Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20120110_KERNEL_ON_SL5_X.NASL
HistoryAug 01, 2012 - 12:00 a.m.

Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20120110)

2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
45
JSON

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues :

  • A buffer overflow flaw was found in the way the Linux kernel’s XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially crafted disk. (CVE-2011-4077, Important)

  • The fix for CVE-2011-2482 provided by a previous update introduced a regression: on systems that do not have Security-Enhanced Linux (SELinux) in Enforcing mode, a socket lock race could occur between sctp_rcv() and sctp_accept(). A remote attacker could use this flaw to cause a denial of service. By default, SELinux runs in Enforcing mode on Scientific Linux 5. (CVE-2011-4348, Important)

  • The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. (CVE-2011-1020, Moderate)

  • A missing validation flaw was found in the Linux kernel’s m_stop() implementation. A local, unprivileged user could use this flaw to trigger a denial of service.
    (CVE-2011-3637, Moderate)

  • A flaw was found in the Linux kernel’s Journaling Block Device (JBD). A local attacker could use this flaw to crash the system by mounting a specially crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate)

  • A flaw was found in the Linux kernel’s encode_share_access() implementation. A local, unprivileged user could use this flaw to trigger a denial of service by creating a regular file on an NFSv4 (Network File System version 4) file system via mknod().
    (CVE-2011-4324, Moderate)

  • A flaw was found in the Linux kernel’s NFS implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-4325, Moderate)

  • A missing boundary check was found in the Linux kernel’s HFS file system implementation. A local attacker could use this flaw to cause a denial of service or escalate their privileges by mounting a specially crafted disk.
    (CVE-2011-4330, Moderate)

This update also fixes several bugs and adds one enhancement.

Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(61215);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2011-1020", "CVE-2011-3637", "CVE-2011-4077", "CVE-2011-4132", "CVE-2011-4324", "CVE-2011-4325", "CVE-2011-4330", "CVE-2011-4348");

  script_name(english:"Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20120110)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues :

  - A buffer overflow flaw was found in the way the Linux
    kernel's XFS file system implementation handled links
    with overly long path names. A local, unprivileged user
    could use this flaw to cause a denial of service or
    escalate their privileges by mounting a specially
    crafted disk. (CVE-2011-4077, Important)

  - The fix for CVE-2011-2482 provided by a previous update
    introduced a regression: on systems that do not have
    Security-Enhanced Linux (SELinux) in Enforcing mode, a
    socket lock race could occur between sctp_rcv() and
    sctp_accept(). A remote attacker could use this flaw to
    cause a denial of service. By default, SELinux runs in
    Enforcing mode on Scientific Linux 5. (CVE-2011-4348,
    Important)

  - The proc file system could allow a local, unprivileged
    user to obtain sensitive information or possibly cause
    integrity issues. (CVE-2011-1020, Moderate)

  - A missing validation flaw was found in the Linux
    kernel's m_stop() implementation. A local, unprivileged
    user could use this flaw to trigger a denial of service.
    (CVE-2011-3637, Moderate)

  - A flaw was found in the Linux kernel's Journaling Block
    Device (JBD). A local attacker could use this flaw to
    crash the system by mounting a specially crafted ext3 or
    ext4 disk. (CVE-2011-4132, Moderate)

  - A flaw was found in the Linux kernel's
    encode_share_access() implementation. A local,
    unprivileged user could use this flaw to trigger a
    denial of service by creating a regular file on an NFSv4
    (Network File System version 4) file system via mknod().
    (CVE-2011-4324, Moderate)

  - A flaw was found in the Linux kernel's NFS
    implementation. A local, unprivileged user could use
    this flaw to cause a denial of service. (CVE-2011-4325,
    Moderate)

  - A missing boundary check was found in the Linux kernel's
    HFS file system implementation. A local attacker could
    use this flaw to cause a denial of service or escalate
    their privileges by mounting a specially crafted disk.
    (CVE-2011-4330, Moderate)

This update also fixes several bugs and adds one enhancement.

Users should upgrade to these updated packages, which contain
backported patches to correct these issues, and fix the bugs and add
the enhancement noted in the Technical Notes. The system must be
rebooted for this update to take effect."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1201&L=scientific-linux-errata&T=0&P=982
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?0a61fdfe"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/02/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/01/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"kernel-2.6.18-274.17.1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-2.6.18-274.17.1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-debuginfo-2.6.18-274.17.1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-274.17.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-2.6.18-274.17.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-debuginfo-2.6.18-274.17.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-devel-2.6.18-274.17.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debuginfo-2.6.18-274.17.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debuginfo-common-2.6.18-274.17.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-devel-2.6.18-274.17.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-doc-2.6.18-274.17.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-headers-2.6.18-274.17.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-2.6.18-274.17.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-debuginfo-2.6.18-274.17.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-devel-2.6.18-274.17.1.el5")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxkernelp-cpe:/a:fermilab:scientific_linux:kernel
fermilabscientific_linuxkernel-paep-cpe:/a:fermilab:scientific_linux:kernel-pae
fermilabscientific_linuxkernel-pae-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-pae-debuginfo
fermilabscientific_linuxkernel-pae-develp-cpe:/a:fermilab:scientific_linux:kernel-pae-devel
fermilabscientific_linuxkernel-debugp-cpe:/a:fermilab:scientific_linux:kernel-debug
fermilabscientific_linuxkernel-debug-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo
fermilabscientific_linuxkernel-debug-develp-cpe:/a:fermilab:scientific_linux:kernel-debug-devel
fermilabscientific_linuxkernel-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debuginfo
fermilabscientific_linuxkernel-debuginfo-commonp-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common
fermilabscientific_linuxkernel-develp-cpe:/a:fermilab:scientific_linux:kernel-devel
Rows per page:
1-10 of 161

