Detections
Analytics

Oracle Linux 5 : kernel (ELSA-2012-0007)

medium Nessus Plugin ID 68427

Language:

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0007 advisory.

 - Revert: [block] add and use scsi_blk_cmd_ioctl (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
 - Revert: [block] fail SCSI passthrough ioctls on partition devices (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
 - Revert: [dm] do not forward ioctls from logical volumes to the underlying device (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
 - Revert: [scsi] fix 32-on-64 block device ioctls (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
 - [scsi] fix 32-on-64 block device ioctls (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
 - [fs] xfs: Fix memory corruption in xfs_readlink (Carlos Maiolino) [749159 749160] {CVE-2011-4077}
 - [fs] nfs: remove BUG() from encode_share_access() (Jeff Layton) [755442 754901] {CVE-2011-4324}
 - [fs] hfs: add sanity check for file name length (Eric Sandeen) [755432 755433] {CVE-2011-4330}
 - [fs] jbd/jbd2: validate sb->s_first in journal_get_superblock (Eryu Guan) [753343 706810] {CVE-2011-4132}
 - [fs] proc: fix oops on invalid /proc/<pid>/maps access (Johannes Weiner) [747851 747699] {CVE-2011-3637}
 - [fs] proc: close race with exec in mem_read() (Johannes Weiner) [692041 692042] {CVE-2011-1020}
 - [mm] implement access_remote_vm (Johannes Weiner) [692041 692042] {CVE-2011-1020}
 - [mm] factor out main logic of access_process_vm (Johannes Weiner) [692041 692042] {CVE-2011-1020}
 - [mm] use mm_struct to resolve gate vma's in __get_user_pages (Johannes Weiner) [692041 692042] {CVE-2011-1020}
 - [mm] make in_gate_area take mm_struct instead of a task_struct (Johannes Weiner) [692041 692042] {CVE-2011-1020}
 - [mm] make get_gate_vma take mm_struct instead of task_struct (Johannes Weiner) [692041 692042] {CVE-2011-1020}
 - [x86_64] mark assoc mm when running task in 32 bit compat mode (Johannes Weiner) [692041 692042] {CVE-2011-1020}
 - [misc] sched: add ctx tag to mm running task in ia32 compat mode (Johannes Weiner) [692041 692042] {CVE-2011-1020}
 - [fs] proc: require the target to be tracable (or yourself) (Johannes Weiner) [692041 692042] {CVE-2011-1020}
 - [fs] proc: close race in /proc/*/environ (Johannes Weiner) [692041 692042] {CVE-2011-1020}
 - [fs] proc: report errors in /proc/*/*map* sanely (Johannes Weiner) [692041 692042] {CVE-2011-1020}
 - [fs] proc: shift down_read(mmap_sem) to the caller (Johannes Weiner) [692041 692042] {CVE-2011-1020}
 - [fs] detect exec transition phase with new mm but old creds (Johannes Weiner) [692041 692042] {CVE-2011-1020}
 - [dm] do not forward ioctls from logical volumes to the underlying device (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
 - [block] fail SCSI passthrough ioctls on partition devices (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
 - [block] add and use scsi_blk_cmd_ioctl (Paolo Bonzini) [752385 752386] {CVE-2011-4127}
 - [fs] nfs: Fix an O_DIRECT Oops (Jeff Layton) [755457 754620] {CVE-2011-4325}
 - [net] sctp: Fix another race during accept/peeloff (Thomas Graf) [757146 714870] {CVE-2011-4348}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2012-0007.html

Plugin Details

Severity: Medium

ID: 68427

File Name: oraclelinux_ELSA-2012-0007.nasl

Version: 1.17

Type: local

Agent: unix

Published: 7/12/2013

Updated: 4/29/2025

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2011-4330

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2011-3637

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:oracleasm-2.6.18-274.17.1.0.1.el5debug, p-cpe:/a:oracle:linux:kernel-xen, cpe:/o:oracle:linux:5, p-cpe:/a:oracle:linux:kernel-devel, p-cpe:/a:oracle:linux:oracleasm-2.6.18-274.17.1.0.1.el5pae, p-cpe:/a:oracle:linux:kernel-pae-devel, p-cpe:/a:oracle:linux:ocfs2-2.6.18-274.17.1.0.1.el5, p-cpe:/a:oracle:linux:ocfs2-2.6.18-274.17.1.0.1.el5pae, p-cpe:/a:oracle:linux:kernel-xen-devel, p-cpe:/a:oracle:linux:kernel-pae, p-cpe:/a:oracle:linux:oracleasm-2.6.18-274.17.1.0.1.el5xen, p-cpe:/a:oracle:linux:ocfs2-2.6.18-274.17.1.0.1.el5xen, p-cpe:/a:oracle:linux:kernel-debug-devel, p-cpe:/a:oracle:linux:ocfs2-2.6.18-274.17.1.0.1.el5debug, p-cpe:/a:oracle:linux:kernel-debug, p-cpe:/a:oracle:linux:oracleasm-2.6.18-274.17.1.0.1.el5, p-cpe:/a:oracle:linux:kernel-headers, p-cpe:/a:oracle:linux:kernel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/12/2012

Vulnerability Publication Date: 2/28/2011

Reference Information

CVE: CVE-2011-1020, CVE-2011-3637, CVE-2011-4077, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2011-4330, CVE-2011-4348

BID: 46567, 50370, 50663, 50750, 50798, 51176, 51361, 51363, 51366

RHSA: 2012:0007