Scientific Linux Security Update : kernel on SL6.x i386/x86_64

High Nessus Plugin ID 60893

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

This update fixes the following security issues :

- Missing sanity checks in the Intel i915 driver in the Linux kernel could allow a local, unprivileged user to escalate their privileges. (CVE-2010-2962, Important)

- compat_alloc_user_space() in the Linux kernel 32/64-bit compatibility layer implementation was missing sanity checks. This function could be abused in other areas of the Linux kernel if its length argument can be controlled from user-space. On 64-bit systems, a local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-3081, Important)

- A buffer overflow flaw in niu_get_ethtool_tcam_all() in the niu Ethernet driver in the Linux kernel, could allow a local user to cause a denial of service or escalate their privileges. (CVE-2010-3084, Important)

- A flaw in the IA32 system call emulation provided in 64-bit Linux kernels could allow a local user to escalate their privileges. (CVE-2010-3301, Important)

- A flaw in sctp_packet_config() in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service. (CVE-2010-3432, Important)

- A missing integer overflow check in snd_ctl_new() in the Linux kernel's sound subsystem could allow a local, unprivileged user on a 32-bit system to cause a denial of service or escalate their privileges. (CVE-2010-3442, Important)

- A flaw was found in sctp_auth_asoc_get_hmac() in the Linux kernel's SCTP implementation. When iterating through the hmac_ids array, it did not reset the last id element if it was out of range. This could allow a remote attacker to cause a denial of service.
(CVE-2010-3705, Important)

- A function in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation was missing sanity checks, which could allow a local, unprivileged user to escalate their privileges. (CVE-2010-3904, Important)

- A flaw in drm_ioctl() in the Linux kernel's Direct Rendering Manager (DRM) implementation could allow a local, unprivileged user to cause an information leak.
(CVE-2010-2803, Moderate)

- It was found that wireless drivers might not always clear allocated buffers when handling a driver-specific IOCTL information request. A local user could trigger this flaw to cause an information leak. (CVE-2010-2955, Moderate)

- A NULL pointer dereference flaw in ftrace_regex_lseek() in the Linux kernel's ftrace implementation could allow a local, unprivileged user to cause a denial of service.
Note: The debugfs file system must be mounted locally to exploit this issue. It is not mounted by default.
(CVE-2010-3079, Moderate)

- A flaw in the Linux kernel's packet writing driver could be triggered via the PKT_CTRL_CMD_STATUS IOCTL request, possibly allowing a local, unprivileged user with access to '/dev/pktcdvd/control' to cause an information leak.
Note: By default, only users in the cdrom group have access to '/dev/pktcdvd/control'. (CVE-2010-3437, Moderate)

- A flaw was found in the way KVM (Kernel-based Virtual Machine) handled the reloading of fs and gs segment registers when they had invalid selectors. A privileged host user with access to '/dev/kvm' could use this flaw to crash the host. (CVE-2010-3698, Moderate)

This update also fixes several bugs.

The system must be rebooted for this update to take effect.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?0e931e2a

Plugin Details

Severity: High

ID: 60893

File Name: sl_20101110_kernel_on_SL6_x.nasl

Version: 1.12

Type: local

Agent: unix

Published: 2012/08/01

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 8.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/11/10

Vulnerability Publication Date: 2010/09/08

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Reliable Datagram Sockets (RDS) Privilege Escalation)

Reference Information

CVE: CVE-2010-2803, CVE-2010-2955, CVE-2010-2962, CVE-2010-3079, CVE-2010-3081, CVE-2010-3084, CVE-2010-3301, CVE-2010-3432, CVE-2010-3437, CVE-2010-3442, CVE-2010-3698, CVE-2010-3705, CVE-2010-3904