Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Red Hat Enterprise Linux 5.5 kernel security and bug fix update
Informations
Name RHSA-2010:0178 First vendor Publication 2010-03-30
Vendor RedHat Last vendor Modification 2010-03-30
Severity (Vendor) Important Revision 02

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.8 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated kernel packages that fix three security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the fifth regular update.

The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issues:

* a race condition was found in the mac80211 implementation, a framework used for writing drivers for wireless devices. An attacker could trigger this flaw by sending a Delete Block ACK (DELBA) packet to a target system, resulting in a remote denial of service. Note: This issue only affected users on 802.11n networks, and that also use the iwlagn driver with Intel wireless hardware. (CVE-2009-4027, Important)

* a flaw was found in the gfs2_lock() implementation. The GFS2 locking code could skip the lock operation for files that have the S_ISGID bit (set-group-ID on execution) in their mode set. A local, unprivileged user on a system that has a GFS2 file system mounted could use this flaw to cause a kernel panic. (CVE-2010-0727, Moderate)

* a divide-by-zero flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by mounting a specially-crafted ext4 file system. (CVE-2009-4307, Low)

These updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.5 Release Notes for information on the most significant of these changes:

http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/Release_Notes/

Also, for details concerning every bug fixed in and every enhancement added to the kernel for this release, refer to the kernel chapter in the Red Hat Enterprise Linux 5.5 Technical Notes:

http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/Technical_Notes/kernel.html

All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.5 Release Notes and Technical Notes. The system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

