Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title kernel security and bug fix update
Informations
Name RHSA-2008:0154 First vendor Publication 2008-03-05
Vendor RedHat Last vendor Modification 2008-03-05
Severity (Vendor) Important Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

These updated packages fix the following security issues:

* a flaw in the hypervisor for hosts running on Itanium architectures allowed an Intel VTi domain to read arbitrary physical memory from other Intel VTi domains, which could make information available to unauthorized users. (CVE-2007-6207, Important)

* two buffer overflow flaws were found in ISDN subsystem. A local unprivileged user could use these flaws to cause a denial of service. (CVE-2007-5938: Important, CVE-2007-6063: Moderate)

* a possible NULL pointer dereference was found in the subsystem used for showing CPU information, as used by CHRP systems on PowerPC architectures. This may have allowed a local unprivileged user to cause a denial of service (crash). (CVE-2007-6694, Moderate)

* a flaw was found in the handling of zombie processes. A local user could create processes that would not be properly reaped, possibly causing a denial of service. (CVE-2006-6921, Moderate)

As well, these updated packages fix the following bugs:

* a bug was found in the Linux kernel audit subsystem. When the audit daemon was setup to log the execve system call with a large number of arguments, the kernel could run out of memory, causing a kernel panic.

* on IBM System z architectures, using the IBM Hardware Management Console to toggle IBM FICON channel path ids (CHPID) caused a file ID miscompare, possibly causing data corruption.

* when running the IA-32 Execution Layer (IA-32EL) or a Java VM on Itanium architectures, a bug in the address translation in the hypervisor caused the wrong address to be registered, causing Dom0 to hang.

* on Itanium architectures, frequent Corrected Platform Error errors may have caused the hypervisor to hang.

* when enabling a CPU without hot plug support, routines for checking the presence of the CPU were missing. The CPU tried to access its own resources, causing a kernel panic.

* after updating to kernel-2.6.18-53.el5, a bug in the CCISS driver caused the HP Array Configuration Utility CLI to become unstable, possibly causing a system hang, or a kernel panic.

* a bug in NFS directory caching could have caused different hosts to have different views of NFS directories.

* on Itanium architectures, the Corrected Machine Check Interrupt masked hot-added CPUs as disabled.

* when running Oracle database software on the Intel 64 and AMD64 architectures, if an SGA larger than 4GB was created, and had hugepages allocated to it, the hugepages were not freed after database shutdown.

* in a clustered environment, when two or more NFS clients had the same logical volume mounted, and one of them modified a file on the volume, NULL characters may have been inserted, possibly causing data corruption.

These updated packages resolve several severe issues in the lpfc driver:

* a system hang after LUN discovery.

* a general fault protection, a NULL pointer dereference, or slab corruption could occur while running a debug on the kernel.

* the inability to handle kernel paging requests in "lpfc_get_scsi_buf".

* erroneous structure references caused certain FC discovery routines to reference and change "lpfc_nodelist" structures, even after they were freed.

* the lpfc driver failed to interpret certain fields correctly, causing tape backup software to fail. Tape drives reported "Illegal Request".

* the lpfc driver did not clear structures correctly, resulting in SCSI I/Os being rejected by targets, and causing errors.

Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188

5. Bugs fixed (http://bugzilla.redhat.com/):

302921 - CVE-2006-6921 kernel: denial of service with wedged processes 310651 - audit: Logging execve arguments, out of memory in audit_expand (kernel panic) 385861 - CVE-2007-5938 NULL dereference in iwl driver 392101 - CVE-2007-6063 Linux Kernel isdn_net_setcfg buffer overflow 396751 - CVE-2007-6694 /proc/cpuinfo DoS on some ppc machines 402911 - LTC39906-[BBDQ] FICON DS8000: File ID Miscompare after CHPID off via HMC 406881 - CVE-2007-6207 [5.2][XEN] Security: some HVM domain can access another domain memory. 424191 - [Xen][5.1.z] Running IA32EL or java-vm causes dom0 hung 424271 - Severe issues in 5.1 lpfc driver: Request update to 8.1.10.12 428290 - [Xen ia64] hypervisor sometimes hangs on Corrected Platform Errors 429108 - [5.1] Panic if user enable a cpu which is not prepared for hotplug. 429515 - scsi: cciss - incompatability between hpacucli and RHEL 5.1 Kernel 429539 - NFS: Fix directory caching problem - with test case and patch. 430632 - CMCI is left disabled on hot-added processors 431522 - RHEL 5.1 regression in hugepages due to pagetable sharing patch 432078 - Null bytes in files access by 2 or more NFS clients

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2008-0154.html

CWE : Common Weakness Enumeration

% Id Name
25 % CWE-399 Resource Management Errors
25 % CWE-189 Numeric Errors (CWE/SANS Top 25)
25 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
25 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10787
 
