Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2003)

High Nessus Plugin ID 68669

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

Description of changes:

* CVE-2012-0207: Denial of service bug in IGMP.

The IGMP subsystem's compatibility handling of v2 packets had a bug in the computation of a delay field which could result in division by zero (causing a kernel panic).


* CVE-2012-0045: Denial of service in KVM system call emulation.

A bug in the system call emulation for allowed local users on a 32-bit KVM guest system to cause the guest system to panic.


* CVE-2012-0038: In-memory corruption in XFS ACL processing.

A missing check in xfs_acl_from_disk on the number of XFS ACLs could result in in-memory corruption and a kernel panic.


* CVE-2011-4622: NULL pointer deference in KVM interval timer emulation.

Starting PIT timers in the absence of irqchip support could cause a NULL pointer dereference and kernel OOPs.


* CVE-2011-4347: Denial of service in KVM device assignment.

Several bugs that allowed unprivileged users to improperly assign devices to KVM guests could result in a denial of service.


* CVE-2011-4132: Denial of service in Journaling Block Device layer.

A flaw in the way the Journaling Block Device (JBD) layer handled an invalid log first block value allowed an attacker to mount a malicious ext3 or ext4 image that would crash the system.


* CVE-2011-4081: NULL pointer dereference in GHASH cryptographic algorithm.

Nick Bowler reported an issue in the GHASH message digest algorithm. ghash_update can pass a NULL pointer to gf128mul_4k_lle in some cases, leading to a NULL pointer dereference (kernel OOPS).


* CVE-2011-4077: Buffer overflow in xfs_readlink.

A flaw in the way the XFS filesystem implementation handled links with pathnames larger than MAXPATHLEN allowed an attacker to mount a malicious XFS image that could crash the system or result in privilege escalation.

[2.6.32-300.11.1.el6uek]
- [fs] xfs: Fix possible memory corruption in xfs_readlink (Carlos Maiolino) {CVE-2011-4077}
- [scsi] increase qla2xxx firmware ready time-out (Joe Jin)
- [scsi] qla2xxx: Module parameter to control use of async or sync port login (Joe Jin)
- [net] tg3: Fix single-vector MSI-X code (Joe Jin)
- [net] qlge: fix size of external list for TX address descriptors (Joe Jin)
- [net] e1000e: Avoid wrong check on TX hang (Joe Jin)
- crypto: ghash - Avoid NULL pointer dereference if no key is set (Nick Bowler) {CVE-2011-4081}
- jbd/jbd2: validate sb->s_first in journal_get_superblock() (Eryu Guan) {CVE-2011-4132}
- KVM: Device assignment permission checks (Joe Jin) {CVE-2011-4347}
- KVM: x86: Prevent starting PIT timers in the absence of irqchip support (Jan Kiszka) {CVE-2011-4622}
- xfs: validate acl count (Joe Jin) {CVE-2012-0038}
- KVM: x86: fix missing checks in syscall emulation (Joe Jin) {CVE-2012-0045}
- KVM: x86: extend 'struct x86_emulate_ops' with 'get_cpuid' (Joe Jin) {CVE-2012-0045}
- igmp: Avoid zero delay when receiving odd mixture of IGMP queries (Ben Hutchings) {CVE-2012-0207}
- ipv4: correct IGMP behavior on v3 query during v2-compatibility mode (David Stevens)
- fuse: fix fuse request unique id (Srinivas Eeda) [orabug 13816349]

[2.6.32-300.10.1.el6uek]
- net: remove extra register in ip_gre (Guru Anbalagane) [Orabug: 13633287]

[2.6.32-300.9.1.el6uek]
- [netdrv] fnic: return zero on fnic_reset() success (Joe Jin)
- [e1000e] Add entropy generation back for network interrupts (John Sobecki)
- [nfs4] LINUX CLIENT TREATS NFS4ERR_GRACE AS A PERMANENT ERROR [orabug 13476821] (John Sobecki)
- [nfs] NFS CLIENT CONNECTS TO SERVER THEN DISCONNECTS [orabug 13516759] (John Sobecki)
- [sunrpc] Add patch for a mount crash in __rpc_create_common [orabug 13322773] (John Sobecki)

[2.6.32-300.8.1.el6uek]
- SPEC: fix dependency on firmware/mkinitrd (Guru Anbalagane) [orabug 13637902]
- xfs: fix acl count validation in xfs_acl_from_disk() (Dan Carpenter)
- [SCSI] scsi_dh: check queuedata pointer before proceeding further (Moger Babu) [orabug 13615419]

Solution

Update the affected unbreakable enterprise kernel packages.

See Also

https://oss.oracle.com/pipermail/el-errata/2012-March/002691.html

https://oss.oracle.com/pipermail/el-errata/2012-March/002692.html

Plugin Details

Severity: High

ID: 68669

File Name: oraclelinux_ELSA-2012-2003.nasl

Version: 1.12

Type: local

Agent: unix

Published: 2013/07/12

Updated: 2019/09/30

Dependencies: 12634, 122878

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-firmware, p-cpe:/a:oracle:linux:kernel-uek-headers, p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.11.1.el5uek, p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.11.1.el5uekdebug, p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.11.1.el6uek, p-cpe:/a:oracle:linux:mlnx_en-2.6.32-300.11.1.el6uekdebug, p-cpe:/a:oracle:linux:ofa-2.6.32-300.11.1.el5uek, p-cpe:/a:oracle:linux:ofa-2.6.32-300.11.1.el5uekdebug, p-cpe:/a:oracle:linux:ofa-2.6.32-300.11.1.el6uek, p-cpe:/a:oracle:linux:ofa-2.6.32-300.11.1.el6uekdebug, cpe:/o:oracle:linux:5, cpe:/o:oracle:linux:6

Required KB Items: Host/local_checks_enabled, Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2012/03/12

Vulnerability Publication Date: 2012/01/27

Exploitable With

Core Impact

Reference Information

CVE: CVE-2011-4077, CVE-2011-4081, CVE-2011-4132, CVE-2011-4347, CVE-2011-4622, CVE-2012-0038, CVE-2012-0045, CVE-2012-0207

BID: 50366, 50370, 50663, 50811, 51172, 51343, 51380, 51389