250561 - w83627ehf sensor not supported by 2.6.18-8.1.8.el5 kernel 322881 - /proc/self/smaps unreadable after setuid 427709 - dump and large file ops are slow, please implement kernel workaround 446061 - IT87 hwmon module does not support later chipset revisions. 448130 - 50-75 % drop in cfq read performance compared to rhel 4.6+ 450121 - RFE: Symbol pci_domain_nr needs to be added the whitelist for ppc64 452129 - memory mapped files not updating timestamps 456181 - Read speed of /sbin/dump command is critically slow with CFQ I/O scheduler 461100 - [PATCH]RHEL5:fix dio write returning EIO due to bh race 461442 - VLAN driver logs excessive messages in kernel message log (dmesg) 461506 - kernel BUG at mm/mempool.c:121! caused by lvcreate 466681 - pygrub uses cached and eventually outdated grub.conf, kernel and initrd 469976 - The EDAC driver not support The Intel 3200 and 3210 Chipsets 473404 - [5.3] Kdump Kernel Hangs on Dell AMD Machines 475457 - [FUJITSU 5.5] More tracepoints support - networking 476075 - use KVM pvclock code to detect/correct lost ticks 481658 - Backport partition table sanity checks to RHEL5 482756 - GFS2: After gfs2_grow, new size is not seen immediately 483646 - bridge: Fix LRO crash with tun (tun_chr_read()) 485016 - HP6510b close lid cause system crash 485099 - Inconsistent behaviour in stripping SUID/SGID flags when chmod/chgrp directories 486092 - httpd Sendfile troubles reading from a CIFS share 486975 - kernel: Unable to write to file as non-root user with setuid and setgid bit set 487346 - ifdown bond0 causes a deadlock 487763 - Adding bonding in balance-alb mode to bridge causes host network connectivity to be lost 488161 - (direct_io) __blockdev_direct_IO calls kzalloc for dio struct causes OLTP performance regression 489566 - when booted with P-state limit, limit can never be increased 489774 - AVC denied 0x100000 for a directory with eCryptFS and Apache 489931 - NFS umount deadlock in rpciod with rpc_shutdown_client() 491010 - ip_vs module (LVS) routes demasqueraded packets out wrong interface on multihomed directors 493517 - get_partstats() returns NULL and causes panic 494120 - XEN NMI detection fails on Dell 1950 server 495059 - deadlock with NFSv4 reclaimer thread reconnecting socket 496716 - GFS2 ">>" will not update ctime,mtime after appending to the file 496847 - [Patch] jbd slab cache creation/deletion is racey 497200 - definition of file-nr differs from sysctl/fs.txt to filesystems/proc.txt 497257 - The tmpfs filesystem goes on readonly mode. 498461 - I/O scheduler setting via elevator kernel option not picked up by Xen guest 498489 - blktrace stops working after a trace-file-directory replacement 498510 - don't OOM kill task during fresh huge page allocation 498532 - RHEL5 cmirror tracker: multiple device failure of fully synced cmirror causes corruption 498976 - GFS2 - probably lost glock call back 499019 - CRM 1908390 - BUG: warning at fs/inotify.c:181/set_dentry_child_flags() 499063 - [RHEL5] undefined reference to `__udivdi3' 499253 - kernel leaves initrd in vmalloc space 499884 - A bond's preferred primary setting is lost after bringing down and up of the primary slave. 500346 - Please update mlx4_en driver for performance improvements and bug fixes 500653 - NFS: problems with virtual IP and locking 500838 - CIFS update for RHEL5.5 501030 - Need to display the current settings of the options bits in st driver. 501075 - soft lockups with software RAID6 create and re-sync' 502491 - rtl8139 doesn't work with bonding in alb mode 502531 - GFS2: smbd proccess hangs with flock() call. 502572 - cat stop responding after 1st cat and CTRL+C interrupt. 502822 - OOPS in "inet_select_addr" on ICMP when "icmp_errors_use_inbound_ifaddr" is turned on 502826 - [RHEL-5 Xen]: F-11 Xen 64-bit domU cannot be started with > 2047MB of memory 502927 - dm-raid1 can return write request as finished and later revert the data 502965 - Snapshot creation in VG with 1k extent size can fail 503837 - [Intel 5.4 Bug] Function dependency link calculated incorrectly for integrated endpoint 505331 - GFS2: genesis stuck writing to unlinked file 506200 - ahci: add device ID for 82801JI sata controller 506217 - Implement blkdev_releasepage() to release the buffer_heads and pages after we release private data belonging to a mounted filesystem. 506799 - Serial ports don't function on 4838-310 without pnpacpi=off boot option 506899 - timeout with physical cdrom on a PV guest 507159 - Cannot increase open file limit greater then 1024 * 1024 (1048576) 507549 - Bug in lockd prevents a locks being freed. 