Detections
Analytics

MiracleLinux 3 : kernel-2.6.18-274.6.AXS3 (AXSA:2012-251:02)

high Nessus Plugin ID 284288

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-251:02 advisory.

 The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.
 Security issues fixes with this release:
 CVE-2011-1020 The proc filesystem implementation in the Linux kernel 2.6.37 and earlier does not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allows local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.
 CVE-2011-4077 Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.
 CVE-2011-4132 The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an invalid log first block value.
 CVE-2011-4325 The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service (NULL pointer dereference and O_DIRECT oops), as demonstrated using diotest4 from LTP.
 CVE-2011-4330 Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field.
 CVE-2011-3637 CVE-2011-4324 CVE-2011-4348 CVE-2011-3638 CVE-2011-4086 CVE-2011-4127 CVE-2012-0028 CVE-2012-0207 No description available at the time of writing, please refer to the CVE links below.
 Fixed bugs:
 - If an SCSI scan was initiated on a host in recovery mode, the scan failed without any error output; this has been fixed and the SCSI layer now waits for the host to recover before starting scan operations.
 - Because SG_IO ioctls were not previously implemented correctly, sending an SG_IO ioctl request to a virtio-blk disk caused the sending thread to enter an uninterruptible sleep state. SG_IO ioctls are now rejected by the virtio-blk driver: the ioctl system call will simply return an ENOTTY (Inappropriate ioctl for device) error and the thread will continue normally.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/2743

Plugin Details

Severity: High

ID: 284288

File Name: miracle_linux_AXSA-2012-251.nasl

Version: 1.1

Type: local

Published: 1/14/2026

Updated: 1/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2012-0028

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2012-0207

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:kernel-devel, p-cpe:/a:miracle:linux:kernel, p-cpe:/a:miracle:linux:kernel-headers, cpe:/o:miracle:linux:3, p-cpe:/a:miracle:linux:kernel-pae, p-cpe:/a:miracle:linux:kernel-xen, p-cpe:/a:miracle:linux:kernel-pae-devel, p-cpe:/a:miracle:linux:kernel-xen-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/6/2012

Vulnerability Publication Date: 2/25/2011

Exploitable With

Core Impact

Reference Information

CVE: CVE-2011-1020, CVE-2011-3637, CVE-2011-3638, CVE-2011-4077, CVE-2011-4086, CVE-2011-4127, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2011-4330, CVE-2011-4348, CVE-2012-0028, CVE-2012-0207