Executive Summary

Summary
Title kernel security and bug fix update
Informations
Name RHSA-2014:0520 First vendor Publication 2014-05-20
Vendor RedHat Last vendor Modification 2014-05-20
Severity (Vendor) Important Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C)
Cvss Base Score 7.1 Attack Range Network
Cvss Impact Score 6.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated kernel packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6.2 Extended Update Support.

The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AUS (v. 6.2 server) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

* A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system. (CVE-2014-0101, Important)

* A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline (LDISC) implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-0196, Important)

Red Hat would like to thank Nokia Siemens Networks for reporting CVE-2014-0101.

This update also fixes the following bug:

* Prior to this update, a guest-provided value was used as the head length of the socket buffer allocated on the host. If the host was under heavy memory load and the guest-provided value was too large, the allocation could have failed, resulting in stalls and packet drops in the guest's Tx path. With this update, the guest-provided value has been limited to a reasonable size so that socket buffer allocations on the host succeed regardless of the memory load on the host, and guests can send packets without experiencing packet drops or stalls. (BZ#1092349)

All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system.

5. Bugs fixed (https://bugzilla.redhat.com/):

1070705 - CVE-2014-0101 kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk 1094232 - CVE-2014-0196 kernel: pty layer race condition leading to memory corruption

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2014-0520.html

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-476 NULL Pointer Dereference
50 % CWE-362 Race Condition

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:23690
 
Oval ID: oval:org.mitre.oval:def:23690
Title: ELSA-2014:0328: kernel security and bug fix update (Important)
Description: The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
Family: unix Class: patch
Reference(s): ELSA-2014:0328-01
CVE-2013-1860
CVE-2014-0055
CVE-2014-0069
CVE-2014-0101
Version: 9
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24219
 
Oval ID: oval:org.mitre.oval:def:24219
Title: RHSA-2014:0328: kernel security and bug fix update (Important)
Description: The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk.
Family: unix Class: patch
Reference(s): RHSA-2014:0328-01
CESA-2014:0328
CVE-2013-1860
CVE-2014-0055
CVE-2014-0069
CVE-2014-0101
Version: 11
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24445
 
Oval ID: oval:org.mitre.oval:def:24445
Title: USN-2200-1 -- linux-lts-raring vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2200-1
CVE-2014-0196
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux-lts-raring
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24543
 
Oval ID: oval:org.mitre.oval:def:24543
Title: USN-2203-1 -- linux vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2203-1
CVE-2014-0196
Version: 5
Platform(s): Ubuntu 13.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24668
 
Oval ID: oval:org.mitre.oval:def:24668
Title: USN-2202-1 -- linux vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2202-1
CVE-2014-0196
Version: 5
Platform(s): Ubuntu 12.10
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24673
 
Oval ID: oval:org.mitre.oval:def:24673
Title: USN-2199-1 -- linux-lts-quantal vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2199-1
CVE-2014-0196
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux-lts-quantal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24706
 
Oval ID: oval:org.mitre.oval:def:24706
Title: USN-2201-1 -- linux-lts-saucy vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2201-1
CVE-2014-0196
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux-lts-saucy
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24747
 
Oval ID: oval:org.mitre.oval:def:24747
Title: USN-2204-1 -- linux vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2204-1
CVE-2014-0196
Version: 4
Platform(s): Ubuntu 14.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24818
 
Oval ID: oval:org.mitre.oval:def:24818
Title: USN-2197-1 -- linux-ec2 vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2197-1
CVE-2014-0196
Version: 5
Platform(s): Ubuntu 10.04
Product(s): linux-ec2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24838
 
Oval ID: oval:org.mitre.oval:def:24838
Title: USN-2198-1 -- linux vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2198-1
CVE-2014-0196
Version: 5
Platform(s): Ubuntu 12.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24863
 
Oval ID: oval:org.mitre.oval:def:24863
Title: USN-2196-1 -- linux vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2196-1
CVE-2014-0196
Version: 5
Platform(s): Ubuntu 10.04
Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25233
 
Oval ID: oval:org.mitre.oval:def:25233
Title: SUSE-SU-2014:0667-1 -- Security update for Linux Kernel
Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix the following severe security issues: * CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. (bnc#875798) * CVE-2014-1738: The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. (bnc#875798) * CVE-2014-0196: The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. (bnc#875690)
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0667-1
CVE-2014-1737
CVE-2014-1738
CVE-2014-0196
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): Linux Kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25258
 
Oval ID: oval:org.mitre.oval:def:25258
Title: RHSA-2014:0678: kernel security update (Important)
Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline (LDISC) implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-0196, Important) All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0678-00
CVE-2014-0196
Version: 4
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27035
 
Oval ID: oval:org.mitre.oval:def:27035
Title: DEPRECATED: ELSA-2014-0328 -- kernel security and bug fix update (important)
Description: [2.6.32-431.11.2] - [net] sctp: fix sctp_sf_do_5_1D_ce to verify if peer is AUTH capable (Daniel Borkmann) [1070715 1067451] {CVE-2014-0101} - [vhost] validate vhost_get_vq_desc return value (Michael S. Tsirkin) [1062579 1058677] {CVE-2014-0055}
Family: unix Class: patch
Reference(s): ELSA-2014-0328
CVE-2013-1860
CVE-2014-0055
CVE-2014-0069
CVE-2014-0101
Version: 4
Platform(s): Oracle Linux 6
Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27162
 
