Detections
Analytics

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

high Nessus Plugin ID 60488

Language:

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

- the Xen implementation did not prevent applications running in a para-virtualized guest from modifying CR4 TSC. This could cause a local denial of service.
 (CVE-2007-5907, Important)

 - Tavis Ormandy reported missing boundary checks in the Virtual Dynamic Shared Objects (vDSO) implementation.
 This could allow a local unprivileged user to cause a denial of service or escalate privileges.
 (CVE-2008-3527, Important)

 - the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local unprivileged user to obtain access to privileged information. (CVE-2008-4210, CVE-2008-3833, Important)

 - a flaw was found in the Linux kernel splice implementation. This could cause a local denial of service when there is a certain failure in the add_to_page_cache_lru() function. (CVE-2008-4302, Important)

 - a flaw was found in the Linux kernel when running on AMD64 systems. During a context switch, EFLAGS were being neither saved nor restored. This could allow a local unprivileged user to cause a denial of service.
 (CVE-2006-5755, Low)

 - a flaw was found in the Linux kernel virtual memory implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2008-2372, Low)

 - an integer overflow was discovered in the Linux kernel Datagram Congestion Control Protocol (DCCP) implementation. This could allow a remote attacker to cause a denial of service. By default, remote DCCP is blocked by SELinux. (CVE-2008-3276, Low)

In addition, these updated packages fix the following bugs :

 - random32() seeding has been improved.

 - in a multi-core environment, a race between the QP async event-handler and the destro_qp() function could occur.
 This led to unpredictable results during invalid memory access, which could lead to a kernel crash.

 - a format string was omitted in the call to the request_module() function.

 - a stack overflow caused by an infinite recursion bug in the binfmt_misc kernel module was corrected.

 - the ata_scsi_rbuf_get() and ata_scsi_rbuf_put() functions now check for scatterlist usage before calling kmap_atomic().

 - a sentinel NUL byte was added to the device_write() function to ensure that lspace.name is NUL-terminated.

 - in the character device driver, a range_is_allowed() check was added to the read_mem() and write_mem() functions. It was possible for an illegitimate application to bypass these checks, and access /dev/mem beyond the 1M limit by calling mmap_mem() instead. Also, the parameters of range_is_allowed() were changed to cleanly handle greater than 32-bits of physical address on 32-bit architectures.

 - some of the newer Nehalem-based systems declare their CPU DSDT entries as type 'Alias'. During boot, this caused an 'Error attaching device data' message to be logged.

 - the evtchn event channel device lacked locks and memory barriers. This has led to xenstore becoming unresponsive on the Itanium® architecture.

 - sending of gratuitous ARP packets in the Xen frontend network driver is now delayed until the backend signals that its carrier status has been processed by the stack.

 - on forcedeth devices, whenever setting ethtool parameters for link speed, the device could stop receiving interrupts.

 - the CIFS 'forcedirectio' option did not allow text to be appended to files.

 - the gettimeofday() function returned a backwards time on Intel® 64.

 - residual-count corrections during UNDERRUN handling were added to the qla2xxx driver.

 - the fix for a small quirk was removed for certain Adaptec controllers for which it caused problems.

 - the 'xm trigger init' command caused a domain panic if a userland application was running on a guest on the Intel® 64 architecture.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?fddd7885

Plugin Details

Severity: High

ID: 60488

File Name: sl_20081104_kernel_on_SL5_x.nasl

Version: 1.8

Type: local

Agent: unix

Published: 8/1/2012

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.6

CVSS v2

Risk Factor: High

Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/4/2008

Vulnerability Publication Date: 12/31/2006

Reference Information

CVE: CVE-2006-5755, CVE-2007-5907, CVE-2008-2372, CVE-2008-3276, CVE-2008-3527, CVE-2008-3833, CVE-2008-4210, CVE-2008-4302

CWE: 189, 20, 264, 399