Oracle Linux 7 : kernel (ELSA-2014-1023)

medium Nessus Plugin ID 77045

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1023 advisory.

- [net] l2tp_ppp: fail when socket option level is not SOL_PPPOL2TP (Petr Matousek) [1119465 1119466] {CVE-2014-4943}
- [x86] ptrace: force IRET path after a ptrace_stop() (Oleg Nesterov) [1115934 1115935] {CVE-2014-4699}
- [net] sctp: Fix sk_ack_backlog wrap-around problem (Daniel Borkmann) [1113971 1112726] {CVE-2014-4667}
- [net] netlink: Add variants of capable for use on netlink messages (Jiri Benc) [1094271 1094272] {CVE-2014-0181}
- [net] diag: Move the permission check in sock_diag_put_filterinfo to packet_diag_dump (Jiri Benc) [1094271 109427 2] {CVE-2014-0181}
- [net] netlink: Rename netlink_capable netlink_allowed (Jiri Benc) [1094271 1094272] {CVE-2014-0181}
- [net] diag: Fix ns_capable check in sock_diag_put_filterinfo (Jiri Benc) [1094271 1094272] {CVE-2014-0181}
- [net] netlink: Fix permission check in netlink_connect() (Jiri Benc) [1094271 1094272] {CVE-2014-0181}
- [wireless] ath9k: tid->sched race in ath_tx_aggr_sleep() (Jacob Tanenbaum) [1083251 1083252] {CVE-2014-2672}
- [powerpc] tm: Fix crash when forking inside a transaction (Radomir Vrbovsky) [1083214 1083215] {CVE-2014-2673}

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2014-1023.html

Plugin Details

Severity: Medium

ID: 77045

File Name: oraclelinux_ELSA-2014-1023.nasl

Version: 1.16

Type: local

Agent: unix

Published: 8/7/2014

Updated: 4/29/2025

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2014-3534

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2014-2673

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-abi-whitelists, p-cpe:/a:oracle:linux:kernel-tools-libs-devel, p-cpe:/a:oracle:linux:kernel-devel, p-cpe:/a:oracle:linux:kernel-tools-libs, p-cpe:/a:oracle:linux:perf, cpe:/o:oracle:linux:7, p-cpe:/a:oracle:linux:kernel-tools, p-cpe:/a:oracle:linux:python-perf, p-cpe:/a:oracle:linux:kernel-debug-devel, p-cpe:/a:oracle:linux:kernel-debug, p-cpe:/a:oracle:linux:kernel-headers, p-cpe:/a:oracle:linux:kernel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 8/6/2014

Vulnerability Publication Date: 2/26/2014

Reference Information

CVE: CVE-2014-0181, CVE-2014-2672, CVE-2014-2673, CVE-2014-2706, CVE-2014-3534, CVE-2014-4667

BID: 68683

RHSA: 2014:1023