Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20120209_KERNEL_ON_SL5_X.NASL
HistoryAug 01, 2012 - 12:00 a.m.

Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20120209)

2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31
JSON

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues :

  • Using the SG_IO ioctl to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access (and be able to issue other SCSI commands) to the entire block device. (CVE-2011-4127, Important)

  • A flaw was found in the way the Linux kernel handled robust list pointers of user-space held futexes across exec() calls. A local, unprivileged user could use this flaw to cause a denial of service or, eventually, escalate their privileges. (CVE-2012-0028, Important)

  • A flaw was found in the Linux kernel in the way splitting two extents in ext4_ext_convert_to_initialized() worked. A local, unprivileged user with the ability to mount and unmount ext4 file systems could use this flaw to cause a denial of service. (CVE-2011-3638, Moderate)

  • A flaw was found in the way the Linux kernel’s journal_unmap_buffer() function handled buffer head states. On systems that have an ext4 file system with a journal mounted, a local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-4086, Moderate)

  • A divide-by-zero flaw was found in the Linux kernel’s igmp_heard_query() function. An attacker able to send certain IGMP (Internet Group Management Protocol) packets to a target system could use this flaw to cause a denial of service. (CVE-2012-0207, Moderate)

This update also fixes the following bugs :

  • When a host was in recovery mode and a SCSI scan operation was initiated, the scan operation failed and provided no error output. This bug has been fixed and the SCSI layer now waits for recovery of the host to complete scan operations for devices.

  • SG_IO ioctls were not implemented correctly in the previous virtio-blk driver. Sending an SG_IO ioctl request to a virtio-blk disk caused the sending thread to enter an uninterruptible sleep state (‘D’ state).
    With this update, SG_IO ioctls are rejected by the virtio-blk driver: the ioctl system call will simply return an ENOTTY (‘Inappropriate ioctl for device’) error and the thread will continue normally.

Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(61241);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2011-3638", "CVE-2011-4086", "CVE-2011-4127", "CVE-2012-0028", "CVE-2012-0207");

  script_name(english:"Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20120209)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues :

  - Using the SG_IO ioctl to issue SCSI requests to
    partitions or LVM volumes resulted in the requests being
    passed to the underlying block device. If a privileged
    user only had access to a single partition or LVM
    volume, they could use this flaw to bypass those
    restrictions and gain read and write access (and be able
    to issue other SCSI commands) to the entire block
    device. (CVE-2011-4127, Important)

  - A flaw was found in the way the Linux kernel handled
    robust list pointers of user-space held futexes across
    exec() calls. A local, unprivileged user could use this
    flaw to cause a denial of service or, eventually,
    escalate their privileges. (CVE-2012-0028, Important)

  - A flaw was found in the Linux kernel in the way
    splitting two extents in
    ext4_ext_convert_to_initialized() worked. A local,
    unprivileged user with the ability to mount and unmount
    ext4 file systems could use this flaw to cause a denial
    of service. (CVE-2011-3638, Moderate)

  - A flaw was found in the way the Linux kernel's
    journal_unmap_buffer() function handled buffer head
    states. On systems that have an ext4 file system with a
    journal mounted, a local, unprivileged user could use
    this flaw to cause a denial of service. (CVE-2011-4086,
    Moderate)

  - A divide-by-zero flaw was found in the Linux kernel's
    igmp_heard_query() function. An attacker able to send
    certain IGMP (Internet Group Management Protocol)
    packets to a target system could use this flaw to cause
    a denial of service. (CVE-2012-0207, Moderate)

This update also fixes the following bugs :

  - When a host was in recovery mode and a SCSI scan
    operation was initiated, the scan operation failed and
    provided no error output. This bug has been fixed and
    the SCSI layer now waits for recovery of the host to
    complete scan operations for devices.

  - SG_IO ioctls were not implemented correctly in the
    previous virtio-blk driver. Sending an SG_IO ioctl
    request to a virtio-blk disk caused the sending thread
    to enter an uninterruptible sleep state ('D' state).
    With this update, SG_IO ioctls are rejected by the
    virtio-blk driver: the ioctl system call will simply
    return an ENOTTY ('Inappropriate ioctl for device')
    error and the thread will continue normally.

Users should upgrade to these updated packages, which contain
backported patches to correct these issues. The system must be
rebooted for this update to take effect."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1202&L=scientific-linux-errata&T=0&P=1858
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6effc47a"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/05/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/02/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"kernel-2.6.18-274.18.1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-2.6.18-274.18.1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-debuginfo-2.6.18-274.18.1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-274.18.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-2.6.18-274.18.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-debuginfo-2.6.18-274.18.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-devel-2.6.18-274.18.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debuginfo-2.6.18-274.18.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debuginfo-common-2.6.18-274.18.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-devel-2.6.18-274.18.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-doc-2.6.18-274.18.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-headers-2.6.18-274.18.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-2.6.18-274.18.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-debuginfo-2.6.18-274.18.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-devel-2.6.18-274.18.1.el5")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc");
}
VendorProductVersionCPE
fermilabscientific_linuxkernelp-cpe:/a:fermilab:scientific_linux:kernel
fermilabscientific_linuxkernel-paep-cpe:/a:fermilab:scientific_linux:kernel-pae
fermilabscientific_linuxkernel-pae-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-pae-debuginfo
fermilabscientific_linuxkernel-pae-develp-cpe:/a:fermilab:scientific_linux:kernel-pae-devel
fermilabscientific_linuxkernel-debugp-cpe:/a:fermilab:scientific_linux:kernel-debug
fermilabscientific_linuxkernel-debug-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo
fermilabscientific_linuxkernel-debug-develp-cpe:/a:fermilab:scientific_linux:kernel-debug-devel
fermilabscientific_linuxkernel-debuginfop-cpe:/a:fermilab:scientific_linux:kernel-debuginfo
fermilabscientific_linuxkernel-debuginfo-commonp-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common
fermilabscientific_linuxkernel-develp-cpe:/a:fermilab:scientific_linux:kernel-devel
Rows per page:
1-10 of 161

Related

redhat 11
nessus 51
openvas 68
oraclelinux 8
centos 4
veracode 6
amazon 2
ubuntu 11
ubuntucve 5
prion 5
cve 5
seebug 5
fedora 7
debiancve 1
exploitpack 1
exploitdb 1
securityvulns 4
suse 2
debian 1
osv 1
redhat
redhat
(RHSA-2012:0107) Important: kernel security and bug fix update
2012-02-09 00:00:00
(RHSA-2012:0517) Moderate: kernel security and bug fix update
2012-04-24 00:00:00
(RHSA-2012:0358) Important: kernel security and bug fix update
2012-03-06 00:00:00
nessus
nessus
Oracle Linux 5 : kernel (ELSA-2012-0107)
2013-07-12 00:00:00
CentOS 5 : kernel (CESA-2012:0107)
2012-02-14 00:00:00
RHEL 5 : kernel (RHSA-2012:0107)
2012-02-10 00:00:00
openvas
openvas
CentOS Update for kernel CESA-2012:0107 centos5
2012-07-30 00:00:00
Oracle Linux Local Check: ELSA-2012-0107
2015-10-06 00:00:00
CentOS Update for kernel CESA-2012:0107 centos5
2012-07-30 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2012-02-09 00:00:00
Unbreakable Enterprise kernel security update
2012-05-16 00:00:00
kernel security and bug fix update
2011-12-22 00:00:00
centos
centos
kernel security update
2012-02-09 21:30:36
kernel, perf, python security update
2012-05-16 09:19:09
qemu security update
2012-01-24 03:15:05
veracode
veracode
Denial Of Service (DoS)
2019-01-15 08:51:18
Privilege Escalation
2020-04-10 01:07:38
Authorization Bypass
2020-04-10 01:03:58
amazon
amazon
Medium: kernel
2012-02-15 17:38:00
Medium: kernel
2012-01-06 10:19:00
ubuntu
ubuntu
Linux kernel vulnerability
2012-05-25 00:00:00
Linux kernel vulnerabilities
2012-03-27 00:00:00
Linux kernel (Oneiric backport) vulnerabilities
2012-03-06 00:00:00
ubuntucve
ubuntucve
CVE-2011-4086
2012-02-09 00:00:00
CVE-2011-3638
2011-10-28 00:00:00
CVE-2011-4127
2011-12-23 00:00:00
prion
prion
Design/Logic Flaw
2012-07-03 16:40:00
Design/Logic Flaw
2012-07-03 16:40:00
Code injection
2013-03-01 12:37:00
cve
cve
CVE-2011-4086
2012-07-03 16:40:00
CVE-2011-4127
2012-07-03 16:40:00
CVE-2012-0028
2012-06-21 23:55:00
seebug
seebug
Linux Kernel ext4 ext4_ext_insert_extent()拒绝服务漏洞
2011-10-27 00:00:00
Linux kernel 2.6.x “exec()”本地拒绝服务漏洞
2012-02-14 00:00:00
Linux kernel 2.6.x 'SG_IO IOCTL' SCSI请求本地特权提升漏洞
2011-12-24 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: libguestfs-1.14.8-1.fc16
2012-01-05 20:56:45
[SECURITY] Fedora 15 Update: libguestfs-1.10.12-1.fc15
2012-01-05 21:00:57
[SECURITY] Fedora 16 Update: kernel-3.2.5-3.fc16
2012-02-10 22:00:18
debiancve
debiancve
CVE-2011-4127
2012-07-03 16:40:00
exploitpack
exploitpack
Linux Kernel 2.6.36 IGMP - Remote Denial of Service
2012-01-17 00:00:00
exploitdb
exploitdb
Linux Kernel 2.6.36 IGMP - Remote Denial of Service
2012-01-17 00:00:00
securityvulns
securityvulns
Linux kernel multiple security vulnerabilities
2012-03-10 00:00:00
[USN-1364-1] Linux kernel &#40;OMAP4&#41; vulnerabilities
2012-02-15 00:00:00
[SECURITY] [DSA 2469-1] linux-2.6 security update
2012-05-14 00:00:00
suse
suse
Security update for Linux kernel (important)
2012-04-23 22:08:26
kernel update for SLE11 SP2 (important)
2012-04-26 20:08:43
debian
debian
[SECURITY] [DSA 2469-1] linux-2.6 security update
2012-05-10 15:48:18
osv
osv
linux-2.6 - several
2012-05-10 00:00:00
JSON
Related for SL_20120209_KERNEL_ON_SL5_X.NASL
redhat11nessus51openvas68oraclelinux8centos4veracode6amazon2ubuntu11ubuntucve5prion5cve5seebug5fedora7debiancve1exploitpack1exploitdb1securityvulns4suse2debian1osv1