Detections
Analytics
MiracleLinux 3 : kernel-2.6.18-371.4.AXS3 (AXSA:2014-487:02)
high Nessus Plugin ID 291499
Synopsis
The remote MiracleLinux host is missing one or more security updates.Description
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2014-487:02 advisory.The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.
Security issues fixed with this release:
CVE-2013-7339 The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.
CVE-2014-1737 The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.
CVE-2014-1738 The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device.
Fixed bugs:
* Previously, the kernel was unable to detect KVM on system boot if the Hyper-V emulation was enabled. and fixed it.
* Previously, when accessing files in NFS mounts, a process with the same UID and GID as the original process but with a non-matching group list could have been granted an unauthorized access to a file, or under certain circumstances, the process could have been wrongly prevented from accessing the file. and fixed it.
* Previously, the FUTEX_WAIT operation did not work as intended and the system call was timing out immediately. whit this update, fixed it.
* Due to a programming error, the kernel could print this warning message when a process was setting rlimits for a different process, or if rlimits were modified by nother than the main thread even though there was no incompatible third party module. With this update, fixed it.
* Due to a bug in the lpfc driver, some Fibre Channel storage devices can send a logout (LOGO) message to the host system, when being under heavy load. with this update, corrects the lpfc driver.
Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 291499
File Name: miracle_linux_AXSA-2014-487.nasl
Version: 1.1
Type: local
Published: 1/19/2026
Updated: 1/19/2026
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
Vendor
Vendor Severity: High
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2014-1737
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:miracle:linux:kernel-xen, p-cpe:/a:miracle:linux:kernel-pae-devel, p-cpe:/a:miracle:linux:kernel-xen-devel, p-cpe:/a:miracle:linux:kernel-pae, p-cpe:/a:miracle:linux:kernel, p-cpe:/a:miracle:linux:kernel-headers, p-cpe:/a:miracle:linux:kernel-devel, cpe:/o:miracle:linux:3
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/11/2014
Vulnerability Publication Date: 3/20/2014