Executive Summary

Summary
Title kernel security and bug fix update
Informations
Name RHSA-2014:0328 First vendor Publication 2014-03-25
Vendor RedHat Last vendor Modification 2014-03-25
Severity (Vendor) Important Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.1 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

* A flaw was found in the way the get_rx_bufs() function in the vhost_net implementation in the Linux kernel handled error conditions reported by the vhost_get_vq_desc() function. A privileged guest user could use this flaw to crash the host. (CVE-2014-0055, Important)

* A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system. (CVE-2014-0101, Important)

* A flaw was found in the way the Linux kernel's CIFS implementation handled uncached write operations with specially crafted iovec structures. An unprivileged local user with access to a CIFS share could use this flaw to crash the system, leak kernel memory, or, potentially, escalate their privileges on the system. Note: the default cache settings for CIFS mounts on Red Hat Enterprise Linux 6 prohibit a successful exploitation of this issue. (CVE-2014-0069, Moderate)

* A heap-based buffer overflow flaw was found in the Linux kernel's cdc-wdm driver, used for USB CDC WCM device management. An attacker with physical access to a system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1860, Low)

Red Hat would like to thank Nokia Siemens Networks for reporting CVE-2014-0101, and Al Viro for reporting CVE-2014-0069.

This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.

All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system.

5. Bugs fixed (https://bugzilla.redhat.com/):

921970 - CVE-2013-1860 kernel: usb: cdc-wdm buffer overflow triggered by device 1062577 - CVE-2014-0055 kernel: vhost-net: insufficient handling of error conditions in get_rx_bufs() 1064253 - CVE-2014-0069 kernel: cifs: incorrect handling of bogus user pointers during uncached writes 1070705 - CVE-2014-0101 kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2014-0328.html

CWE : Common Weakness Enumeration

% Id Name
67 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
33 % CWE-476 NULL Pointer Dereference

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:23690
 
Oval ID: oval:org.mitre.oval:def:23690
Title: ELSA-2014:0328: kernel security and bug fix update (Important)
Description: The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
Family: unix Class: patch
Reference(s): ELSA-2014:0328-01
CVE-2013-1860
CVE-2014-0055
CVE-2014-0069
CVE-2014-0101
Version: 9
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24219
 
Oval ID: oval:org.mitre.oval:def:24219
Title: RHSA-2014:0328: kernel security and bug fix update (Important)
Description: The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
Family: unix Class: patch
Reference(s): RHSA-2014:0328-01
CESA-2014:0328
CVE-2013-1860
CVE-2014-0055
CVE-2014-0069
CVE-2014-0101
Version: 11
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24238
 
Oval ID: oval:org.mitre.oval:def:24238
Title: USN-2175-1 -- linux-lts-quantal vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2175-1
CVE-2014-0049
CVE-2014-0069
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux-lts-quantal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24461
 
Oval ID: oval:org.mitre.oval:def:24461
Title: USN-2179-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2179-1
CVE-2014-0049
CVE-2014-0069
Version: 5
Platform(s): Ubuntu 13.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24554
 
Oval ID: oval:org.mitre.oval:def:24554
Title: USN-2180-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2180-1
CVE-2014-0049
CVE-2014-0069
Version: 5
Platform(s): Ubuntu 12.10
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24576
 
Oval ID: oval:org.mitre.oval:def:24576
Title: USN-2181-1 -- linux-ti-omap4 vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2181-1
CVE-2014-0049
CVE-2014-0069
Version: 5
Platform(s): Ubuntu 13.10
Product(s): linux-ti-omap4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24637
 
Oval ID: oval:org.mitre.oval:def:24637
Title: USN-2176-1 -- linux-lts-raring vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2176-1
CVE-2014-0049
CVE-2014-0069
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux-lts-raring
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24826
 
Oval ID: oval:org.mitre.oval:def:24826
Title: USN-2178-1 -- linux vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2178-1
CVE-2014-0049
CVE-2014-0069
Version: 4
Platform(s): Ubuntu 12.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24864
 
