Lucene search

K

Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20130305)

Scientific Linux Security Update: Fixes kernel buffer overflow and race condition bug

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Veracode
Denial Of Service (DoS)
2 May 201904:41
veracode
OpenVAS
Ubuntu Update for linux-lts-backport-natty USN-1562-1
11 Sep 201200:00
openvas
OpenVAS
Ubuntu: Security Advisory (USN-1557-1)
7 Sep 201200:00
openvas
OpenVAS
Ubuntu: Security Advisory (USN-1562-1)
11 Sep 201200:00
openvas
OpenVAS
CentOS Update for kernel CESA-2013:0594 centos5
8 Mar 201300:00
openvas
OpenVAS
RedHat Update for kernel RHSA-2013:0594-01
8 Mar 201300:00
openvas
OpenVAS
Oracle: Security Advisory (ELSA-2013-0594-1)
6 Oct 201500:00
openvas
OpenVAS
Ubuntu Update for linux USN-1557-1
7 Sep 201200:00
openvas
OpenVAS
RedHat Update for kernel RHSA-2013:0594-01
8 Mar 201300:00
openvas
OpenVAS
Oracle: Security Advisory (ELSA-2013-0594)
6 Oct 201500:00
openvas
Rows per page
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(65076);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2012-3400");

  script_name(english:"Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20130305)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update fixes the following security issues :

  - Buffer overflow flaws were found in the
    udf_load_logicalvol() function in the Universal Disk
    Format (UDF) file system implementation in the Linux
    kernel. An attacker with physical access to a system
    could use these flaws to cause a denial of service or
    escalate their privileges. (CVE-2012-3400, Low)

This update also fixes the following bugs :

  - Previously, race conditions could sometimes occur in
    interrupt handling on the Emulex BladeEngine 2 (BE2)
    controllers, causing the network adapter to become
    unresponsive. This update provides a series of patches
    for the be2net driver, which prevents the race from
    occurring. The network cards using BE2 chipsets no
    longer hang due to incorrectly handled interrupt events.

  - A boot-time memory allocation pool (the DMI heap) is
    used to keep the list of Desktop Management Interface
    (DMI) devices during the system boot. Previously, the
    size of the DMI heap was only 2048 bytes on the AMD64
    and Intel 64 architectures and the DMI heap space could
    become easily depleted on some systems, such as the IBM
    System x3500 M2. A subsequent OOM failure could, under
    certain circumstances, lead to a NULL pointer entry
    being stored in the DMI device list. Consequently,
    scanning of such a corrupted DMI device list resulted in
    a kernel panic. The boot-time memory allocation pool for
    the AMD64 and Intel 64 architectures has been enlarged
    to 4096 bytes and the routines responsible for
    populating the DMI device list have been modified to
    skip entries if their name string is NULL. The kernel no
    longer panics in this scenario.

  - The size of the buffer used to print the kernel taint
    output on kernel panic was too small, which resulted in
    the kernel taint output not being printed completely
    sometimes. With this update, the size of the buffer has
    been adjusted and the kernel taint output is now
    displayed properly.

  - The code to print the kernel taint output contained a
    typographical error. Consequently, the kernel taint
    output, which is displayed on kernel panic, could not
    provide taint error messages for unsupported hardware.
    This update fixes the typo and the kernel taint output
    is now displayed correctly.

The system must be rebooted for this update to take effect."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1303&L=scientific-linux-errata&T=0&P=2051
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?b3cb11f4"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-devel");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/03/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/07");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"kernel-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-debuginfo-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-debuginfo-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-devel-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debuginfo-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debuginfo-common-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-devel-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-doc-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-headers-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-debuginfo-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-devel-2.6.18-348.2.1.el5")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc");
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
07 Mar 2013 00:00Current
8.2High risk
Vulners AI Score8.2
CVSS27.6
EPSS0.02
23
.json
Report