Scientific Linux Security Update : kernel on SL6.x i386/x86_64

Critical Nessus Plugin ID 61179

Synopsis

The remote Scientific Linux host is missing one or more security
updates.

Description

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues :

- IPv6 fragment identification value generation could
allow a remote attacker to disrupt a target system's
networking, preventing legitimate users from accessing
its services. (CVE-2011-2699, Important)

- A signedness issue was found in the Linux kernel's CIFS
(Common Internet File System) implementation. A
malicious CIFS server could send a specially crafted
response to a directory read request that would result
in a denial of service or privilege escalation on a
system that has a CIFS share mounted. (CVE-2011-3191,
Important)

- A flaw was found in the way the Linux kernel handled
fragmented IPv6 UDP datagrams over the bridge with UDP
Fragmentation Offload (UFO) functionality on. A remote
attacker could use this flaw to cause a denial of
service. (CVE-2011-4326, Important)

- The way IPv4 and IPv6 protocol sequence numbers and
fragment IDs were generated could allow a
man-in-the-middle attacker to inject packets and
possibly hijack connections. Protocol sequence numbers
and fragment IDs are now more random. (CVE-2011-3188,
Moderate)

- A buffer overflow flaw was found in the Linux kernel's
FUSE (Filesystem in Userspace) implementation. A local
user in the fuse group who has access to mount a FUSE
file system could use this flaw to cause a denial of
service. (CVE-2011-3353, Moderate)

- A flaw was found in the b43 driver in the Linux kernel.
If a system had an active wireless interface that uses
the b43 driver, an attacker able to send a specially
crafted frame to that interface could cause a denial of
service. (CVE-2011-3359, Moderate)

- A flaw was found in the way CIFS shares with DFS
referrals at their root were handled. An attacker on the
local network who is able to deploy a malicious CIFS
server could create a CIFS network share that, when
mounted, would cause the client system to crash.
(CVE-2011-3363, Moderate)

- A flaw was found in the way the Linux kernel handled
VLAN 0 frames with the priority tag set. When using
certain network drivers, an attacker on the local
network could use this flaw to cause a denial of
service. (CVE-2011-3593, Moderate)

- A flaw in the way memory containing security-related
data was handled in tpm_read() could allow a local,
unprivileged user to read the results of a previously
run TPM command. (CVE-2011-1162, Low)

- A heap overflow flaw was found in the Linux kernel's EFI
GUID Partition Table (GPT) implementation. A local
attacker could use this flaw to cause a denial of
service by mounting a disk that contains specially
crafted partition tables. (CVE-2011-1577, Low)

- The I/O statistics from the taskstats subsystem could be
read without any restrictions. A local, unprivileged
user could use this flaw to gather confidential
information, such as the length of a password used in a
process. (CVE-2011-2494, Low)

- It was found that the perf tool, a part of the Linux
kernel's Performance Events implementation, could load
its configuration file from the current working
directory. If a local user with access to the perf tool
were tricked into running perf in a directory that
contains a specially crafted configuration file, it
could cause perf to overwrite arbitrary files and
directories accessible to that user. (CVE-2011-2905,
Low)

This update also fixes various bugs.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?1ddb338c

Plugin Details

Severity: Critical

ID: 61179

File Name: sl_20111122_kernel_on_SL6_x.nasl

Version: 1.3

Type: local

Agent: unix

Published: 2012/08/01

Modified: 2018/12/31

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Patch Publication Date: 2011/11/22

Reference Information

CVE: CVE-2011-1162, CVE-2011-1577, CVE-2011-2494, CVE-2011-2699, CVE-2011-2905, CVE-2011-3188, CVE-2011-3191, CVE-2011-3353, CVE-2011-3359, CVE-2011-3363, CVE-2011-3593, CVE-2011-4326