Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871031
Category:Red Hat Local Security Checks
Title:RedHat Update for kernel RHSA-2013:1166-01
Summary:The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A flaw was found in the way the Linux kernel's Stream Control
Transmission Protocol (SCTP) implementation handled duplicate cookies. If a
local user queried SCTP connection information at the same time a remote
attacker has initialized a crafted SCTP connection to the system, it could
trigger a NULL pointer dereference, causing the system to crash.
(CVE-2013-2206, Important)

* It was found that the fix for CVE-2012-3552 released via RHSA-2012:1540
introduced an invalid free flaw in the Linux kernel's TCP/IP protocol suite
implementation. A local, unprivileged user could use this flaw to corrupt
kernel memory via crafted sendmsg() calls, allowing them to cause a denial
of service or, potentially, escalate their privileges on the system.
(CVE-2013-2224, Important)

* An invalid pointer dereference flaw was found in the Linux kernel's
TCP/IP protocol suite implementation. A local, unprivileged user could use
this flaw to crash the system or, potentially, escalate their privileges on
the system by using sendmsg() with an IPv6 socket connected to an IPv4
destination. (CVE-2013-2232, Moderate)

* Information leak flaws in the Linux kernel could allow a privileged,
local user to leak kernel memory to user-space. (CVE-2013-2164,
CVE-2013-2147, CVE-2013-2234, CVE-2013-2237, Low)

This update also fixes several bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

Affected Software/OS:
kernel on Red Hat Enterprise Linux (v. 5 server)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-2147
http://lkml.org/lkml/2013/6/3/127
http://lkml.org/lkml/2013/6/3/131
http://www.openwall.com/lists/oss-security/2013/06/05/25
RedHat Security Advisories: RHSA-2013:1166
http://rhn.redhat.com/errata/RHSA-2013-1166.html
SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
http://www.ubuntu.com/usn/USN-1994-1
http://www.ubuntu.com/usn/USN-1996-1
http://www.ubuntu.com/usn/USN-1997-1
http://www.ubuntu.com/usn/USN-1999-1
http://www.ubuntu.com/usn/USN-2015-1
http://www.ubuntu.com/usn/USN-2016-1
http://www.ubuntu.com/usn/USN-2017-1
http://www.ubuntu.com/usn/USN-2020-1
http://www.ubuntu.com/usn/USN-2023-1
http://www.ubuntu.com/usn/USN-2050-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2164
Debian Security Information: DSA-2766 (Google Search)
http://www.debian.org/security/2013/dsa-2766
http://www.openwall.com/lists/oss-security/2013/06/10/9
RedHat Security Advisories: RHSA-2013:1645
http://rhn.redhat.com/errata/RHSA-2013-1645.html
SuSE Security Announcement: SUSE-SU-2013:1473 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html
SuSE Security Announcement: SUSE-SU-2013:1474 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html
SuSE Security Announcement: openSUSE-SU-2013:1971 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html
http://www.ubuntu.com/usn/USN-1912-1
http://www.ubuntu.com/usn/USN-1913-1
http://www.ubuntu.com/usn/USN-1941-1
http://www.ubuntu.com/usn/USN-1942-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2206
http://www.openwall.com/lists/oss-security/2013/06/21/1
RedHat Security Advisories: RHSA-2013:1173
http://rhn.redhat.com/errata/RHSA-2013-1173.html
SuSE Security Announcement: SUSE-SU-2013:1744 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00020.html
SuSE Security Announcement: SUSE-SU-2013:1748 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00021.html
SuSE Security Announcement: SUSE-SU-2013:1749 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00023.html
SuSE Security Announcement: SUSE-SU-2013:1750 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00024.html
http://www.ubuntu.com/usn/USN-1939-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2224
http://www.openwall.com/lists/oss-security/2013/06/30/7
RedHat Security Advisories: RHSA-2013:1450
http://rhn.redhat.com/errata/RHSA-2013-1450.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-2232
http://www.openwall.com/lists/oss-security/2013/07/02/5
http://www.ubuntu.com/usn/USN-1938-1
http://www.ubuntu.com/usn/USN-1943-1
http://www.ubuntu.com/usn/USN-1944-1
http://www.ubuntu.com/usn/USN-1945-1
http://www.ubuntu.com/usn/USN-1946-1
http://www.ubuntu.com/usn/USN-1947-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2234
http://www.openwall.com/lists/oss-security/2013/07/02/7
Common Vulnerability Exposure (CVE) ID: CVE-2013-2237
http://www.openwall.com/lists/oss-security/2013/07/04/3
http://www.ubuntu.com/usn/USN-1970-1
http://www.ubuntu.com/usn/USN-1972-1
http://www.ubuntu.com/usn/USN-1973-1
http://www.ubuntu.com/usn/USN-1992-1
http://www.ubuntu.com/usn/USN-1993-1
http://www.ubuntu.com/usn/USN-1995-1
http://www.ubuntu.com/usn/USN-1998-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-3552
http://www.openwall.com/lists/oss-security/2012/08/31/11
RedHat Security Advisories: RHSA-2012:1540
http://rhn.redhat.com/errata/RHSA-2012-1540.html
CopyrightCopyright (C) 2013 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.