Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2003)

High Nessus Plugin ID 68669

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

* CVE-2012-0207: Denial of service bug in IGMP.

The IGMP subsystem's compatibility handling of v2 packets had a bug in the computation of a delay field which could result in division by zero (causing a kernel panic).


* CVE-2012-0045: Denial of service in KVM system call emulation.

A bug in the system call emulation for allowed local users on a 32-bit KVM guest system to cause the guest system to panic.


* CVE-2012-0038: In-memory corruption in XFS ACL processing.

A missing check in xfs_acl_from_disk on the number of XFS ACLs could result in in-memory corruption and a kernel panic.


* CVE-2011-4622: NULL pointer deference in KVM interval timer emulation.

Starting PIT timers in the absence of irqchip support could cause a NULL pointer dereference and kernel OOPs.


* CVE-2011-4347: Denial of service in KVM device assignment.

Several bugs that allowed unprivileged users to improperly assign devices to KVM guests could result in a denial of service.


* CVE-2011-4132: Denial of service in Journaling Block Device layer.

A flaw in the way the Journaling Block Device (JBD) layer handled an invalid log first block value allowed an attacker to mount a malicious ext3 or ext4 image that would crash the system.


* CVE-2011-4081: NULL pointer dereference in GHASH cryptographic algorithm.

Nick Bowler reported an issue in the GHASH message digest algorithm. ghash_update can pass a NULL pointer to gf128mul_4k_lle in some cases, leading to a NULL pointer dereference (kernel OOPS).


* CVE-2011-4077: Buffer overflow in xfs_readlink.

A flaw in the way the XFS filesystem implementation handled links with pathnames larger than MAXPATHLEN allowed an attacker to mount a malicious XFS image that could crash the system or result in privilege escalation.

[2.6.32-300.11.1.el6uek]
- [fs] xfs: Fix possible memory corruption in xfs_readlink (Carlos Maiolino) {CVE-2011-4077}
- [scsi] increase qla2xxx firmware ready time-out (Joe Jin)
- [scsi] qla2xxx: Module parameter to control use of async or sync port login (Joe Jin)
- [net] tg3: Fix single-vector MSI-X code (Joe Jin)
- [net] qlge: fix size of external list for TX address descriptors (Joe Jin)
- [net] e1000e: Avoid wrong check on TX hang (Joe Jin)
- crypto: ghash - Avoid NULL pointer dereference if no key is set (Nick Bowler) {CVE-2011-4081}
- jbd/jbd2: validate sb->s_first in journal_get_superblock() (Eryu Guan) {CVE-2011-4132}
- KVM: Device assignment permission checks (Joe Jin) {CVE-2011-4347}
- KVM: x86: Prevent starting PIT timers in the absence of irqchip support (Jan Kiszka) {CVE-2011-4622}
- xfs: validate acl count (Joe Jin) {CVE-2012-0038}
- KVM: x86: fix missing checks in syscall emulation (Joe Jin) {CVE-2012-0045}
- KVM: x86: extend 'struct x86_emulate_ops' with 'get_cpuid' (Joe Jin) {CVE-2012-0045}
- igmp: Avoid zero delay when receiving odd mixture of IGMP queries (Ben Hutchings) {CVE-2012-0207}
- ipv4: correct IGMP behavior on v3 query during v2-compatibility mode (David Stevens)
- fuse: fix fuse request unique id (Srinivas Eeda) [orabug 13816349]

[2.6.32-300.10.1.el6uek]
- net: remove extra register in ip_gre (Guru Anbalagane) [Orabug: 13633287]

[2.6.32-300.9.1.el6uek]
- [netdrv] fnic: return zero on fnic_reset() success (Joe Jin)
- [e1000e] Add entropy generation back for network interrupts (John Sobecki)
- [nfs4] LINUX CLIENT TREATS NFS4ERR_GRACE AS A PERMANENT ERROR [orabug 13476821] (John Sobecki)
- [nfs] NFS CLIENT CONNECTS TO SERVER THEN DISCONNECTS [orabug 13516759] (John Sobecki)
- [sunrpc] Add patch for a mount crash in __rpc_create_common [orabug 13322773] (John Sobecki)

[2.6.32-300.8.1.el6uek]
- SPEC: fix dependency on firmware/mkinitrd (Guru Anbalagane) [orabug 13637902]
- xfs: fix acl count validation in xfs_acl_from_disk() (Dan Carpenter)
- [SCSI] scsi_dh: check queuedata pointer before proceeding further (Moger Babu) [orabug 13615419]

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2012-March/002691.html

https://oss.oracle.com/pipermail/el-errata/2012-March/002692.html

Plugin Details

Severity: High

ID: 68669

File Name: oraclelinux_ELSA-2012-2003.nasl

Version: 1.15

Type: local

Agent: unix

Published: 2013/07/12

Updated: 2020/09/24

Dependencies: 122878, 12634

Risk Information

Risk Factor: High

VPR Score: 5.9

CVSS v2.0

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, p-cpe:/a:oracle:linux:kernel-uek-headers, p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.11.1.el5uek, p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.11.1.el5uekdebug, p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.11.1.el6uek, p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.11.1.el6uekdebug, p-cpe:/a:oracle:linux:ofa-2.6.32-300.11.1.el5uek, p-cpe:/a:oracle:linux:ofa-2.6.32-300.11.1.el5uekdebug, p-cpe:/a:oracle:linux:ofa-2.6.32-300.11.1.el6uek, p-cpe:/a:oracle:linux:ofa-2.6.32-300.11.1.el6uekdebug, cpe:/o:oracle:linux:5, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/03/12

Vulnerability Publication Date: 2012/01/27

Exploitable With

Core Impact

Reference Information

CVE: CVE-2011-4077, CVE-2011-4081, CVE-2011-4132, CVE-2011-4347, CVE-2011-4622, CVE-2012-0038, CVE-2012-0045, CVE-2012-0207

BID: 50366, 50370, 50663, 50811, 51172, 51343, 51380, 51389