Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2033)

Critical Nessus Plugin ID 68424

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

* CVE-2011-1161: Information leak in transmission logic of TPM driver.

A missing buffer size check in tpm_transmit could allow leaking of potentially sensitive kernel memory.

* CVE-2011-1162: Information leak in TPM driver.

A flaw in the way memory containing security-related data was handled in tpm_read() could allow a local, unprivileged user to read the results of a previously run TPM command. (CVE-2011-1162, Low)

* CVE-2011-2494: Information leak in task/process statistics.

The I/O statistics from the taskstats subsystem could be read without any restrictions. A local, unprivileged user could use this flaw to gather confidential information, such as the length of a password used in a process. (CVE-2011-2494, Low)

* CVE-2011-3188: Weak TCP sequence number generation.

The way IPv4 and IPv6 protocol sequence numbers and fragment IDs were generated could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence numbers and fragment IDs are now more random. (CVE-2011-3188, Moderate)

* CVE-2011-1577: Missing boundary checks in GPT partition handling.


A heap overflow flaw in the Linux kernel's EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk that contains specially crafted partition tables. (CVE-2011-1577, Low)

* CVE-2011-3191: Memory corruption in CIFS.

A malicious CIFS server could overflow a signed integer value, causing a memcpy() to scribble over a large amount of memory.

* CVE-2011-3353: Denial of service in FUSE via FUSE_NOTIFY_INVAL_ENTRY.

A buffer overflow flaw was found in the Linux kernel's FUSE (Filesystem in Userspace) implementation. A local user in the fuse group who has access to mount a FUSE file system could use this flaw to cause a denial of service. (CVE-2011-3353, Moderate)

* CVE-2011-4326: Denial of service in IPv6 UDP Fragmentation Offload.

A flaw was found in the way the Linux kernel handled fragmented IPv6 UDP datagrams over the bridge with UDP Fragmentation Offload (UFO) functionality on. A remote attacker could use this flaw to cause a denial of service. (CVE-2011-4326, Important)

* CVE-2011-3593: Denial of service in VLAN with priority tagged frames.

A flaw was found in the way the Linux kernel handled VLAN 0 frames with the priority tag set. When using certain network drivers, an attacker on the local network could use this flaw to cause a denial of service. (CVE-2011-3593, Moderate)

* CVE-2011-2699: Predictable IPv6 fragment identification numbers.

IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system's networking, preventing legitimate users from accessing its services. (CVE-2011-2699, Important)

kernel-uek:

[2.6.32-200.23.1.el5uek]
- net: Remove atmclip.h to prevent break kabi check.
- KConfig: add CONFIG_UEK5=n to ol6/config-generic

[2.6.32-200.22.1.el5uek]
- ipv6: make fragment identifications less predictable (Joe Jin) {CVE-2011-2699}
- vlan: fix panic when handling priority tagged frames (Joe Jin) {CVE-2011-3593}
- ipv6: udp: fix the wrong headroom check (Maxim Uvarov) {CVE-2011-4326}
- b43: allocate receive buffers big enough for max frame len + offset (Maxim Uvarov) {CVE-2011-3359}
- fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message (Maxim Uvarov) {CVE-2011-3353}
- cifs: fix possible memory corruption in CIFSFindNext (Maxim Uvarov) {CVE-2011-3191}
- crypto: md5 - Add export support (Maxim Uvarov) {CVE-2011-2699}
- fs/partitions/efi.c: corrupted GUID partition tables can cause kernel oops (Maxim Uvarov) {CVE-2011-1577}
- block: use struct parsed_partitions *state universally in partition check code (Maxim Uvarov)
- net: Compute protocol sequence numbers and fragment IDs using MD5. (Maxim Uvarov) {CVE-2011-3188}
- crypto: Move md5_transform to lib/md5.c (Maxim Uvarov) {CVE-2011-3188}
- perf tools: do not look at ./config for configuration (Maxim Uvarov) {CVE-2011-2905}
- Make TASKSTATS require root access (Maxim Uvarov) {CVE-2011-2494}
- TPM: Zero buffer after copying to userspace (Maxim Uvarov) {CVE-2011-1162}
- TPM: Call tpm_transmit with correct size (Maxim Uvarov){CVE-2011-1161}
- fnic: fix panic while booting in fnic(Xiaowei Hu)
- Revert 'PCI hotplug: acpiphp: set current_state to D0 in register_slot' (Guru Anbalagane)
- xen: drop xen_sched_clock in favour of using plain wallclock time (Jeremy Fitzhardinge)

[2.6.32-200.21.1.el5uek]
- PCI: Set device power state to PCI_D0 for device without native PM support (Ajaykumar Hotchandani) [orabug 13033435]

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2011-November/002477.html

https://oss.oracle.com/pipermail/el-errata/2011-November/002478.html

Plugin Details

Severity: Critical

ID: 68424

File Name: oraclelinux_ELSA-2011-2033.nasl

Version: 1.16

Type: local

Agent: unix

Published: 2013/07/12

Updated: 2019/10/25

Dependencies: 12634, 122878

Risk Information

Risk Factor: Critical

VPR Score: 5.9

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, p-cpe:/a:oracle:linux:kernel-uek-headers, p-cpe:/a:oracle:linux:ofa-2.6.32-200.23.1.el5uek, p-cpe:/a:oracle:linux:ofa-2.6.32-200.23.1.el5uekdebug, p-cpe:/a:oracle:linux:ofa-2.6.32-200.23.1.el6uek, p-cpe:/a:oracle:linux:ofa-2.6.32-200.23.1.el6uekdebug, cpe:/o:oracle:linux:5, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2011/11/28

Vulnerability Publication Date: 2011/05/03

Reference Information

CVE: CVE-2011-1162, CVE-2011-1577, CVE-2011-2494, CVE-2011-2699, CVE-2011-2905, CVE-2011-3188, CVE-2011-3191, CVE-2011-3353, CVE-2011-3359, CVE-2011-3593, CVE-2011-4326