Scientific Linux Security Update : kernel on SL6.x i386/x86_64

High Nessus Plugin ID 73200

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

* A flaw was found in the way the get_rx_bufs() function in the vhost_net implementation in the Linux kernel handled error conditions reported by the vhost_get_vq_desc() function. A privileged guest user could use this flaw to crash the host. (CVE-2014-0055, Important)

* A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system. (CVE-2014-0101, Important)

* A flaw was found in the way the Linux kernel's CIFS implementation handled uncached write operations with specially crafted iovec structures. An unprivileged local user with access to a CIFS share could use this flaw to crash the system, leak kernel memory, or, potentially, escalate their privileges on the system. Note: the default cache settings for CIFS mounts on Scientific Linux 6 prohibit a successful exploitation of this issue. (CVE-2014-0069, Moderate)

* A heap-based buffer overflow flaw was found in the Linux kernel's cdc- wdm driver, used for USB CDC WCM device management. An attacker with physical access to a system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1860, Low)

The system must be rebooted for this update to take effect.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?6ae65dfb

Plugin Details

Severity: High

ID: 73200

File Name: sl_20140325_kernel_on_SL6_x.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2014/03/26

Updated: 2018/12/28

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2014/03/25

Reference Information

CVE: CVE-2013-1860, CVE-2014-0055, CVE-2014-0069, CVE-2014-0101