Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the sixth regular update.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The kernel packages contain the Linux kernel, the core of any Linux operating system.
This update fixes the following security issues :
A NULL pointer dereference flaw was found in the igb driver in the Linux kernel. If both the Single Root I/O Virtualization (SR-IOV) feature and promiscuous mode were enabled on an interface using igb, it could result in a denial of service when a tagged VLAN packet is received on that interface. (CVE-2010-4263, Important)
A missing sanity check was found in vbd_create() in the Xen hypervisor implementation. As CD-ROM drives are not supported by the blkback back-end driver, attempting to use a virtual CD-ROM drive with blkback could trigger a denial of service (crash) on the host system running the Xen hypervisor. (CVE-2010-4238, Moderate)
A flaw was found in the Linux kernel execve() system call implementation. A local, unprivileged user could cause large amounts of memory to be allocated but not visible to the OOM (Out of Memory) killer, triggering a denial of service. (CVE-2010-4243, Moderate)
A flaw was found in fixup_page_fault() in the Xen hypervisor implementation. If a 64-bit para-virtualized guest accessed a certain area of memory, it could cause a denial of service on the host system running the Xen hypervisor. (CVE-2010-4255, Moderate)
A missing initialization flaw was found in the bfa driver used by Brocade Fibre Channel Host Bus Adapters. A local, unprivileged user could use this flaw to cause a denial of service by reading a file in the ‘/sys/class/fc_host/host#/statistics/’ directory. (CVE-2010-4343, Moderate)
Missing initialization flaws in the Linux kernel could lead to information leaks. (CVE-2010-3296, CVE-2010-3877, CVE-2010-4072, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4081, CVE-2010-4158, Low)
Red Hat would like to thank Kosuke Tatsukawa for reporting CVE-2010-4263; Vladymyr Denysov for reporting CVE-2010-4238; Brad Spengler for reporting CVE-2010-4243; Dan Rosenberg for reporting CVE-2010-3296, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4081, and CVE-2010-4158; Vasiliy Kulikov for reporting CVE-2010-3877; and Kees Cook for reporting CVE-2010-4072.
These updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.6 Release Notes for information on the most significant of these changes :
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/ 5.6_Release_Notes/index.html
Refer to the kernel chapter in the Red Hat Enterprise Linux 5.6 Technical Notes for further information :
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/ 5.6_Technical_Notes/kernel.html
All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.6 Release Notes and Technical Notes. The system must be rebooted for this update to take effect.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2011:0017. The text
# itself is copyright (C) Red Hat, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(51522);
script_version("1.23");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2010-3296", "CVE-2010-3877", "CVE-2010-4072", "CVE-2010-4073", "CVE-2010-4075", "CVE-2010-4080", "CVE-2010-4081", "CVE-2010-4158", "CVE-2010-4238", "CVE-2010-4243", "CVE-2010-4255", "CVE-2010-4263", "CVE-2010-4343");
script_bugtraq_id(43221, 43806, 44630, 44758, 45004, 45054, 45058, 45063, 45073, 45099, 45208, 45262);
script_xref(name:"RHSA", value:"2011:0017");
script_name(english:"RHEL 5 : kernel (RHSA-2011:0017)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Red Hat host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"Updated kernel packages that fix multiple security issues, address
several hundred bugs, and add numerous enhancements are now available
as part of the ongoing support and maintenance of Red Hat Enterprise
Linux version 5. This is the sixth regular update.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues :
* A NULL pointer dereference flaw was found in the igb driver in the
Linux kernel. If both the Single Root I/O Virtualization (SR-IOV)
feature and promiscuous mode were enabled on an interface using igb,
it could result in a denial of service when a tagged VLAN packet is
received on that interface. (CVE-2010-4263, Important)
* A missing sanity check was found in vbd_create() in the Xen
hypervisor implementation. As CD-ROM drives are not supported by the
blkback back-end driver, attempting to use a virtual CD-ROM drive with
blkback could trigger a denial of service (crash) on the host system
running the Xen hypervisor. (CVE-2010-4238, Moderate)
* A flaw was found in the Linux kernel execve() system call
implementation. A local, unprivileged user could cause large amounts
of memory to be allocated but not visible to the OOM (Out of Memory)
killer, triggering a denial of service. (CVE-2010-4243, Moderate)
* A flaw was found in fixup_page_fault() in the Xen hypervisor
implementation. If a 64-bit para-virtualized guest accessed a certain
area of memory, it could cause a denial of service on the host system
running the Xen hypervisor. (CVE-2010-4255, Moderate)
* A missing initialization flaw was found in the bfa driver used by
Brocade Fibre Channel Host Bus Adapters. A local, unprivileged user
could use this flaw to cause a denial of service by reading a file in
the '/sys/class/fc_host/host#/statistics/' directory. (CVE-2010-4343,
Moderate)
* Missing initialization flaws in the Linux kernel could lead to
information leaks. (CVE-2010-3296, CVE-2010-3877, CVE-2010-4072,
CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4081,
CVE-2010-4158, Low)
Red Hat would like to thank Kosuke Tatsukawa for reporting
CVE-2010-4263; Vladymyr Denysov for reporting CVE-2010-4238; Brad
Spengler for reporting CVE-2010-4243; Dan Rosenberg for reporting
CVE-2010-3296, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080,
CVE-2010-4081, and CVE-2010-4158; Vasiliy Kulikov for reporting
CVE-2010-3877; and Kees Cook for reporting CVE-2010-4072.
