Executive Summary
Summary | |
---|---|
Title | kernel security and bug fix update |
Informations | |||
---|---|---|---|
Name | RHSA-2008:1017 | First vendor Publication | 2008-12-16 |
Vendor | RedHat | Last vendor Modification | 2008-12-16 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.8 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * Olaf Kirch reported a flaw in the i915 kernel driver that only affects the Intel G33 series and newer. This flaw could, potentially, lead to local privilege escalation. (CVE-2008-3831, Important) * Miklos Szeredi reported a missing check for files opened with O_APPEND in the sys_splice(). This could allow a local, unprivileged user to bypass the append-only file restrictions. (CVE-2008-4554, Important) In addition, these updated packages fix the following bugs: * on Itanium® systems, when a multithreaded program was traced using the command "strace -f", messages similar to the following ones were displayed, after which the trace would stop: PANIC: attached pid 10740 exited In these updated packages, tracing a multithreaded program using the "strace -f" command no longer results in these error messages, and strace terminates normally after tracing all threads. * on big-endian systems such as PowerPC, the getsockopt() function incorrectly returned 0 depending on the parameters passed to it when the time to live (TTL) value equaled 255. * when using an NFSv4 file system, accessing the same file with two separate processes simultaneously resulted in the NFS client process becoming unresponsive. * on AMD64 and Intel® 64 hypervisor-enabled systems, in cases in which a syscall correctly returned '-1' in code compiled on Red Hat Enterprise Linux 5, the same code, when run with the strace utility, would incorrectly return an invalid return value. This has been fixed so that on AMD64 and Intel® 64 hypervisor-enabled systems, syscalls in compiled code return the same, correct values as syscalls do when run with strace. * on the Itanium® architecture, fully-virtualized guest domains which were created using more than 64 GB of memory caused other guest domains not to receive interrupts, which caused a soft lockup on other guests. All guest domains are now able to receive interrupts regardless of their allotted memory. * when user-space used SIGIO notification, which wasn't disabled before closing a file descriptor, and was then re-enabled in a different process, an attempt by the kernel to dereference a stale pointer led to a kernel crash. With this fix, such a situation no longer causes a kernel crash. * modifications to certain pages made through a memory-mapped region could have been lost in cases when the NFS client needed to invalidate the page cache for that particular memory-mapped file. * fully-virtualized Windows guests became unresponsive due to the vIOSAPIC component being multiprocessor-unsafe. With this fix, vIOSAPIC is multiprocessor-safe and Windows guests do not become unresponsive. * on certain systems, keyboard controllers were not able to withstand a continuous flow of requests to switch keyboard LEDs on or off, which resulted in some or all key presses not being registered by the system. * on the Itanium® architecture, setting the "vm.nr_hugepages" sysctl parameter caused a kernel stack overflow resulting in a kernel panic, and possibly stack corruption. With this fix, setting vm.nr_hugepages works correctly. * hugepages allow the Linux kernel to utilize the multiple page size capabilities of modern hardware architectures. In certain configurations, systems with large amounts of memory could fail to allocate most of memory for hugepages even if it was free, which could have resulted, for example, in database restart failures. Users should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-92.1.22.el5.src.rpm i386: kernel-2.6.18-92.1.22.el5.i686.rpm kernel-PAE-2.6.18-92.1.22.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-92.1.22.el5.i686.rpm kernel-PAE-devel-2.6.18-92.1.22.el5.i686.rpm kernel-debug-2.6.18-92.1.22.el5.i686.rpm kernel-debug-debuginfo-2.6.18-92.1.22.el5.i686.rpm kernel-debug-devel-2.6.18-92.1.22.el5.i686.rpm kernel-debuginfo-2.6.18-92.1.22.el5.i686.rpm kernel-debuginfo-common-2.6.18-92.1.22.el5.i686.rpm kernel-devel-2.6.18-92.1.22.el5.i686.rpm kernel-headers-2.6.18-92.1.22.el5.i386.rpm kernel-xen-2.6.18-92.1.22.el5.i686.rpm kernel-xen-debuginfo-2.6.18-92.1.22.el5.i686.rpm kernel-xen-devel-2.6.18-92.1.22.el5.i686.rpm noarch: kernel-doc-2.6.18-92.1.22.el5.noarch.rpm x86_64: kernel-2.6.18-92.1.22.el5.x86_64.rpm kernel-debug-2.6.18-92.1.22.