509625 - kernel: fd leak if pipe() is called with an invalid address [rhel-5.4] 509713 - getdents() reports /proc/1/task/1/ as DT_UNKNOWN. 509809 - Host panic when try to run kvm guest on a host which restored from suspend. 509866 - [RHEL5.3] Even if a process have received data but schedule() in select() cannot return 509962 - RHEL 5.4 Beta fails to activate sw raid devices, unable to install to sw raid 510225 - Segfault/Infinite loop in TLS double access 510257 - allow more flexibility for read_ahead_kb store 510686 - xen does not build on gcc 4.4 510746 - BUG: warning at kernel/softirq.c:138/local_bh_enable() (Tainted: G ) 510814 - CPU hotplug notifiers for KVM (for suspend and cpu hotplug support) 510818 - cxgb3 driver fixes 511170 - [NetApp 5.5 bug] nfs_readdir() may fail to return all the files in the directory 511211 - cpuspeed behave strangely after suspend/resume on intel machine hp-dl580g5-01.rhts.bos.redhat.com 511278 - /proc/self/exe reports wrong path after fstat on NFSv4 511374 - ExpressCards should be detected and useful 512006 - [LTC 5.5 FEAT] AF_IUCV SOCK_SEQPACKET support [201885] 512013 - [LTC 5.5 FEAT] Support ACPI S3/S4 Sleeping States [201941] 512203 - [LTC 5.5 FEAT] Update ibmvscsi driver with upstream multipath enhancements [201916] 512361 - Server should return NFS4ERR_ATTRNOTSUPP if attribute 'ACL' is not supported 512552 - Can't write to XFS mount during raid5 resync 513136 - [RHEL5.4 Snapshot1] File write performance degradation in RHEL5.4 Snapshot1 compared to RHEL5.3 GA 513203 - system fails to go into s4 513410 - cifs: panic when mounting DFS referral with hostname that can't be resolved 513692 - ifdown on nVidia CK804 (rev f3) NIC doesn't work 513827 - Out of SW-IOMMU space: External hard disk inaccessible 514141 - mlx4_core fails to load on systems with32 cores 514147 - TCP traffic for VLAN interfaces fails over mlx4_en parent interface. 514250 - e100: return PCI_ERS_RESULT_DISCONNECT on permanent failure 514256 - igb: return PCI_ERS_RESULT_DISCONNECT on permanent failure 514589 - r8169 stopping all activity until the link is reset 514654 - nfsv4-server return NFS4ERR_BAD_STATEID, but return NFS4ERR_EXPIRED when it has invalid stateID 515176 - scsi_transport_fc: fc_user_scan can loop forever, needs mutex with rport list changes 515252 - CIFS multiuser mount fails to locate smbid 515312 - [Broadcom 5.5 feat] Update tg3 and add support for 5717/5718 and 57765 asic revs 515405 - [PATCH RHEL5.5] :NFS Handle putpubfh operation correctly. 515408 - Code under CONFIG_X86_VSMP incorrect after an incorrect patch pull from upstream 515529 - ENOSPC during fsstress leads to filesystem corruption on ext2, ext3, and ext4 515716 - [Broadcom 5.5 FEAT] Update bnx2x to 1.52.1-5 515753 - kdump corefile cannot be backtraced in IA64 515812 - [Emulex 5.5 feat] Three scsi_nl APIs should be added to kabi_whitelist 515863 - FEAT RHEL5.5: Make MegaRAID SAS driver legacy I/O port free 516541 - [NetApp 5.5 bug] Emulex FC ports on RHEL 5.4 GA offlined during target controller faults 516589 - Kernel netlink neighbor updates not sent to multicast group (RTMGRP_NEIGH) 516833 - [QLogic 5.5 feat] netxen - P3 updates 516881 - [Promise 5.5 feat] Update stex driver to version 4.6.0102.4 517238 - [RHEL5 Xen]: Fix for array out-of-bounds in blkfront 517377 - [Broadcom 5.5 FEAT] Update bnx2 to 2.0.2 517378 - [Broadcom 5.5 FEAT] Update bnx2i and cnic drivers 517454 - Add Support for Huawei EC1260 to the RHEL5 kernel 517504 - SCTP Messages out of order 517893 - [QLogic 5.5 bug] qlge - fix hangs and read perfromance 517922 - [QLogic 5.5 bug] qla2xxx - allow use of MSI when MSI-X disabled. 517928 - bare-metal and xen: /proc/cpuinfo does not list all CPU flags presented by CPU 518103 - VTD IOMMU 1:1 mapping performance and bug fixes 518106 - [RFE] GFS2: New mount option: -o errors=withdraw|panic 518496 - Add kernel (scsi_dh_rdac) support for Sun 6540 storage arrays. 519049 - GFS2 Filesystem Withdrawal: fatal: invalid metadata block 519076 - Update for HighPoint RocketRAID hptiop driver in RHEL 5.5 kernel 519086 - [Cisco 5.5 FEAT] Include/Update support for enic version 1.1.0.100 519091 - [Cisco 5.5 FEAT] Update fnic to version x.y.z 519112 - statfs on NFS partition always returns 0 519184 - nfsnobody == 4294967294 causes idmapd to stop responding 519447 - [QLogic 5.5 bug] qla2xxx - updates and fixes from upstream or testing. 519453 - [QLogic 5.5 bug] qlge - updates and fixes from upstream or testing. 