Related

openvas 64
redhat 7
centos 2
nessus 46
oraclelinux 5
ubuntu 18
prion 9
veracode 9
cve 9
ubuntucve 9
securityvulns 5
suse 3
vmware 2
seebug 2
packetstorm 1
fedora 6
amazon 2
openvas
openvas
RedHat Update for kernel RHSA-2012:0007-01
2012-01-13 00:00:00
RedHat Update for kernel RHSA-2012:0007-01
2012-01-13 00:00:00
CentOS Update for kernel CESA-2012:0007 centos5
2012-07-30 00:00:00
redhat
redhat
(RHSA-2012:0007) Important: kernel security, bug fix, and enhancement update
2012-01-10 00:00:00
(RHSA-2012:0116) Moderate: kernel security and bug fix update
2012-02-14 00:00:00
(RHSA-2012:0350) Moderate: kernel security and bug fix update
2012-03-06 00:00:00
centos
centos
kernel security update
2012-01-11 19:18:33
kernel, perf, python security update
2012-03-07 18:09:51
nessus
nessus
RHEL 5 : kernel (RHSA-2012:0007)
2012-01-11 00:00:00
CentOS 5 : kernel (CESA-2012:0007)
2012-01-12 00:00:00
Oracle Linux 5 : kernel (ELSA-2012-0007)
2013-07-12 00:00:00
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2012-01-11 00:00:00
Oracle Linux 5.8 kernel security and bug update
2012-03-01 00:00:00
Unbreakable Enterprise kernel security and bug fix update
2012-03-07 00:00:00
ubuntu
ubuntu
Linux kernel (FSL-IMX51) vulnerabilities
2011-12-13 00:00:00
Linux kernel vulnerabilities
2011-12-08 00:00:00
Linux kernel (Natty backport) vulnerabilities
2011-12-13 00:00:00
prion
prion
Race condition
2013-06-08 13:05:00
Null pointer dereference
2012-01-27 15:55:00
Code injection
2012-06-21 23:55:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:08:13
Denial Of Service (DoS)
2020-04-10 01:08:10
Denial Of Service (DoS)
2020-04-10 01:01:26
cve
cve
CVE-2011-4348
2013-06-08 13:05:00
CVE-2011-4325
2012-01-27 15:55:00
CVE-2011-2482
2013-06-08 13:05:00
ubuntucve
ubuntucve
CVE-2011-4348
2013-06-08 00:00:00
CVE-2011-4325
2012-01-27 00:00:00
CVE-2011-3637
2012-01-12 00:00:00
securityvulns
securityvulns
Linux kernel multiple security vulnerabilities
2011-12-12 00:00:00
[USN-1293-1] Linux kernel vulnerabilities
2011-12-12 00:00:00
VMSA-2012-0006 VMware ESXi and ESX address several security issues
2012-04-09 00:00:00
suse
suse
Security update for Linux kernel (important)
2012-06-14 18:08:31
Security update for Linux kernel (important)
2012-02-06 23:08:27
Security update for the Linux Kernel (important)
2012-02-06 15:08:23
vmware
vmware
VMware ESXi and ESX address several security issues
2012-03-29 00:00:00
VMware ESXi and ESX address several security issues
2012-03-29 00:00:00
seebug
seebug
Linux Kernel 'hfs_mac2asc()'本地特权提升漏洞
2011-11-22 00:00:00
Linux Kernel &quot;journal_get_superblock()&quot;拒绝服务漏洞
2011-11-15 00:00:00
packetstorm
packetstorm
Linux Kernel 2.6.32 Privilege Escalation
2017-04-01 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: kernel-3.1.1-2.fc16
2011-11-19 06:08:22
[SECURITY] Fedora 16 Update: kernel-3.1.6-1.fc16
2011-12-23 22:19:52
[SECURITY] Fedora 16 Update: kernel-3.1.2-1.fc16
2011-11-25 02:32:16
amazon
amazon
Medium: kernel
2011-11-19 01:22:00
Medium: kernel
2012-03-16 10:53:00
JSON
Related for SL_20120110_KERNEL_ON_SL5_X.NASL
openvas64redhat7centos2nessus46oraclelinux5ubuntu18prion9veracode9cve9ubuntucve9securityvulns5suse3vmware2seebug2packetstorm1fedora6amazon2