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-92.1.22.el5.x86_64.rpm kernel-debug-devel-2.6.18-92.1.22.el5.x86_64.rpm kernel-debuginfo-2.6.18-92.1.22.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-92.1.22.el5.x86_64.rpm kernel-devel-2.6.18-92.1.22.el5.x86_64.rpm kernel-headers-2.6.18-92.1.22.el5.x86_64.rpm kernel-xen-2.6.18-92.1.22.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-92.1.22.el5.x86_64.rpm kernel-xen-devel-2.6.18-92.1.22.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-92.1.22.el5.src.rpm i386: kernel-2.6.18-92.1.22.el5.i686.rpm kernel-PAE-2.6.18-92.1.22.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-92.1.22.el5.i686.rpm kernel-PAE-devel-2.6.18-92.1.22.el5.i686.rpm kernel-debug-2.6.18-92.1.22.el5.i686.rpm kernel-debug-debuginfo-2.6.18-92.1.22.el5.i686.rpm kernel-debug-devel-2.6.18-92.1.22.el5.i686.rpm kernel-debuginfo-2.6.18-92.1.22.el5.i686.rpm kernel-debuginfo-common-2.6.18-92.1.22.el5.i686.rpm kernel-devel-2.6.18-92.1.22.el5.i686.rpm kernel-headers-2.6.18-92.1.22.el5.i386.rpm kernel-xen-2.6.18-92.1.22.el5.i686.rpm kernel-xen-debuginfo-2.6.18-92.1.22.el5.i686.rpm kernel-xen-devel-2.6.18-92.1.22.el5.i686.rpm ia64: kernel-2.6.18-92.1.22.el5.ia64.rpm kernel-debug-2.6.18-92.1.22.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-92.1.22.el5.ia64.rpm kernel-debug-devel-2.6.18-92.1.22.el5.ia64.rpm kernel-debuginfo-2.6.18-92.1.22.el5.ia64.rpm kernel-debuginfo-common-2.6.18-92.1.22.el5.ia64.rpm kernel-devel-2.6.18-92.1.22.el5.ia64.rpm kernel-headers-2.6.18-92.1.22.el5.ia64.rpm kernel-xen-2.6.18-92.1.22.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-92.1.22.el5.ia64.rpm kernel-xen-devel-2.6.18-92.1.22.el5.ia64.rpm noarch: kernel-doc-2.6.18-92.1.22.el5.noarch.rpm ppc: kernel-2.6.18-92.1.22.el5.ppc64.rpm kernel-debug-2.6.18-92.1.22.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-92.1.22.el5.ppc64.rpm kernel-debug-devel-2.6.18-92.1.22.el5.ppc64.rpm kernel-debuginfo-2.6.18-92.1.22.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-92.1.22.el5.ppc64.rpm kernel-devel-2.6.18-92.1.22.el5.ppc64.rpm kernel-headers-2.6.18-92.1.22.el5.ppc.rpm kernel-headers-2.6.18-92.1.22.el5.ppc64.rpm kernel-kdump-2.6.18-92.1.22.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-92.1.22.el5.ppc64.rpm kernel-kdump-devel-2.6.18-92.1.22.el5.ppc64.rpm s390x: kernel-2.6.18-92.1.22.el5.s390x.rpm kernel-debug-2.6.18-92.1.22.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-92.1.22.el5.s390x.rpm kernel-debug-devel-2.6.18-92.1.22.el5.s390x.rpm kernel-debuginfo-2.6.18-92.1.22.el5.s390x.rpm kernel-debuginfo-common-2.6.18-92.1.22.el5.s390x.rpm kernel-devel-2.6.18-92.1.22.el5.s390x.rpm kernel-headers-2.6.18-92.1.22.el5.s390x.rpm kernel-kdump-2.6.18-92.1.22.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-92.1.22.el5.s390x.rpm kernel-kdump-devel-2.6.18-92.1.22.el5.s390x.rpm x86_64: kernel-2.6.18-92.1.22.el5.x86_64.rpm kernel-debug-2.6.18-92.1.22.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-92.1.22.el5.x86_64.rpm kernel-debug-devel-2.6.18-92.1.22.el5.x86_64.rpm kernel-debuginfo-2.6.18-92.1.22.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-92.1.22.el5.x86_64.rpm kernel-devel-2.6.18-92.1.22.el5.x86_64.rpm kernel-headers-2.6.18-92.1.22.el5.x86_64.rpm kernel-xen-2.6.18-92.1.22.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-92.1.22.el5.x86_64.rpm kernel-xen-devel-2.6.18-92.1.22.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2008-1017.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-399 | Resource Management Errors |
33 % | CWE-287 | Improper Authentication |
33 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11142 | |||
Oval ID: | oval:org.mitre.oval:def:11142 | ||
Title: | The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file. | ||
Description: | The do_splice_from function in fs/splice.c in the Linux kernel before 2.6.27 does not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4554 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11542 | |||
Oval ID: | oval:org.mitre.oval:def:11542 | ||
Title: | The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration. | ||
Description: | The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3831 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:29354 | |||
