Scientific Linux Security Update : kernel on SL6.x i386/x86_64

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

Security Fix(es) :

- It was found that reporting emulation failures to user
space could lead to either a local (CVE-2014-7842) or a
L2->L1 (CVE-2010-5313) denial of service. In the case of
a local denial of service, an attacker must have access
to the MMIO area or be able to access an I/O port.
Please note that on certain systems, HPET is mapped to
userspace as part of vdso (vvar) and thus an
unprivileged user may generate MMIO transactions (and
enter the emulator) this way. (CVE-2010-5313,
CVE-2014-7842, Moderate)

- It was found that the Linux kernel did not properly
account file descriptors passed over the unix socket
against the process limit. A local user could use this
flaw to exhaust all available memory on the system.
(CVE-2013-4312, Moderate)

- A buffer overflow flaw was found in the way the Linux
kernel's virtio- net subsystem handled certain fraglists
when the GRO (Generic Receive Offload) functionality was
enabled in a bridged network configuration. An attacker
on the local network could potentially use this flaw to
crash the system, or, although unlikely, elevate their
privileges on the system. (CVE-2015-5156, Moderate)

- It was found that the Linux kernel's IPv6 network stack
did not properly validate the value of the MTU variable
when it was set. A remote attacker could potentially use
this flaw to disrupt a target system's networking
(packet loss) by setting an invalid MTU value, for
example, via a NetworkManager daemon that is processing
router advertisement packets running on the target
system. (CVE-2015-8215, Moderate)

- A NULL pointer dereference flaw was found in the way the
Linux kernel's network subsystem handled socket creation
with an invalid protocol identifier. A local user could
use this flaw to crash the system. (CVE-2015-8543,
Moderate)

- It was found that the espfix functionality does not work
for 32-bit KVM paravirtualized guests. A local,
unprivileged guest user could potentially use this flaw
to leak kernel stack addresses. (CVE-2014-8134, Low)

- A flaw was found in the way the Linux kernel's ext4 file
system driver handled non-journal file systems with an
orphan list. An attacker with physical access to the
system could use this flaw to crash the system or,
although unlikely, escalate their privileges on the
system. (CVE-2015-7509, Low)

- A NULL pointer dereference flaw was found in the way the
Linux kernel's ext4 file system driver handled certain
corrupted file system images. An attacker with physical
access to the system could use this flaw to crash the
system. (CVE-2015-8324, Low)

Notes :

- Problems have been reported with this kernel and
VirtualBox. More info is available in the notes for the
VirtualBox ticket here: <a
href='https://www.virtualbox.org/ticket/14866'
target='_blank'>https://www.virtualbox.org/ticket/14866<
/a>

See also :

http://www.nessus.org/u?76283b05

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 91643 ()

Bugtraq ID:

CVE ID: CVE-2010-5313
CVE-2013-4312
CVE-2014-7842
CVE-2014-8134
CVE-2015-5156
CVE-2015-7509
CVE-2015-8215
CVE-2015-8324
CVE-2015-8543

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now