Scientific Linux Security Update : openafs on SL5.x SL6.x i386/x86_64 (20130304)

medium Nessus Plugin ID 65021

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

By carefully crafting an ACL entry an attacker may overflow fixed length buffers within the OpenAFS fileserver, crashing the fileserver, and potentially permitting the execution of arbitrary code. To perform the exploit, the attacker must already have permissions to create ACLs on the fileserver in question. Once such an ACL is present on a fileserver, client utilities such as 'fs' which manipulate ACLs, may be crashed when they attempt to read or modify the ACL.(CVE-2013-1794)

The ptserver accepts a list of unbounded size from the IdToName RPC.
The length of this list is then used to determine the size of a number of other internal data structures. If the length is sufficiently large then we may hit an integer overflow when calculating the size to pass to malloc, and allocate data structures of insufficient length, allowing heap memory to be overwritten. This may allow an unauthenticated attacker to crash an OpenAFS ptserver. (CVE-2013-1795)

Scientific Linux 5 users must also update to at least kernel-2.6.18-308.20.1.el5 to receive a compatible kernel module.

Scientific Linux 6 users must also update to at least kernel-2.6.32-279.el6 to avoid issues with system stability. Any 32-bit SL6 system should be aware of possible problems with the afs cache when switching from kernels prior to kernel-2.6.32-279.el6.
Purging your OpenAFS cache seems to resolve this issue.

After installing the update, OpenAFS services must be restarted for the changes to take effect.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?099f228b

Plugin Details

Severity: Medium

ID: 65021

File Name: sl_20130304_openafs_on_SL5_x.nasl

Version: 1.8

Type: local

Agent: unix

Published: 3/5/2013

Updated: 1/14/2021

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-308.20.1.el5, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-308.20.1.el5-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-308.20.1.el5PAE, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-308.20.1.el5PAE-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-308.20.1.el5xen, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-308.20.1.el5xen-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-308.24.1.el5, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-308.24.1.el5-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-308.24.1.el5PAE, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-308.24.1.el5PAE-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-308.24.1.el5xen, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-308.24.1.el5xen-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-348.1.1.el5, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-348.1.1.el5-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-348.1.1.el5PAE, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-348.1.1.el5PAE-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-348.1.1.el5xen, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-348.1.1.el5xen-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-348.el5, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-348.el5-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-348.el5PAE, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-348.el5PAE-debuginfo, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-348.el5xen, p-cpe:/a:fermilab:scientific_linux:kernel-module-openafs-2.6.18-348.el5xen-debuginfo, p-cpe:/a:fermilab:scientific_linux:kmod-openafs, p-cpe:/a:fermilab:scientific_linux:openafs, p-cpe:/a:fermilab:scientific_linux:openafs-authlibs, p-cpe:/a:fermilab:scientific_linux:openafs-authlibs-devel, p-cpe:/a:fermilab:scientific_linux:openafs-client, p-cpe:/a:fermilab:scientific_linux:openafs-compat, p-cpe:/a:fermilab:scientific_linux:openafs-debug, p-cpe:/a:fermilab:scientific_linux:openafs-debuginfo, p-cpe:/a:fermilab:scientific_linux:openafs-devel, p-cpe:/a:fermilab:scientific_linux:openafs-kernel-source, p-cpe:/a:fermilab:scientific_linux:openafs-kpasswd, p-cpe:/a:fermilab:scientific_linux:openafs-krb5, p-cpe:/a:fermilab:scientific_linux:openafs-plumbing-tools, p-cpe:/a:fermilab:scientific_linux:openafs-server, x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 3/4/2013

Vulnerability Publication Date: 3/14/2013

Reference Information

CVE: CVE-2013-1794, CVE-2013-1795