Oval ID: oval:org.mitre.oval:def:24864
Title: USN-2177-1 -- linux-lts-saucy vulnerabilities
Description: Several security issues were fixed in the kernel.
Family: unix Class: patch
Reference(s): USN-2177-1
CVE-2014-0049
CVE-2014-0069
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux-lts-saucy
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25525
 
Oval ID: oval:org.mitre.oval:def:25525
Title: SUSE-SU-2014:0531-1 -- Security update for Linux kernel
Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0531-1
CVE-2013-4470
CVE-2013-6885
CVE-2013-7263
CVE-2013-7264
CVE-2013-7265
CVE-2014-0069
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): Linux kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25533
 
Oval ID: oval:org.mitre.oval:def:25533
Title: SUSE-SU-2014:0459-1 -- Security update for Linux Kernel
Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix various bugs and security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0459-1
CVE-2013-4470
CVE-2013-6885
CVE-2013-7263
CVE-2013-7264
CVE-2013-7265
CVE-2014-0069
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): Linux Kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27035
 
Oval ID: oval:org.mitre.oval:def:27035
Title: DEPRECATED: ELSA-2014-0328 -- kernel security and bug fix update (important)
Description: [2.6.32-431.11.2] - [net] sctp: fix sctp_sf_do_5_1D_ce to verify if peer is AUTH capable (Daniel Borkmann) [1070715 1067451] {CVE-2014-0101} - [vhost] validate vhost_get_vq_desc return value (Michael S. Tsirkin) [1062579 1058677] {CVE-2014-0055}
Family: unix Class: patch
Reference(s): ELSA-2014-0328
CVE-2013-1860
CVE-2014-0055
CVE-2014-0069
CVE-2014-0101
Version: 4
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27466
 
Oval ID: oval:org.mitre.oval:def:27466
Title: ELSA-2013-2534 -- Unbreakable Enterprise kernel Security update (moderate)
Description: [2.6.32-400.29.1] - KVM: add missing void __user COPYING CREDITS Documentation Kbuild MAINTAINERS Makefile README REPORTING-BUGS arch block crypto drivers firmware fs include init ipc kernel lib mm net samples scripts security sound tools uek-rpm usr virt cast to access_ok() call (Heiko Carstens) [Orabug: 16941620] {CVE-2013-1943} - KVM: Validate userspace_addr of memslot when registered (Takuya Yoshikawa) [Orabug: 16941620] {CVE-2013-1943}
Family: unix Class: patch
Reference(s): ELSA-2013-2534
CVE-2012-4542
CVE-2012-6542
CVE-2013-1943
CVE-2013-1929
CVE-2013-1860
Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): kernel-uek
mlnx_en
ofa
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
kernel-uek-headers
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 19
Application 9
Application 12
Application 9
Application 31
Application 12
Application 6
Application 25
Application 21
Application 25
Application 10
Application 19
Application 13
Application 24
Application 1
Application 1
Application 6
Application 4
Application 6
Application 8
Hardware 7
Hardware 6
Os 3
Os 3562
Os 1
Os 1
Os 3
Os 1
Os 2
Os 1
Os 1
Os 1
Os 3

Snort® IPS/IDS

Date Description
2016-03-15 Linux kernel SCTP handshake COOKIE ECHO Chunks denial of service attempt
RuleID : 37654 - Revision : 2 - Type : OS-LINUX
2016-03-14 Linux kernel SCTP handshake COOKIE ECHO Chunks denial of service attempt
RuleID : 37408 - Revision : 2 - Type : OS-LINUX

