RedHat Security Advisory RHSA-2009:0264

Kernel packages update addressing memory leak, buffer overflow, SMP system flaw, and file system issue

Reporter	Title	Published	Views	Family All 247
0day.today	Linux Kernel 2.6.x SCTP FWD Memory Corruption Remote Exploit	28 Apr 200900:00	–	zdt
0day.today	Linux Kernel 2.6.x SCTP FWD Memory Corruption Remote Exploit	10 Aug 200900:00	–	zdt
Tenable Nessus	CentOS 4 : kernel (CESA-2009:0014)	6 Jan 201000:00	–	nessus
Tenable Nessus	CentOS 4 : kernel (CESA-2009:0331)	6 Jan 201000:00	–	nessus
Tenable Nessus	Debian DSA-1681-1 : linux-2.6.24 - denial of service/privilege escalation	5 Dec 200800:00	–	nessus
Tenable Nessus	Debian DSA-1687-1 : linux-2.6 - denial of service/privilege escalation	16 Dec 200800:00	–	nessus
Tenable Nessus	Debian DSA-1749-1 : linux-2.6 - denial of service/privilege escalation/sensitive memory leak	23 Mar 200900:00	–	nessus
Tenable Nessus	Debian DSA-1787-1 : linux-2.6.24 - denial of service/privilege escalation/information leak	4 May 200900:00	–	nessus
Tenable Nessus	Debian DSA-1794-1 : linux-2.6 - denial of service/privilege escalation/information leak	11 May 200900:00	–	nessus
Tenable Nessus	Fedora 9 : kernel-2.6.27.12-78.2.8.fc9 (2009-0816)	27 Jan 200900:00	–	nessus

Source	Link
rhn	www.rhn.redhat.com/errata/RHSA-2009-0264.html
redhat	www.redhat.com/security/updates/classification/

# OpenVAS Vulnerability Test
# $Id: RHSA_2009_0264.nasl 6683 2017-07-12 09:41:57Z cfischer $
# Description: Auto-generated from advisory RHSA-2009:0264 ()
#
# Authors:
# Thomas Reinke <[email protected]>
#
# Copyright:
# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# or at your option, GNU General Public License version 3,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_summary = "The remote host is missing updates announced in
advisory RHSA-2009:0264.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update addresses the following security issues:

* a memory leak in keyctl handling. A local user could use this flaw to
deplete kernel memory, eventually leading to a denial of service.
(CVE-2009-0031, Important)

* a buffer overflow in the Linux kernel Partial Reliable Stream Control
Transmission Protocol (PR-SCTP) implementation. This could, potentially,
lead to a denial of service if a Forward-TSN chunk is received with a large
stream ID. (CVE-2009-0065, Important)

* a flaw when handling heavy network traffic on an SMP system with many
cores. An attacker who could send a large amount of network traffic could
create a denial of service. (CVE-2008-5713, Important)

* the code for the HFS and HFS Plus (HFS+) file systems failed to properly
handle corrupted data structures. This could, potentially, lead to a local
denial of service. (CVE-2008-4933, CVE-2008-5025, Low)

* a flaw was found in the HFS Plus (HFS+) file system implementation. This
could, potentially, lead to a local denial of service when write operations
are performed. (CVE-2008-4934, Low)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. Note: for this update to take effect, the
system must be rebooted.";

tag_solution = "Please note that this update is available via
Red Hat Network.  To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date";



if(description)
{
 script_id(63367);
 script_version("$Revision: 6683 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $");
 script_tag(name:"creation_date", value:"2009-02-13 20:43:17 +0100 (Fri, 13 Feb 2009)");
 script_cve_id("CVE-2008-4933", "CVE-2008-4934", "CVE-2008-5025", "CVE-2008-5713", "CVE-2009-0031", "CVE-2009-0065");
 script_tag(name:"cvss_base", value:"10.0");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_name("RedHat Security Advisory RHSA-2009:0264");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com");
 script_family("Red Hat Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 script_xref(name : "URL" , value : "http://rhn.redhat.com/errata/RHSA-2009-0264.html");
 script_xref(name : "URL" , value : "http://www.redhat.com/security/updates/classification/#important");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-rpm.inc");

res = "";
report = "";
if ((res = isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.18~128.1.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"kernel-PAE", rpm:"kernel-PAE~2.6.18~128.1.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"kernel-PAE-debuginfo", rpm:"kernel-PAE-debuginfo~2.6.18~128.1.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"kernel-PAE-devel", rpm:"kernel-PAE-devel~2.6.18~128.1.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.18~128.1.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~2.6.18~128.1.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~2.6.18~128.1.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.18~128.1.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~2.6.18~128.1.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.18~128.1.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~2.6.18~128.1.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~2.6.18~128.1.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"kernel-xen-debuginfo", rpm:"kernel-xen-debuginfo~2.6.18~128.1.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"kernel-xen-devel", rpm:"kernel-xen-devel~2.6.18~128.1.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.18~128.1.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"kernel-kdump", rpm:"kernel-kdump~2.6.18~128.1.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"kernel-kdump-debuginfo", rpm:"kernel-kdump-debuginfo~2.6.18~128.1.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}
if ((res = isrpmvuln(pkg:"kernel-kdump-devel", rpm:"kernel-kdump-devel~2.6.18~128.1.1.el5", rls:"RHENT_5")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

12 Jul 2017 00:00Current

0.3Low risk

Vulners AI Score0.3

EPSS0.15492