Detections
Analytics

Oracle Linux 6 : kernel (ELSA-2011-1189)

medium Nessus Plugin ID 68331

Language:

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-1189 advisory.

 - [net] nl80211: missing check for valid SSID size in scan operation (Stanislaw Gruszka) [718157 718158] {CVE-2011-2517}
 - [net] bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace. (Thomas Graf) [703022 703023] {CVE-2011-2492}
 - [net] inet_diag: fix validation of user data in inet_diag_bc_audit() (Thomas Graf) [714540 714541] {CVE-2011-2213}
 - [fs] proc: restrict access to /proc/PID/io (Oleg Nesterov) [716829 716830] {CVE-2011-2495}
 - [fs] validate size of EFI GUID partition entries (Anton Arapov) [703029 703030] {CVE-2011-1776}
 - [fs] ext4: Fix max file size and logical block counting of extent format file (Lukas Czerner) [722568 722569] {CVE-2011-2695}
 - [virt] kvm: Disable device assignment without interrupt remapping (Alex Williamson) [716306 711504] {CVE-2011-1898}
 - [virt] iommu-api: Extension to check for interrupt remapping (Alex Williamson) [716306 711504] {CVE-2011-1898}
 - [virt] ksm: fix race between ksmd and exiting task (Andrea Arcangeli) [710340 710341] {CVE-2011-2183}
 - [kernel] proc: signedness issue in next_pidmap() (Jerome Marchand) [697824 697825] {CVE-2011-1593}
 - [net] bluetooth: Prevent buffer overflow in l2cap config request (Jiri Pirko) [716809 716810] {CVE-2011-2497}
 - [fs] NLM: Don't hang forever on NLM unlock requests (Jeff Layton) [709548 709549] {CVE-2011-2491}
 - [net] Fix memory leak/corruption on VLAN GRO_DROP (Herbert Xu) [695175 695176] {CVE-2011-1576}
 - GFS2: make sure fallocate bytes is a multiple of blksize (Benjamin Marzinski) [720863 695763] {CVE-2011-2689}
 - [kernel] Prevent rt_sigqueueinfo and rt_tgsigqueueinfo from spoofing the signal code (Oleg Nesterov) [715521 690033] {CVE-2011-1182}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2011-1189.html

Plugin Details

Severity: Medium

ID: 68331

File Name: oraclelinux_ELSA-2011-1189.nasl

Version: 1.20

Type: local

Agent: unix

Published: 7/12/2013

Updated: 4/29/2025

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.4

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 7.2

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2011-2497

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.8

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2011-1776

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-devel, p-cpe:/a:oracle:linux:perf, p-cpe:/a:oracle:linux:kernel-firmware, p-cpe:/a:oracle:linux:kernel-debug-devel, p-cpe:/a:oracle:linux:kernel-debug, p-cpe:/a:oracle:linux:kernel-headers, p-cpe:/a:oracle:linux:kernel, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/23/2011

Vulnerability Publication Date: 3/23/2011

Reference Information

CVE: CVE-2011-1182, CVE-2011-1576, CVE-2011-1593, CVE-2011-1776, CVE-2011-1898, CVE-2011-2183, CVE-2011-2213, CVE-2011-2491, CVE-2011-2492, CVE-2011-2495, CVE-2011-2497, CVE-2011-2517, CVE-2011-2689, CVE-2011-2695

BID: 47003, 47497, 47796, 48333, 48441, 48472, 48515, 48538, 48677, 48697, 48907, 49141

RHSA: 2011:1189