519771 - pvclock return bogus wallclock values 520192 - kernel panics from list corruption when using a tape drive connected through cciss adapter 520297 - kernel: ipv4: make ip_append_data() handle NULL routing table [rhel-5.5] 520867 - glibc should call pselect() and ppoll() on ia64 kernel 521081 - [RHEL5.4 RC2] KMP for xen kernel cannot be applied 521093 - Cluster hangs after node rejoins from simulated network outage 521203 - Update arcmsr driver 521345 - vlan with sky2 is not possible anymore with kernel-xen 2.6.18-164 521865 - Xen fails to boot on ia64 with > 128GB memory 522600 - bnx2x: increase coalescing granularity to 4us instead of 12us 522629 - [LTC 5.5 FEAT] Provide balloon driver for KVM guests [202025] 522745 - thinkpad_acpi: CMOS NVRAM (7) and EC (5) do not agree on display brightness level 522846 - Nehalem Turbo Boost "ida" flag not present in Xen kernel's /proc/cpuinfo output 523335 - sound no longer works after upgrade to RHEL 5.4 523450 - cpu1 didn't come online in a kvm i686 guest 523888 - [RFE] Add qcserial module to RHEL 5 kernel 523982 - kernel: ipt_recent: sanity check hit count [rhel-5.5] 524052 - Boot hang when installing HVM DomU 524129 - LVS master and backup director - Synchronised connections on backup director have unsuitable timeout value 524335 - [LSI 5.5 feat] update rdac scsi device handler to upstream 524651 - Lost the network in a KVM VM on top of 5.4 524702 - kvm_clock patches are slowing guests' shutdown to unusable levels 524787 - cannot compile kernel with CONFIG_ACPI_DEBUG=y 525100 - resize2fs online resize hangs 525390 - FEAT: RHEL 5.5 - update ALSA HDA audio driver from upstream 525467 - Xen panic in msi_msg_read_remap_rte with acpi=off 526043 - Implement smp_call_function_[single|many] in x86_64 and i386 526092 - rw_semaphore bug 526259 - [Cisco 5.5 feat] libfc bug fixes and improvements 526481 - bnx2: panic in bnx2_poll_work() 526612 - kernel: BUG: soft lockup with dcache_lock 526751 - xset b as well as setterm -bfreq set beep to wrong pitch with CONFIG_HDA_INPUT_BEEP 526819 - system crashes in audit_update_watch() 526888 - NFSv4 reclaimer thread in an infinite loop 527424 - igb driver does not work with kexec 527496 - pci_dev->is_enabled is not set in RHEL5.4 527748 - /proc/net/dev sometimes contains bogus values (BCM5706) 528054 - ext4: tech preview refresh 528070 - skip inodes without pages to free in drop_pagecache_sb() 528153 - scsi: export symbol scsilun_to_int 529431 - Update to 2.6.18-164.el5PAE causes working CIFS mount to fail 529796 - GFS2: Enhance statfs and quota usability 530537 - dlm_recv deadlock under memory pressure while processing GFP_KERNEL locks. 531016 - NFS: stale nfs_fattr passed to nfs_readdir_lookup() 531268 - Timedrift on VM with pv_clock enabled, causing system hangs and sporadic time behaviour 531488 - [scsi] Fix inconsistent usage of max_lun 531552 - threads on pthread_mutex_lock wake in fifo order, but posix specifies by priority 531593 - [QLogic 5.5 bug] qla2xxx - enable MSI-X and correct/cleanup irq request code 531784 - ipoib: null tx/rx_ring skb pointers on free 532701 - dprintk macro in NFS code doesn't work in some files 533489 - [Cisco 5.5 feat] Need scsi and libfc symbols to be added to whitelist_file 533496 - xen server crashes when used with network bonding modes 5 or 6 534018 - kernel: sysctl: require CAP_SYS_RAWIO to set mmap_min_addr [rhel-5.5] 534158 - Updates for mlx4 drivers 537514 - [LSI 5.5 feat] make scsi_dh_activate asynchronous to address the slower lun failovers with large number of luns 537734 - Backporting MSI-X mask bit acceleration 537876 - Kernel panic when using GRO through ixgbe driver and xen bridge 538407 - PCI AER code introduced a compile problem in powerpc 538484 - gfs2 rename rgrp lock issue 539240 - glock_workqueue -- glock ref count via gfs2_glock_hold 539521 - Call trace error display when resume from suspend to disk (ide block) - pvclock related 540811 - [RHEL5 Xen]: PV guest crash on poweroff 541149 - CVE-2009-4026 CVE-2009-4027 kernel: mac80211: fix spurious delBA handling 541213 - Possible access to invalid memory 541325 - [RHEL5]: A new xenfb thread is created on every save/restore 541953 - kernel panic when doing cpu offline/online frequently on hp-dl785g5-01.rhts.eng.bos.redhat.com 541956 - kernel: sleeping vfs_check_frozen in called in atomic context from do_wp_page [rhel-5.5] 542593 - recursive lock of devlist_mtx 542746 - [QLogic 5.5 feat] netxen P3 - updates from 2.6.32 542834 - [QLogic 5.5 