Oracle Linux 5 : kernel (ELSA-2016-2124) (Dirty COW)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote Oracle Linux host is missing one or more security updates.

Description :

From Red Hat Security Advisory 2016:2124 :

An update for kernel is now available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es) :

* A race condition was found in the way the Linux kernel's memory
subsystem handled the copy-on-write (COW) breakage of private
read-only memory mappings. An unprivileged, local user could use this
flaw to gain write access to otherwise read-only memory mappings and
thus increase their privileges on the system. (CVE-2016-5195,
Important)

* It was found that stacking a file system over procfs in the Linux
kernel could lead to a kernel stack overflow due to deep nesting, as
demonstrated by mounting ecryptfs over procfs and creating a recursion
by mapping /proc/environ. An unprivileged, local user could
potentially use this flaw to escalate their privileges on the system.
(CVE-2016-1583, Important)

Red Hat would like to thank Phil Oester for reporting CVE-2016-5195.

Bug Fix(es) :

* In some cases, a kernel crash or file system corruption occurred
when running journal mode 'ordered'. The kernel crash was caused by a
NULL pointer dereference due to a race condition between two journal
functions. The file system corruption occurred due to a race condition
between the do_get_write_access() function and buffer writeout. This
update fixes both race conditions. As a result, neither the kernel
crash, nor the file system corruption now occur. (BZ#1067708)

* Prior to this update, some Global File System 2 (GFS2) files had
incorrect time stamp values due to two problems with handling time
stamps of such files. The first problem concerned the atime time
stamp, which ended up with an arbitrary value ahead of the actual
value, when a GFS2 file was accessed. The second problem was related
to the mtime and ctime time stamp updates, which got lost when a GFS2
file was written to from one node and read from or written to from
another node. With this update, a set of patches has been applied that
fix these problems. As a result, the time stamps of GFS2 files are now
handled correctly. (BZ#1374861)

See also :

https://oss.oracle.com/pipermail/el-errata/2016-October/006447.html

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:F/RL:ND/RC:ND)
Public Exploit Available : true

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 94429 ()

Bugtraq ID:

CVE ID: CVE-2016-1583
CVE-2016-5195

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now