Oval ID: oval:org.mitre.oval:def:10787
Title: The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwl_get_hw_mode return value without checking for NULL, which might allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors during module initialization.
Description: The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwl_get_hw_mode return value without checking for NULL, which might allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors during module initialization.
Family: unix Class: vulnerability
Reference(s): CVE-2007-5938
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10834
 
Oval ID: oval:org.mitre.oval:def:10834
Title: Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died.
Description: Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died.
Family: unix Class: vulnerability
Reference(s): CVE-2006-6921
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11215
 
Oval ID: oval:org.mitre.oval:def:11215
Title: The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference.
Description: The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference.
Family: unix Class: vulnerability
Reference(s): CVE-2007-6694
Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22598
 
Oval ID: oval:org.mitre.oval:def:22598
Title: ELSA-2008:0154: kernel security and bug fix update (Important)
Description: The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 through 2.6.18-53, when running on PowerPC, might allow local users to cause a denial of service (crash) via unknown vectors that cause the of_get_property function to fail, which triggers a NULL pointer dereference.
Family: unix Class: patch
Reference(s): ELSA-2008:0154-01
CVE-2006-6921
CVE-2007-5938
CVE-2007-6063
CVE-2007-6207
CVE-2007-6694
Version: 25
Platform(s): Oracle Linux 5
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6514
 
Oval ID: oval:org.mitre.oval:def:6514
Title: Linux Kernel ISDN_Net.C Local Buffer Overflow Vulnerability
Description: Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function.
Family: unix Class: vulnerability
Reference(s): CVE-2007-6063
Version: 1
Platform(s): VMWare ESX Server 3.5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9471
 
Oval ID: oval:org.mitre.oval:def:9471
Title: Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains.
Description: Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains.
Family: unix Class: vulnerability
Reference(s): CVE-2007-6207
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9846
 
Oval ID: oval:org.mitre.oval:def:9846
Title: Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function.
Description: Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux kernel 2.6.23 allows local users to have an unknown impact via a crafted argument to the isdn_ioctl function.
Family: unix Class: vulnerability
Reference(s): CVE-2007-6063
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4
Hardware 1
Hardware 1
Os 318

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for kernel CESA-2009:0001-01 centos2 i386
File : nvt/gb_CESA-2009_0001-01_kernel_centos2_i386.nasl
2009-04-09 Name : Mandriva Update for kernel MDVSA-2008:112 (kernel)
File : nvt/gb_mandriva_MDVSA_2008_112.nasl
2009-03-23 Name : Ubuntu Update for linux-source-2.6.15/20/22 vulnerabilities USN-618-1
File : nvt/gb_ubuntu_USN_618_1.nasl
2009-03-23 Name : Ubuntu Update for linux-source-2.6.17/20/22 vulnerabilities USN-574-1
File : nvt/gb_ubuntu_USN_574_1.nasl
2009-03-23 Name : Ubuntu Update for linux vulnerabilities USN-614-1
File : nvt/gb_ubuntu_USN_614_1.nasl
2009-03-23 Name : Ubuntu Update for linux-source-2.6.15 vulnerabilities USN-578-1
File : nvt/gb_ubuntu_USN_578_1.nasl
2009-03-06 Name : RedHat Update for kernel RHSA-2008:0154-01
File : nvt/gb_RHSA-2008_0154-01_kernel.nasl
2009-03-06 Name : RedHat Update for kernel RHSA-2008:0973-03
File : nvt/gb_RHSA-2008_0973-03_kernel.nasl
2009-03-06 Name : RedHat Update for kernel RHSA-2008:0055-01
File : nvt/gb_RHSA-2008_0055-01_kernel.nasl
2009-02-27 Name : CentOS Update for kernel CESA-2008:0973 centos3 i386
File : nvt/gb_CESA-2008_0973_kernel_centos3_i386.nasl
2009-02-27 Name : CentOS Update for kernel CESA-2008:0973 centos3 x86_64
File : nvt/gb_CESA-2008_0973_kernel_centos3_x86_64.nasl
2009-02-27 Name : CentOS Update for kernel CESA-2008:0055 centos4 x86_64
File : nvt/gb_CESA-2008_0055_kernel_centos4_x86_64.nasl
2009-02-27 Name : CentOS Update for kernel CESA-2008:0055 centos4 i386
File : nvt/gb_CESA-2008_0055_kernel_centos4_i386.nasl
2009-02-17 Name : Fedora Update for kernel FEDORA-2008-5454
File : nvt/gb_fedora_2008_5454_kernel_fc8.nasl
2009-02-17 Name : Fedora Update for kernel FEDORA-2008-0742
File : nvt/gb_fedora_2008_0742_kernel_fc7.nasl
2009-02-17 Name : Fedora Update for kernel FEDORA-2008-0748
File : nvt/gb_fedora_2008_0748_kernel_fc8.nasl
2009-02-17 Name : Fedora Update for kernel FEDORA-2008-0958
File : nvt/gb_fedora_2008_0958_kernel_fc7.nasl
2009-02-17 Name : Fedora Update for kernel FEDORA-2008-0984
File : nvt/gb_fedora_2008_0984_kernel_fc8.nasl
2009-02-17 Name : Fedora Update for kernel FEDORA-2008-3873
File : nvt/gb_fedora_2008_3873_kernel_fc8.nasl
2009-02-17 Name : Fedora Update for kernel FEDORA-2008-4043
File : nvt/gb_fedora_2008_4043_kernel_fc7.nasl
2009-02-16 Name : Fedora Update for kernel FEDORA-2008-1422
File : nvt/gb_fedora_2008_1422_kernel_fc7.nasl
2009-02-16 Name : Fedora Update for kernel FEDORA-2008-1423
File : nvt/gb_fedora_2008_1423_kernel_fc8.nasl
2009-02-10 Name : CentOS Security Advisory CESA-2009:0001-01 (kernel)
File : nvt/ovcesa2009_0001_01.nasl
2009-01-28 Name : SuSE Update for kernel SUSE-SA:2007:064
File : nvt/gb_suse_2007_064.nasl
2009-01-13 Name : RedHat Security Advisory RHSA-2009:0001
File : nvt/RHSA_2009_0001.nasl
2009-01-07 Name : RedHat Security Advisory RHSA-2008:0787
File : nvt/RHSA_2008_0787.nasl
2008-05-12 Name : Debian Security Advisory DSA 1565-1 (linux-2.6)
File : nvt/deb_1565_1.nasl
2008-03-11 Name : Debian Security Advisory DSA 1503-2 (kernel-source-2.4.27 (2.4.27-10sarge7))
File : nvt/deb_1503_2.nasl
2008-02-28 Name : Debian Security Advisory DSA 1504-1 (kernel-source-2.6.8 (2.6.8-17sarge1))
File : nvt/deb_1504_1.nasl
2008-02-28 Name : Debian Security Advisory DSA 1503-1 (kernel-source-2.4.27 (2.4.27-10sarge6))
File : nvt/deb_1503_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 1436-1 (linux-2.6)
File : nvt/deb_1436_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
44749 iwlwifi compatible/iwl3945-base.c iwl_set_rate Function Module Initialization...