bug] qla2xxx - further testing updates for 5.5 543057 - [QLogic 5.5 bug] qla2xxx - testing updates #3 543270 - Fix deadlock in multipath when removing a device 543307 - Lock snapshot while reporting status 544138 - PTRACE_KILL hangs in 100% cpu loop 544349 - RHEL5: fallocate on XFS returns incorrect value on ENOSPC 544417 - cifs: possible NULL pointer dereference in mount-time DFS referral chasing code 544448 - Strange vm performance degradation moving 32 bit app from RHEL 4.6 32bit to 5.4 64bit 545121 - possible null pointer dereference in ieee80211_change_iface 545135 - [Broadcom 5.5 feat] Add support for 57765 asic revs 545612 - Please implement upstream fix for potential filesystem corruption bug 545899 - rtl8180 shows 0% signal strength while connected 546281 - wireless: report reasonable bitrate for MCS rates through wext 546326 - bnx2: panic in bnx2_free_tx_skbs() because of wrong frags index 546624 - RFE: Add debug to bonding driver as module option 547251 - CVE-2009-4307 kernel: ext4: avoid divide by zero when trying to mount a corrupted file system 547762 - PCI AER: HEST FIRMWARE FIRST support 547980 - [SR-IOV] VF can not be enabled in Dom0 548079 - [RHEL5.4][REGRESSION] iptables --reject-with tcp-reset doesn't work 548565 - aio: eventfd support introduced a 0.5% performance regression 549397 - I/O errors while accessing loop devices or file-based Xen images from GFS volume after Update from RHEL 5.3 to 5.4 549460 - [Emulex 5.5 bug] Multiple bug fixes for be2net 549465 - Cannot run NVIDIA display driver on 32-bit RHEL 5.3 or 5.4 549750 - audit rule with directory auditing crashes the kernel 549763 - [Emulex 5.5 bug] Update lpfc driver to 8.2.0.63 FC/FCoE 550014 - khungtaskd not stopped during suspend 550148 - [Cisco 5.5 bug] Update enic driver to version 1.1.0.241a 552675 - ipmi_watchdog deadlock 553324 - [RHEL5 Xen]: Cpu frequency scaling is broken on Intel 553447 - GFS2: fatal: filesystem consistency error in gfs2_ri_update 553670 - filesystem mounted with ecryptfs_xattr option could not be written 554078 - Lost the network in a KVM VM on top of 5.4 554545 - [Emulex 5.5 bug] Update be2iscsi driver for bugfixes 555120 - dm-raid1: dmsetup stuck at suspending failed mirror device 555171 - dm-raid1: kernel panic when bio on recovery failed region is released 555604 - [Emulex 5.5 bug] Update lpfc driver to 8.2.0.63.1p FC/FCoE 557095 - kvm pvclock on i386 suffers from double registering 557109 - [5.4] VLAN performance issue with 10gbE Mellanox NICs 557172 - inserting w83627hf kernel module results in panic 557792 - [Emulex 5.5 bug] Update lpfc driver to 8.2.0.63.2p FC/FCoE 557974 - e1000e: wol is broken on 2.6.18-185.el5 558809 - e1000 & e1000e: Memory corruption/paging error when tx hang occurs 559329 - [sky2] initial carrier state is always on 559410 - posix_fadvise() handles its arguments incorrectly in 32-bit compat mode. 559711 - Add wireless fixes from 2.6.32.y tree 560944 - kernel panic during modprobe smsc47m1 561076 - igb: fix warning in drivers/net/igb/igb_ethtool.c:2090 561322 - [Emulex 5.5 bug] be2net bug fixes for be3 hardware from Alpha testing 561578 - [Broadcom 5.5 feat] Update bnx2 firmware 562006 - WARNING: APIC timer calibration may be wrong 562947 - late breaking CIFS patches for RHEL5.5 564145 - [Emulex 5.5 bug] Fix scsi eh callouts and add support for new chip to be2iscsi driver 564399 - f71805f hwmon driver passes '&sio_data' to platform_device_add_data() 564506 - [Emulex 5.5 bug] Update lpfc driver to 8.2.0.63.3p FC/FCoE 565494 - "dmraid -ay" panics kernel 565594 - [Cisco 5.5 bug] Update fnic to 1.4.0.98 to fix FIP crash/hang issues 565964 - [Broadcom 5.5 bug] tg3: 5717 and 57765 asic revs can panic under load 565965 - [Broadcom 5.5 bug] tg3: Race condition - performance / panic with 57765 devices 566016 - [Broadcom 5.5 bug] tg3: 57765 LED does not work correctly 566221 - GFS2: Use correct GFP for alloc page on write 566696 - iwl5000/5300 fail to transmit data on N-only netwrok 567718 - [Emulex 5.5 bug] be2net bug fixes for be3 hardware from Alpha testing 568040 - network does not work with rhel 5.5 snap1 x64 server, xen kernel, and r8169 driver 568153 - ixgbe: stop unmapping DMA buffers too early 569610 - GFS2 - fiemap - Kernel BUG at fs/gfs2/bmap.c:433 570814 - Disk performance regression in CFQ 570863 - CVE-2010-0727 bug in GFS/GFS2 locking code leads to dos 571818 - Iozone Outcache testing has a greater than 5 % performance regression on reads 573098 - [5.4] VLAN performance issue with 10gbE Mellanox NICs