These updated packages also include several hundred bug fixes for and
enhancements to the Linux kernel. Space precludes documenting each of
these changes in this advisory and users are directed to the Red Hat
Enterprise Linux 5.6 Release Notes for information on the most
significant of these changes :
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/
5.6_Release_Notes/index.html
Refer to the kernel chapter in the Red Hat Enterprise Linux 5.6
Technical Notes for further information :
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/
5.6_Technical_Notes/kernel.html
All Red Hat Enterprise Linux 5 users are advised to install these
updated packages, which address these vulnerabilities as well as
fixing the bugs and adding the enhancements noted in the Red Hat
Enterprise Linux 5.6 Release Notes and Technical Notes. The system
must be rebooted for this update to take effect."
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2010-3296"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2010-3877"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2010-4072"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2010-4073"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2010-4075"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2010-4080"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2010-4081"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2010-4158"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2010-4238"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2010-4243"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2010-4255"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2010-4263"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/security/cve/cve-2010-4343"
);
# http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?056c0c27"
);
script_set_attribute(
attribute:"see_also",
value:"https://access.redhat.com/errata/RHSA-2011:0017"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-PAE-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kernel-xen-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/30");
script_set_attribute(attribute:"patch_publication_date", value:"2011/01/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/14");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Red Hat Local Security Checks");
script_dependencies("ssh_get_info.nasl", "linux_alt_patch_detect.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
include("ksplice.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if (get_one_kb_item("Host/ksplice/kernel-cves"))
{
rm_kb_item(name:"Host/uptrack-uname-r");
cve_list = make_list("CVE-2010-3296", "CVE-2010-3877", "CVE-2010-4072", "CVE-2010-4073", "CVE-2010-4075", "CVE-2010-4080", "CVE-2010-4081", "CVE-2010-4158", "CVE-2010-4238", "CVE-2010-4243", "CVE-2010-4255", "CVE-2010-4263", "CVE-2010-4343");
if (ksplice_cves_check(cve_list))
{
audit(AUDIT_PATCH_INSTALLED, "KSplice hotfix for RHSA-2011:0017");
}
else
{
__rpm_report = ksplice_reporting_text();
}
}
yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo))
{
rhsa = "RHSA-2011:0017";
yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
if (!empty_or_null(yum_report))
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : yum_report
);
exit(0);
}
else
{
audit_message = "affected by Red Hat security advisory " + rhsa;
audit(AUDIT_OS_NOT, audit_message);
}
}
else
{
flag = 0;
if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-PAE-devel-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-debug-devel-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-debug-devel-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-debug-devel-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-devel-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-devel-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-devel-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", reference:"kernel-doc-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i386", reference:"kernel-headers-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-headers-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-headers-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"kernel-kdump-devel-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"i686", reference:"kernel-xen-devel-2.6.18-238.el5")) flag++;
if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kernel-xen-devel-2.6.18-238.el5")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-devel / kernel-debug / etc");
}
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | kernel | p-cpe:/a:redhat:enterprise_linux:kernel |
redhat | enterprise_linux | kernel-pae | p-cpe:/a:redhat:enterprise_linux:kernel-pae |
redhat | enterprise_linux | kernel-pae-devel | p-cpe:/a:redhat:enterprise_linux:kernel-pae-devel |
redhat | enterprise_linux | kernel-debug | p-cpe:/a:redhat:enterprise_linux:kernel-debug |
redhat | enterprise_linux | kernel-debug-devel | p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel |
redhat | enterprise_linux | kernel-devel | p-cpe:/a:redhat:enterprise_linux:kernel-devel |
redhat | enterprise_linux | kernel-doc | p-cpe:/a:redhat:enterprise_linux:kernel-doc |
redhat | enterprise_linux | kernel-headers | p-cpe:/a:redhat:enterprise_linux:kernel-headers |
redhat | enterprise_linux | kernel-kdump | p-cpe:/a:redhat:enterprise_linux:kernel-kdump |
redhat | enterprise_linux | kernel-kdump-devel | p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3296
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3877
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4072
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4073
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4075
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4080
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4081
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4158
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4238
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4243
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4255
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4263
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4343
www.nessus.org/u?056c0c27
access.redhat.com/errata/RHSA-2011:0017
access.redhat.com/security/cve/cve-2010-3296
access.redhat.com/security/cve/cve-2010-3877
access.redhat.com/security/cve/cve-2010-4072
access.redhat.com/security/cve/cve-2010-4073
access.redhat.com/security/cve/cve-2010-4075
access.redhat.com/security/cve/cve-2010-4080
access.redhat.com/security/cve/cve-2010-4081
access.redhat.com/security/cve/cve-2010-4158
access.redhat.com/security/cve/cve-2010-4238
access.redhat.com/security/cve/cve-2010-4243
access.redhat.com/security/cve/cve-2010-4255
access.redhat.com/security/cve/cve-2010-4263
access.redhat.com/security/cve/cve-2010-4343