Nessus® Vulnerability Scanner

Date Description
2017-04-03 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0057.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1138-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-1105-1.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0520.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0432.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0419.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-0339.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-328.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15317.nasl - Type : ACT_GATHER_INFO
2014-07-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0439.nasl - Type : ACT_GATHER_INFO
2014-07-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0829.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140709.nasl - Type : ACT_GATHER_INFO
2014-07-02 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-451.nasl - Type : ACT_GATHER_INFO
2014-06-26 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-441.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-376.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-124.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-375.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2235-1.nasl - Type : ACT_GATHER_INFO
2014-05-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2228-1.nasl - Type : ACT_GATHER_INFO
2014-05-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2225-1.nasl - Type : ACT_GATHER_INFO
2014-05-28 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2224-1.nasl - Type : ACT_GATHER_INFO
2014-05-28 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2223-1.nasl - Type : ACT_GATHER_INFO
2014-05-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2221-1.nasl - Type : ACT_GATHER_INFO
2014-05-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3034.nasl - Type : ACT_GATHER_INFO
2014-04-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2173-1.nasl - Type : ACT_GATHER_INFO
2014-04-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2179-1.nasl - Type : ACT_GATHER_INFO
2014-04-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2178-1.nasl - Type : ACT_GATHER_INFO
2014-04-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2177-1.nasl - Type : ACT_GATHER_INFO
2014-04-27 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2176-1.nasl - Type : ACT_GATHER_INFO
2014-04-27 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2175-1.nasl - Type : ACT_GATHER_INFO
2014-04-27 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2174-1.nasl - Type : ACT_GATHER_INFO
2014-04-27 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2906.nasl - Type : ACT_GATHER_INFO
2014-04-16 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140408.nasl - Type : ACT_GATHER_INFO
2014-04-09 Name : The remote Fedora host is missing a security update.
File : fedora_2014-4849.nasl - Type : ACT_GATHER_INFO
2014-04-07 Name : The remote Fedora host is missing a security update.
File : fedora_2014-4675.nasl - Type : ACT_GATHER_INFO
2014-03-28 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140321.nasl - Type : ACT_GATHER_INFO
2014-03-28 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3016.nasl - Type : ACT_GATHER_INFO
2014-03-28 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-317.nasl - Type : ACT_GATHER_INFO
2014-03-27 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3015.nasl - Type : ACT_GATHER_INFO
2014-03-27 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3014.nasl - Type : ACT_GATHER_INFO
2014-03-26 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140325_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-03-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0328.nasl - Type : ACT_GATHER_INFO
2014-03-26 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0328.nasl - Type : ACT_GATHER_INFO
2014-03-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0328.nasl - Type : ACT_GATHER_INFO
2014-03-10 Name : The remote Fedora host is missing a security update.
File : fedora_2014-3448.nasl - Type : ACT_GATHER_INFO
2014-03-07 Name : The remote Fedora host is missing a security update.
File : fedora_2014-3442.nasl - Type : ACT_GATHER_INFO
2014-03-02 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-289.nasl - Type : ACT_GATHER_INFO
2014-02-18 Name : The remote Fedora host is missing a security update.
File : fedora_2014-2606.nasl - Type : ACT_GATHER_INFO
2014-02-18 Name : The remote Fedora host is missing a security update.
File : fedora_2014-2576.nasl - Type : ACT_GATHER_INFO
2013-09-18 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2546.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2534.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-2525.nasl - Type : ACT_GATHER_INFO
2013-06-25 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-176.nasl - Type : ACT_GATHER_INFO
2013-05-17 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1829-1.nasl - Type : ACT_GATHER_INFO
2013-05-16 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1824-1.nasl - Type : ACT_GATHER_INFO
2013-05-15 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2668.nasl - Type : ACT_GATHER_INFO
2013-05-08 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-130426.nasl - Type : ACT_GATHER_INFO
2013-05-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1813-1.nasl - Type : ACT_GATHER_INFO
2013-05-02 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1812-1.nasl - Type : ACT_GATHER_INFO
2013-05-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1809-1.nasl - Type : ACT_GATHER_INFO
2013-03-22 Name : The remote Fedora host is missing a security update.
File : fedora_2013-3909.nasl - Type : ACT_GATHER_INFO
2013-03-20 Name : The remote Fedora host is missing a security update.
File : fedora_2013-4012.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2014-03-27 13:21:38
  • Multiple Updates
2014-03-26 17:23:10
  • Multiple Updates
2014-03-25 21:19:36
  • First insertion