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2010-0178.html

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-399 Resource Management Errors
33 % CWE-362 Race Condition
33 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11392
 
Oval ID: oval:org.mitre.oval:def:11392
Title: The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions.
Description: The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions.
Family: unix Class: vulnerability
Reference(s): CVE-2010-0727
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11583
 
Oval ID: oval:org.mitre.oval:def:11583
Title: Race condition in the mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (system crash) via a Delete Block ACK (aka DELBA) packet that triggers a certain state change in the absence of an aggregation session.
Description: Race condition in the mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (system crash) via a Delete Block ACK (aka DELBA) packet that triggers a certain state change in the absence of an aggregation session.
Family: unix Class: vulnerability
Reference(s): CVE-2009-4027
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22110
 
Oval ID: oval:org.mitre.oval:def:22110
Title: RHSA-2010:0291: gfs-kmod security, bug fix and enhancement update (Moderate)
Description: The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions.
Family: unix Class: patch
Reference(s): RHSA-2010:0291-04
CVE-2010-0727
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Product(s): gfs-kmod
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23071
 
Oval ID: oval:org.mitre.oval:def:23071
Title: ELSA-2010:0291: gfs-kmod security, bug fix and enhancement update (Moderate)
Description: The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions.
Family: unix Class: patch
Reference(s): ELSA-2010:0291-04
CVE-2010-0727
Version: 6
Platform(s): Oracle Linux 5
Product(s): gfs-kmod
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28041
 
Oval ID: oval:org.mitre.oval:def:28041
Title: DEPRECATED: ELSA-2010-0291 -- gfs-kmod security, bug fix and enhancement update (moderate)
Description: [0.1.34-12] - Fixes a problem where improper locking commands can crash the system. - Resolves: rhbz#571298 [0.1.34-11] - Fixes 'Resource tempory unavailable' for EWOULDBLOCK message with flocks on gfs file - Resolves: rhbz#515717 [0.1.34-10] - Fixes 'Resource tempory unavailable' for EWOULDBLOCK message with flocks on gfs file - Resolves: rhbz#515717 [0.1.34-9] - Change gfs freeze/unfreeze to use new standard - Resolves: rhbz#487610 [0.1.34-8] - Fixes problem that produces this error message: fatal: assertion 'gfs_glock_is_locked_by_me(gl) && gfs_glock_is_held_excl(gl)' failed - Resolves: rhbz#471258 [0.1.34-7] - GFS kernel panic, suid + nfsd with posix ACLs enabled - Resolves: rhbz#513885 [0.1.34-5] - GFS: New mount option: -o errors=withdraw|panic - Resolves: rhbz#517145
Family: unix Class: patch
Reference(s): ELSA-2010-0291
CVE-2010-0727
Version: 4
Platform(s): Oracle Linux 5
Product(s): gfs-kmod
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9874
 
Oval ID: oval:org.mitre.oval:def:9874
Title: The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value).
Description: The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value).
Family: unix Class: vulnerability
Reference(s): CVE-2009-4307
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 1
Os 1271
Os 2