Oval ID: oval:org.mitre.oval:def:27162
Title: ELSA-2014-0678 -- kernel security update (important)
Description: [3.10.0-123.1.2] - Oracle Linux certificates (Alexey Petrenko) [3.10.0-123.1.2] - [tty] n_tty: Fix n_tty_write crash when echoing in raw mode (Aristeu Rozanski) [1094241 1094242] {CVE-2014-0196}
Family: unix Class: patch
Reference(s): ELSA-2014-0678
CVE-2014-0196
Version: 3
Platform(s): Oracle Linux 7
Product(s): kernel
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 19
Application 9
Application 12
Application 9
Application 31
Application 12
Application 6
Application 25
Application 21
Application 25
Application 10
Application 19
Application 13
Application 24
Application 1
Application 1
Application 1
Application 6
Application 1
Application 4
Application 6
Application 6
Application 1
Hardware 7
Hardware 6
Hardware 3
Os 5
Os 2
Os 2077
Os 1
Os 1
Os 1
Os 3
Os 1
Os 2
Os 1
Os 1
Os 1
Os 1
Os 1
Os 2

ExploitDB Exploits

id Description
2014-05-26 Linux kernel 3.14-rc1 <= 3.15-rc4 - Raw Mode PTY Local Echo Race Condition...

Snort® IPS/IDS

Date Description
2016-03-15 Linux kernel SCTP handshake COOKIE ECHO Chunks denial of service attempt
RuleID : 37654 - Revision : 2 - Type : OS-LINUX
2016-03-14 Linux kernel SCTP handshake COOKIE ECHO Chunks denial of service attempt
RuleID : 37408 - Revision : 2 - Type : OS-LINUX

Nessus® Vulnerability Scanner

Date Description
2017-04-03 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0057.nasl - Type : ACT_GATHER_INFO
2015-03-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0290.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0520.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0512.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0432.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0419.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-0339.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-392.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-339.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15319.nasl - Type : ACT_GATHER_INFO
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15317.nasl - Type : ACT_GATHER_INFO
2014-07-31 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3053.nasl - Type : ACT_GATHER_INFO
2014-07-31 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3054.nasl - Type : ACT_GATHER_INFO
2014-07-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0678.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0678.nasl - Type : ACT_GATHER_INFO
2014-07-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0557.nasl - Type : ACT_GATHER_INFO
2014-07-17 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140709.nasl - Type : ACT_GATHER_INFO
2014-06-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2260-1.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-376.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-375.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-124.nasl - Type : ACT_GATHER_INFO
2014-05-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2228-1.nasl - Type : ACT_GATHER_INFO
2014-05-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2225-1.nasl - Type : ACT_GATHER_INFO
2014-05-28 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2224-1.nasl - Type : ACT_GATHER_INFO
2014-05-28 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2223-1.nasl - Type : ACT_GATHER_INFO
2014-05-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2221-1.nasl - Type : ACT_GATHER_INFO
2014-05-22 Name : The remote Fedora host is missing a security update.
File : fedora_2014-6354.nasl - Type : ACT_GATHER_INFO
2014-05-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3034.nasl - Type : ACT_GATHER_INFO
2014-05-16 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140513.nasl - Type : ACT_GATHER_INFO
2014-05-16 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2928.nasl - Type : ACT_GATHER_INFO
2014-05-13 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2926.nasl - Type : ACT_GATHER_INFO
2014-05-12 Name : The remote Fedora host is missing a security update.
File : fedora_2014-6122.nasl - Type : ACT_GATHER_INFO
2014-05-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2197-1.nasl - Type : ACT_GATHER_INFO
2014-05-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2196-1.nasl - Type : ACT_GATHER_INFO
2014-05-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2198-1.nasl - Type : ACT_GATHER_INFO
2014-05-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2199-1.nasl - Type : ACT_GATHER_INFO
2014-05-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2200-1.nasl - Type : ACT_GATHER_INFO
2014-05-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2202-1.nasl - Type : ACT_GATHER_INFO
2014-05-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2203-1.nasl - Type : ACT_GATHER_INFO
2014-05-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2204-1.nasl - Type : ACT_GATHER_INFO
2014-05-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2201-1.nasl - Type : ACT_GATHER_INFO
2014-04-27 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2174-1.nasl - Type : ACT_GATHER_INFO
2014-04-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2173-1.nasl - Type : ACT_GATHER_INFO
2014-04-27 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2906.nasl - Type : ACT_GATHER_INFO
2014-03-28 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3016.nasl - Type : ACT_GATHER_INFO
2014-03-28 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-317.nasl - Type : ACT_GATHER_INFO
2014-03-27 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3015.nasl - Type : ACT_GATHER_INFO
2014-03-27 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3014.nasl - Type : ACT_GATHER_INFO
2014-03-26 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140325_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-03-26 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0328.nasl - Type : ACT_GATHER_INFO
2014-03-26 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0328.nasl - Type : ACT_GATHER_INFO
2014-03-26 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0328.nasl - Type : ACT_GATHER_INFO
2014-03-10 Name : The remote Fedora host is missing a security update.
File : fedora_2014-3448.nasl - Type : ACT_GATHER_INFO
2014-03-07 Name : The remote Fedora host is missing a security update.
File : fedora_2014-3442.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-11-08 13:32:07
  • Multiple Updates
2014-05-20 17:20:09
  • First insertion