues. The system must be rebooted for this update to take
effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-0100.html
https://www.redhat.com/security/data/cve/CVE-2014-0196.html
https://www.redhat.com/security/data/cve/CVE-2014-1737.html
https://www.redhat.com/security/data/cve/CVE-2014-1738.html
https://www.redhat.com/security/data/cve/CVE-2014-2672.html
https://www.redhat.com/security/data/cve/CVE-2014-2678.html
https://www.redhat.com/security/data/cve/CVE-2014-2706.html
https://www.redhat.com/security/data/cve/CVE-2014-2851.html
https://www.redhat.com/security/data/cve/CVE-2014-3122.html
http://rhn.redhat.com/errata/RHSA-2014-0557.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now