OpenVAS Exploits

Date Description
2013-09-18 Name : Debian Security Advisory DSA 2443-1 (linux-2.6 - privilege escalation/denial ...
File : nvt/deb_2443_1.nasl
2012-12-26 Name : CentOS Update for kernel CESA-2012:1580 centos6
File : nvt/gb_CESA-2012_1580_kernel_centos6.nasl
2012-12-26 Name : RedHat Update for kernel RHSA-2012:1580-01
File : nvt/gb_RHSA-2012_1580-01_kernel.nasl
2012-11-15 Name : CentOS Update for kernel CESA-2012:1445 centos5
File : nvt/gb_CESA-2012_1445_kernel_centos5.nasl
2012-11-15 Name : RedHat Update for kernel RHSA-2012:1445-01
File : nvt/gb_RHSA-2012_1445-01_kernel.nasl
2011-02-18 Name : Mandriva Update for kernel MDVSA-2011:029 (kernel)
File : nvt/gb_mandriva_MDVSA_2011_029.nasl
2010-09-10 Name : SuSE Update for kernel SUSE-SA:2010:036
File : nvt/gb_suse_2010_036.nasl
2010-06-07 Name : Ubuntu Update for Linux kernel vulnerabilities USN-947-1
File : nvt/gb_ubuntu_USN_947_1.nasl
2010-06-07 Name : Ubuntu Update for linux regression USN-947-2
File : nvt/gb_ubuntu_USN_947_2.nasl
2010-06-03 Name : Debian Security Advisory DSA 2053-1 (linux-2.6)
File : nvt/deb_2053_1.nasl
2010-04-06 Name : RedHat Update for Red Hat Enterprise Linux 5.5 kernel RHSA-2010:0178-02
File : nvt/gb_RHSA-2010_0178-02_Red_Hat_Enterprise_Linux_5.5_kernel.nasl
2010-03-31 Name : Mandriva Update for kernel MDVSA-2010:066 (kernel)
File : nvt/gb_mandriva_MDVSA_2010_066.nasl
2010-02-19 Name : Mandriva Update for drakxtools MDVA-2010:066 (drakxtools)
File : nvt/gb_mandriva_MDVA_2010_066.nasl
2010-01-20 Name : SuSE Update for kernel SUSE-SA:2010:005
File : nvt/gb_suse_2010_005.nasl
2010-01-15 Name : SuSE Update for kernel SUSE-SA:2010:001
File : nvt/gb_suse_2010_001.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
63098 Linux Kernel gfs_lock Function GFS / GFS2 Filesystem POSIX Lock Removal Weakn...

The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, contain a flaw that may allow a local denial of service. The issue is triggered when local users lock a file on a GFS or GFS file system and changes this file's permission, which will result in loss of availability for the platform.
61028 Linux Kernel fs/ext4/super.c ext4_fill_flex_info Function s_log_groups_per_fl...

60610 Linux Kernel mac80211 Subsystem Crafted DELBA Packet Remote DoS

Information Assurance Vulnerability Management (IAVM)

Date Description
2010-01-07 IAVM : 2010-A-0001 - Multiple Vulnerabilities in Linux Kernel
Severity : Category I - VMSKEY : V0022180

Nessus® Vulnerability Scanner

Date Description
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2013-0039.nasl - Type : ACT_GATHER_INFO
2014-11-26 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2012-0042.nasl - Type : ACT_GATHER_INFO
2013-09-04 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-148.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1445-1.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1445.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1580.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0521.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0380.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0291.nasl - Type : ACT_GATHER_INFO
2012-12-20 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1580.nasl - Type : ACT_GATHER_INFO
2012-12-20 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20121218_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-12-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1580.nasl - Type : ACT_GATHER_INFO
2012-11-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1445.nasl - Type : ACT_GATHER_INFO
2012-11-15 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20121113_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-11-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1445.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100330_GFS_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100330_gfs_kmod_on_SL_5_0.nasl - Type : ACT_GATHER_INFO
2012-03-27 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2443.nasl - Type : ACT_GATHER_INFO
2011-03-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-100109.nasl - Type : ACT_GATHER_INFO
2010-08-27 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12636.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-066.nasl - Type : ACT_GATHER_INFO
2010-06-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-947-1.nasl - Type : ACT_GATHER_INFO
2010-06-04 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-947-2.nasl - Type : ACT_GATHER_INFO
2010-05-26 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2053.nasl - Type : ACT_GATHER_INFO
2010-05-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0178.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1996.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_kernel-100107.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-100108.nasl - Type : ACT_GATHER_INFO
2010-01-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_kernel-091218.nasl - Type : ACT_GATHER_INFO
2009-12-07 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-864-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:53:22
  • Multiple Updates
2013-05-11 00:51:28
  • Multiple Updates