Oracle Linux 5 : Important: / kernel (ELSA-2007-0347)

medium Nessus Plugin ID 67495

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0347 advisory.

[2.6.18-8.1.4.0.1.el5]
-Fix bonding primary=ethX so it picks correct network (Bert Barbe) [IT 101532] [ORA 5136660]
-Add entropy module option to e1000 (John Sobecki) [ORA 6045759]
-Add entropy module option to bnx2 (John Sobecki) [ORA 6045759]

[2.6.18.8.1.4.el5]
- [ipv6] Fix routing regression. (David S. Miller ) [238046]
- [mm] Gdb does not accurately output the backtrace. (Dave Anderson ) [235511]
- [NMI] change watchdog timeout to 30 seconds (Larry Woodman ) [237655]
- [dlm] fix mode munging (David Teigland ) [238731]
- [net] kernel-headers: missing include of types.h (Neil Horman ) [238749]
- [net] fib_semantics.c out of bounds check (Thomas Graf ) [238948] {CVE-2007-2172}
- [net] disallow RH0 by default (Thomas Graf ) [238949] {CVE-2007-2242}
- [net] Fix user OOPS'able bug in FIB netlink (David S. Miller ) [238960] {CVE-2007-1861}
- [net] IPv6 fragments bypass in nf_conntrack netfilter code (Thomas Graf ) [238947] {CVE-2007-1497}
- [net] ipv6_fl_socklist is inadvertently shared (David S. Miller ) [238944] {CVE-2007-1592}
- [net] Various NULL pointer dereferences in netfilter code (Thomas Graf ) [238946] {CVE-2007-1496}

[2.6.18-8.1.3.el5]
- [s390] page_mkclean causes data corruption on s390 (Jan Glauber ) [236605]

[2.6.18-8.1.2.el5]
- [utrace] exploit and unkillable cpu fixes (Roland McGrath ) [228816] (CVE-2007-0771)
- [net] IPV6 security holes in ipv6_sockglue.c - 2 (David S. Miller ) [232257] {CVE-2007-1000}
- [net] IPV6 security holes in ipv6_sockglue.c (David S. Miller ) [232255] {CVE-2007-1388}
- [audit] GFP_KERNEL allocations in non-blocking context fix (Alexander Viro ) [233157]

[2.6.18-8.1.1.el5]
- [cpufreq] Remove __initdata from tscsync (Prarit Bhargava ) [229887]
- [security] Fix key serial number collision problem (David Howells ) [229883] {CVE-2007-0006}
- [fs] Don't core dump read-only binarys (Don Howard ) [229885] {CVE-2007-0958}
- [xen] Enable booting on machines with > 64G (Chris Lalancette) [230117]
- Fix potential buffer overflow in cardman 4040 cmx driver (Don Howard) [229884] {CVE-2007-0005}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2007-0347.html

Plugin Details

Severity: Medium

ID: 67495

File Name: oraclelinux_ELSA-2007-0347.nasl

Version: 1.18

Type: local

Agent: unix

Published: 7/12/2013

Updated: 4/29/2025

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.8

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2007-1000

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2007-0771

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:oracleasm-2.6.18-8.1.4.0.1.el5xen, p-cpe:/a:oracle:linux:kernel-xen, cpe:/o:oracle:linux:5, p-cpe:/a:oracle:linux:kernel-devel, p-cpe:/a:oracle:linux:kernel-pae-devel, p-cpe:/a:oracle:linux:oracleasm-2.6.18-8.1.4.0.1.el5pae, p-cpe:/a:oracle:linux:kernel-xen-devel, p-cpe:/a:oracle:linux:kernel-pae, p-cpe:/a:oracle:linux:oracleasm-2.6.18-8.1.4.0.1.el5, p-cpe:/a:oracle:linux:ocfs2-2.6.18-8.1.4.0.1.el5, p-cpe:/a:oracle:linux:ocfs2-2.6.18-8.1.4.0.1.el5pae, p-cpe:/a:oracle:linux:ocfs2-2.6.18-8.1.4.0.1.el5xen, p-cpe:/a:oracle:linux:kernel-headers, p-cpe:/a:oracle:linux:kernel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/26/2007

Vulnerability Publication Date: 3/16/2007

Reference Information

CVE: CVE-2007-0005, CVE-2007-0006, CVE-2007-0771, CVE-2007-0958, CVE-2007-1000, CVE-2007-1388, CVE-2007-1496, CVE-2007-1497, CVE-2007-1592, CVE-2007-1861, CVE-2007-2172, CVE-2007-2242

BID: 23104, 23615

RHSA: 2007:0347