RHEL 6 : kernel (RHSA-2013:1783)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated kernel packages that fix three security issues and several
bugs are now available for Red Hat Enterprise Linux 6.3 Extended
Update Support.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A race condition was found in the way asynchronous I/O and
fallocate() interacted when using the ext4 file system. A local,
unprivileged user could use this flaw to expose random data from an
extent whose data blocks have not yet been written, and thus contain
data from a deleted file. (CVE-2012-4508, Important)

* An information leak flaw was found in the way the Linux kernel's
device mapper subsystem, under certain conditions, interpreted data
written to snapshot block devices. An attacker could use this flaw to
read data from disk blocks in free space, which are normally
inaccessible. (CVE-2013-4299, Moderate)

* A format string flaw was found in the Linux kernel's block layer. A
privileged, local user could potentially use this flaw to escalate
their privileges to kernel level (ring0). (CVE-2013-2851, Low)

Red Hat would like to thank Theodore Ts'o for reporting CVE-2012-4508,
Fujitsu for reporting CVE-2013-4299, and Kees Cook for reporting
CVE-2013-2851. Upstream acknowledges Dmitry Monakhov as the original
reporter of CVE-2012-4508.

This update also fixes several bugs. Documentation for these changes
will be available shortly from the Technical Notes document linked to
in the References section.

All kernel users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. The system
must be rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-4508.html
https://www.redhat.com/security/data/cve/CVE-2013-2851.html
https://www.redhat.com/security/data/cve/CVE-2013-4299.html
http://www.nessus.org/u?64c6b598
http://rhn.redhat.com/errata/RHSA-2013-1783.html
http://www.nessus.org/u?c6b506c4

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 5.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 78983 ()

Bugtraq ID: 56238
60409
63183

CVE ID: CVE-2012-4508
CVE-2013-2851
CVE-2013-4299

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now