Oval ID: | oval:org.mitre.oval:def:29354 | ||
Title: | RHSA-2008:1017 -- kernel security and bug fix update (Important) | ||
Description: | Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2008:1017 CESA-2008:1017-CentOS 5 CVE-2008-3831 CVE-2008-4554 CVE-2008-4576 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | kernel |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9822 | |||
Oval ID: | oval:org.mitre.oval:def:9822 | ||
Title: | sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires. | ||
Description: | sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4576 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-06-30 | Name : Fedora Core 9 FEDORA-2009-6846 (kernel) File : nvt/fcore_2009_6846.nasl |
2009-06-09 | Name : SuSE Security Advisory SUSE-SA:2009:030 (kernel) File : nvt/suse_sa_2009_030.nasl |
2009-06-05 | Name : Fedora Core 9 FEDORA-2009-5383 (kernel) File : nvt/fcore_2009_5383.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDVSA-2008:224-1 (kernel) File : nvt/gb_mandriva_MDVSA_2008_224_1.nasl |
2009-04-09 | Name : Mandriva Update for kernel MDVSA-2008:224 (kernel) File : nvt/gb_mandriva_MDVSA_2008_224.nasl |
2009-03-23 | Name : Ubuntu Update for linux, linux-source-2.6.15/22 vulnerabilities USN-679-1 File : nvt/gb_ubuntu_USN_679_1.nasl |
2009-03-06 | Name : RedHat Update for kernel RHSA-2008:1017-01 File : nvt/gb_RHSA-2008_1017-01_kernel.nasl |
2009-02-17 | Name : Fedora Update for kernel FEDORA-2008-8929 File : nvt/gb_fedora_2008_8929_kernel_fc9.nasl |
2009-02-17 | Name : Fedora Update for kernel FEDORA-2008-8980 File : nvt/gb_fedora_2008_8980_kernel_fc8.nasl |
2009-02-13 | Name : Fedora Update for kernel FEDORA-2008-11618 File : nvt/gb_fedora_2008_11618_kernel_fc9.nasl |
2009-02-02 | Name : Fedora Core 9 FEDORA-2009-0816 (kernel) File : nvt/fcore_2009_0816.nasl |
2009-01-26 | Name : RedHat Security Advisory RHSA-2009:0009 File : nvt/RHSA_2009_0009.nasl |
2009-01-23 | Name : SuSE Update for kernel SUSE-SA:2008:052 File : nvt/gb_suse_2008_052.nasl |
2009-01-23 | Name : SuSE Update for kernel SUSE-SA:2008:053 File : nvt/gb_suse_2008_053.nasl |
2009-01-20 | Name : SuSE Security Advisory SUSE-SA:2009:003 (kernel-debug) File : nvt/suse_sa_2009_003.nasl |
2008-12-23 | Name : Debian Security Advisory DSA 1687-1 (linux-2.6) File : nvt/deb_1687_1.nasl |
2008-12-10 | Name : Debian Security Advisory DSA 1681-1 (linux-2.6.24) File : nvt/deb_1681_1.nasl |
2008-11-01 | Name : Debian Security Advisory DSA 1655-1 (linux-2.6.24) File : nvt/deb_1655_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
50049 | Linux Kernel fs/splice.c do_splice_from Function O_APPEND File Descriptor Rej... |
50048 | Linux Kernel sctp sctp_process_init Function INIT-ACK T1-Init Timer Expiratio... |
49183 | Linux Kernel DRM_I915_HWS_ADDR Crafted IOCTL Request Local Privilege Escalation |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2008-1017.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20081216_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-1017.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kernel-090114.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_kernel-081022.nasl - Type : ACT_GATHER_INFO |
2009-06-09 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-6274.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-679-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-659-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-224.nasl - Type : ACT_GATHER_INFO |
2008-12-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-1017.nasl - Type : ACT_GATHER_INFO |
2008-12-16 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1687.nasl - Type : ACT_GATHER_INFO |
2008-12-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1681.nasl - Type : ACT_GATHER_INFO |
2008-11-12 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-5751.nasl - Type : ACT_GATHER_INFO |
2008-10-24 | Name : The remote Fedora host is missing a security update. File : fedora_2008-8980.nasl - Type : ACT_GATHER_INFO |
2008-10-24 | Name : The remote Fedora host is missing a security update. File : fedora_2008-8929.nasl - Type : ACT_GATHER_INFO |
2008-10-21 | Name : The remote openSUSE host is missing a security update. File : suse_kernel-5700.nasl - Type : ACT_GATHER_INFO |
2008-10-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1655.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:52:06 |
|