English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.881717
Category:CentOS Local Security Checks
Title:CentOS Update for kernel CESA-2013:0747 centos5
Summary:The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A flaw was found in the Xen netback driver implementation in the Linux
kernel. A privileged guest user with access to a para-virtualized network
device could use this flaw to cause a long loop in netback, leading to a
denial of service that could potentially affect the entire system.
(CVE-2013-0216, Moderate)

* A flaw was found in the Xen PCI device back-end driver implementation in
the Linux kernel. A privileged guest user in a guest that has a PCI
passthrough device could use this flaw to cause a denial of service that
could potentially affect the entire system. (CVE-2013-0231, Moderate)

* A NULL pointer dereference flaw was found in the IP packet transformation
framework (XFRM) implementation in the Linux kernel. A local user who has
the CAP_NET_ADMIN capability could use this flaw to cause a denial of
service. (CVE-2013-1826, Moderate)

* Information leak flaws were found in the XFRM implementation in the
Linux kernel. A local user who has the CAP_NET_ADMIN capability could use
these flaws to leak kernel stack memory to user-space. (CVE-2012-6537, Low)

* An information leak flaw was found in the logical link control (LLC)
implementation in the Linux kernel. A local, unprivileged user could use
this flaw to leak kernel stack memory to user-space. (CVE-2012-6542, Low)

* Two information leak flaws were found in the Linux kernel's Asynchronous
Transfer Mode (ATM) subsystem. A local, unprivileged user could use these
flaws to leak kernel stack memory to user-space. (CVE-2012-6546, Low)

* An information leak flaw was found in the TUN/TAP device driver in the
Linux kernel's networking implementation. A local user with access to a
TUN/TAP virtual interface could use this flaw to leak kernel stack memory
to user-space. (CVE-2012-6547, Low)

Red Hat would like to thank the Xen project for reporting the CVE-2013-0216
and CVE-2013-0231 issues.

This update also fixes the following bugs:

* The IPv4 code did not correctly update the Maximum Transfer Unit (MTU) of
the designed interface when receiving ICMP Fragmentation Needed packets.
Consequently, a remote host did not respond correctly to ping attempts.
With this update, the IPv4 code has been modified so the MTU of the
designed interface is adjusted as expected in this situation. The ping
command now provides the expected output. (BZ#923353)

* Previously, the be2net code expected the last word of an MCC complete ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
kernel on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
6.2

CVSS Vector:
AV:L/AC:H/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-6537
http://www.openwall.com/lists/oss-security/2013/03/05/13
RedHat Security Advisories: RHSA-2013:0744
http://rhn.redhat.com/errata/RHSA-2013-0744.html
http://www.ubuntu.com/usn/USN-1792-1
http://www.ubuntu.com/usn/USN-1798-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-6542
RedHat Security Advisories: RHSA-2013:1645
http://rhn.redhat.com/errata/RHSA-2013-1645.html
http://www.ubuntu.com/usn/USN-1805-1
http://www.ubuntu.com/usn/USN-1808-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-6546
Common Vulnerability Exposure (CVE) ID: CVE-2012-6547
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
Common Vulnerability Exposure (CVE) ID: CVE-2013-0216
MDVSA-2013:176
SUSE-SU-2013:0674
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html
[oss-security] 20130205 Xen Security Advisory 39 (CVE-2013-0216,CVE-2013-0217) - Linux netback DoS via malicious guest ring.
http://www.openwall.com/lists/oss-security/2013/02/05/12
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=48856286b64e4b66ec62b94e504d0b29c1ade664
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.7.8
https://bugzilla.redhat.com/show_bug.cgi?id=910883
https://github.com/torvalds/linux/commit/48856286b64e4b66ec62b94e504d0b29c1ade664
openSUSE-SU-2013:0395
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00004.html
openSUSE-SU-2013:0925
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-0231
52059
http://secunia.com/advisories/52059
57740
http://www.securityfocus.com/bid/57740
89903
http://osvdb.org/89903
DSA-2632
http://www.debian.org/security/2013/dsa-2632
[oss-security] 20130205 Xen Security Advisory 43 (CVE-2013-0231) - Linux pciback DoS via not rate limited log messages.
http://www.openwall.com/lists/oss-security/2013/02/05/9
xen-pcibackenablemsi-dos(81923)
https://exchange.xforce.ibmcloud.com/vulnerabilities/81923
Common Vulnerability Exposure (CVE) ID: CVE-2013-1826
RHSA-2013:0744
USN-1829-1
http://www.ubuntu.com/usn/USN-1829-1
[oss-security] 20130307 Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
http://www.openwall.com/lists/oss-security/2013/03/07/2
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=864745d291b5ba80ea0bd0edcbe67273de368836
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.7
https://bugzilla.redhat.com/show_bug.cgi?id=919384
https://github.com/torvalds/linux/commit/864745d291b5ba80ea0bd0edcbe67273de368836
Common Vulnerability Exposure (CVE) ID: CVE-2013-0217
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7d5145d8eb2b9791533ffe4dc003b129b9696c48
https://github.com/torvalds/linux/commit/7d5145d8eb2b9791533ffe4dc003b129b9696c48
CopyrightCopyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.