41341 Xen mov_to_rr Cross-Domain Memory Disclosure

40911 Linux Kernel on PowerPC chrp/setup.c chrp_show_cpuinfo Function Local DoS

39240 Linux Kernel isdn_net.c isdn_net_setcfg() Function Local Overflow

37125 Linux Kernel Init Prevention Process Handling Local DoS

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-10-22 IAVM : 2009-A-0105 - Multiple Vulnerabilities in VMware Products
Severity : Category I - VMSKEY : V0021867

Nessus® Vulnerability Scanner

Date Description
2016-03-03 Name : The remote host is missing a security-related patch.
File : vmware_VMSA-2009-0014_remote.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2008-2005.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2007-0939.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0055.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0154.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2008-0973.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20081216_kernel_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080305_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20071101_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20080131_kernel_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-4745.nasl - Type : ACT_GATHER_INFO
2010-01-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0154.nasl - Type : ACT_GATHER_INFO
2009-10-19 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2009-0014.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2007-0939.nasl - Type : ACT_GATHER_INFO
2009-04-23 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2008-112.nasl - Type : ACT_GATHER_INFO
2009-01-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-0001.nasl - Type : ACT_GATHER_INFO
2008-12-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0973.nasl - Type : ACT_GATHER_INFO
2008-12-17 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0973.nasl - Type : ACT_GATHER_INFO
2008-06-24 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-618-1.nasl - Type : ACT_GATHER_INFO
2008-06-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-614-1.nasl - Type : ACT_GATHER_INFO
2008-05-02 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1565.nasl - Type : ACT_GATHER_INFO
2008-03-07 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0154.nasl - Type : ACT_GATHER_INFO
2008-02-25 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1504.nasl - Type : ACT_GATHER_INFO
2008-02-25 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1503.nasl - Type : ACT_GATHER_INFO
2008-02-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-578-1.nasl - Type : ACT_GATHER_INFO
2008-02-05 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-574-1.nasl - Type : ACT_GATHER_INFO
2008-02-05 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2008-0055.nasl - Type : ACT_GATHER_INFO
2008-02-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2008-0055.nasl - Type : ACT_GATHER_INFO
2008-02-01 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-4929.nasl - Type : ACT_GATHER_INFO
2008-01-08 Name : The remote openSUSE host is missing a security update.
File : suse_kernel-4752.nasl - Type : ACT_GATHER_INFO
2007-12-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1436.nasl - Type : ACT_GATHER_INFO
2007-12-13 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_kernel-4741.nasl - Type : ACT_GATHER_INFO
2007-11-02 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2007-0939.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:51:28
  • Multiple Updates