Detections
Analytics

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

high Nessus Plugin ID 60181

Language:

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

These new kernel packages contain fixes for the following security issues :

 - a flaw in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers (CVE-2007-2242, Important).

 - a flaw in the nfnetlink_log netfilter module that allowed a local user to cause a denial of service (CVE-2007-1496, Important).

 - a flaw in the flow list of listening IPv6 sockets that allowed a local user to cause a denial of service (CVE-2007-1592, Important).

 - a flaw in the handling of netlink messages that allowed a local user to cause a denial of service (infinite recursion) (CVE-2007-1861, Important).

 - a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access (CVE-2007-2172, Important).

 - a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote users to bypass certain netfilter rules using IPv6 fragments (CVE-2007-1497, Moderate).

In addition to the security issues described above, fixes for the following have been included :

 - a regression in ipv6 routing.

 - an error in memory initialization that caused gdb to output inaccurate backtraces on ia64.

 - the nmi watchdog timeout was updated from 5 to 30 seconds.

 - a flaw in distributed lock management that could result in errors during virtual machine migration.

 - an omitted include in kernel-headers that led to compile failures for some packages.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?3253b4d8

Plugin Details

Severity: High

ID: 60181

File Name: sl_20070516_kernel_on_SL5_x.nasl

Version: 1.6

Type: local

Agent: unix

Published: 8/1/2012

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 5/16/2007

Reference Information

CVE: CVE-2007-1496, CVE-2007-1497, CVE-2007-1592, CVE-2007-1861, CVE-2007-2172, CVE-2007-2242

CWE: 119, 20, 399