Scientific Linux Security Update: Fixes kernel buffer overflow and race condition bug
Reporter | Title | Published | Views | Family All 108 |
---|---|---|---|---|
Veracode | Denial Of Service (DoS) | 2 May 201904:41 | – | veracode |
OpenVAS | Ubuntu Update for linux-lts-backport-natty USN-1562-1 | 11 Sep 201200:00 | – | openvas |
OpenVAS | Ubuntu: Security Advisory (USN-1557-1) | 7 Sep 201200:00 | – | openvas |
OpenVAS | Ubuntu: Security Advisory (USN-1562-1) | 11 Sep 201200:00 | – | openvas |
OpenVAS | CentOS Update for kernel CESA-2013:0594 centos5 | 8 Mar 201300:00 | – | openvas |
OpenVAS | RedHat Update for kernel RHSA-2013:0594-01 | 8 Mar 201300:00 | – | openvas |
OpenVAS | Oracle: Security Advisory (ELSA-2013-0594-1) | 6 Oct 201500:00 | – | openvas |
OpenVAS | Ubuntu Update for linux USN-1557-1 | 7 Sep 201200:00 | – | openvas |
OpenVAS | RedHat Update for kernel RHSA-2013:0594-01 | 8 Mar 201300:00 | – | openvas |
OpenVAS | Oracle: Security Advisory (ELSA-2013-0594) | 6 Oct 201500:00 | – | openvas |
Source | Link |
---|---|
cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
nessus | www.nessus.org/u |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(65076);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2012-3400");
script_name(english:"Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20130305)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"This update fixes the following security issues :
- Buffer overflow flaws were found in the
udf_load_logicalvol() function in the Universal Disk
Format (UDF) file system implementation in the Linux
kernel. An attacker with physical access to a system
could use these flaws to cause a denial of service or
escalate their privileges. (CVE-2012-3400, Low)
This update also fixes the following bugs :
- Previously, race conditions could sometimes occur in
interrupt handling on the Emulex BladeEngine 2 (BE2)
controllers, causing the network adapter to become
unresponsive. This update provides a series of patches
for the be2net driver, which prevents the race from
occurring. The network cards using BE2 chipsets no
longer hang due to incorrectly handled interrupt events.
- A boot-time memory allocation pool (the DMI heap) is
used to keep the list of Desktop Management Interface
(DMI) devices during the system boot. Previously, the
size of the DMI heap was only 2048 bytes on the AMD64
and Intel 64 architectures and the DMI heap space could
become easily depleted on some systems, such as the IBM
System x3500 M2. A subsequent OOM failure could, under
certain circumstances, lead to a NULL pointer entry
being stored in the DMI device list. Consequently,
scanning of such a corrupted DMI device list resulted in
a kernel panic. The boot-time memory allocation pool for
the AMD64 and Intel 64 architectures has been enlarged
to 4096 bytes and the routines responsible for
populating the DMI device list have been modified to
skip entries if their name string is NULL. The kernel no
longer panics in this scenario.
- The size of the buffer used to print the kernel taint
output on kernel panic was too small, which resulted in
the kernel taint output not being printed completely
sometimes. With this update, the size of the buffer has
been adjusted and the kernel taint output is now
displayed properly.
- The code to print the kernel taint output contained a
typographical error. Consequently, the kernel taint
output, which is displayed on kernel panic, could not
provide taint error messages for unsupported hardware.
This update fixes the typo and the kernel taint output
is now displayed correctly.
The system must be rebooted for this update to take effect."
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1303&L=scientific-linux-errata&T=0&P=2051
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?b3cb11f4"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-PAE-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:kernel-xen-devel");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/03");
script_set_attribute(attribute:"patch_publication_date", value:"2013/03/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/07");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 5.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL5", reference:"kernel-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-debuginfo-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-debuginfo-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debug-devel-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debuginfo-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-debuginfo-common-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-devel-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-doc-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-headers-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-debuginfo-2.6.18-348.2.1.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-devel-2.6.18-348.2.1.el5")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel / kernel-PAE / kernel-PAE-debuginfo / kernel-PAE-devel / etc");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo