English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871031
Category:Red Hat Local Security Checks
Title:RedHat Update for kernel RHSA-2013:1166-01
Summary:The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A flaw was found in the way the Linux kernel's Stream Control
Transmission Protocol (SCTP) implementation handled duplicate cookies. If a
local user queried SCTP connection information at the same time a remote
attacker has initialized a crafted SCTP connection to the system, it could
trigger a NULL pointer dereference, causing the system to crash.
(CVE-2013-2206, Important)

* It was found that the fix for CVE-2012-3552 released via RHSA-2012:1540
introduced an invalid free flaw in the Linux kernel's TCP/IP protocol suite
implementation. A local, unprivileged user could use this flaw to corrupt
kernel memory via crafted sendmsg() calls, allowing them to cause a denial
of service or, potentially, escalate their privileges on the system.
(CVE-2013-2224, Important)

* An invalid pointer dereference flaw was found in the Linux kernel's
TCP/IP protocol suite implementation. A local, unprivileged user could use
this flaw to crash the system or, potentially, escalate their privileges on
the system by using sendmsg() with an IPv6 socket connected to an IPv4
destination. (CVE-2013-2232, Moderate)

* Information leak flaws in the Linux kernel could allow a privileged,
local user to leak kernel memory to user-space. (CVE-2013-2164,
CVE-2013-2147, CVE-2013-2234, CVE-2013-2237, Low)

This update also fixes several bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.

Affected Software/OS:
kernel on Red Hat Enterprise Linux (v. 5 server)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.1

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-2147
RHSA-2013:1166
http://rhn.redhat.com/errata/RHSA-2013-1166.html
SUSE-SU-2015:0812
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
USN-1994-1
http://www.ubuntu.com/usn/USN-1994-1
USN-1996-1
http://www.ubuntu.com/usn/USN-1996-1
USN-1997-1
http://www.ubuntu.com/usn/USN-1997-1
USN-1999-1
http://www.ubuntu.com/usn/USN-1999-1
USN-2015-1
http://www.ubuntu.com/usn/USN-2015-1
USN-2016-1
http://www.ubuntu.com/usn/USN-2016-1
USN-2017-1
http://www.ubuntu.com/usn/USN-2017-1
USN-2020-1
http://www.ubuntu.com/usn/USN-2020-1
USN-2023-1
http://www.ubuntu.com/usn/USN-2023-1
USN-2050-1
http://www.ubuntu.com/usn/USN-2050-1
[linux-kernel] 20130603 [patch] cciss: info leak in cciss_ioctl32_passthru()
http://lkml.org/lkml/2013/6/3/127
[linux-kernel] 20130603 [patch] cpqarray: info leak in ida_locked_ioctl()
http://lkml.org/lkml/2013/6/3/131
[oss-security] 20130605 Re: CVE request: kernel: cpqarray/c: info leak in ida_locked_ioctl()
http://www.openwall.com/lists/oss-security/2013/06/05/25
https://bugzilla.redhat.com/show_bug.cgi?id=971242
Common Vulnerability Exposure (CVE) ID: CVE-2013-2164
DSA-2766
http://www.debian.org/security/2013/dsa-2766
RHSA-2013:1645
http://rhn.redhat.com/errata/RHSA-2013-1645.html
SUSE-SU-2013:1473
http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html
SUSE-SU-2013:1474
http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html
USN-1912-1
http://www.ubuntu.com/usn/USN-1912-1
USN-1913-1
http://www.ubuntu.com/usn/USN-1913-1
USN-1941-1
http://www.ubuntu.com/usn/USN-1941-1
USN-1942-1
http://www.ubuntu.com/usn/USN-1942-1
[oss-security] 20130610 Re: CVE Request: Linux Kernel - Leak information in cdrom driver.
http://www.openwall.com/lists/oss-security/2013/06/10/9
http://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/drivers/cdrom/cdrom.c?id=050e4b8fb7cdd7096c987a9cd556029c622c7fe2
https://bugzilla.redhat.com/show_bug.cgi?id=973100
openSUSE-SU-2013:1971
http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-2206
RHSA-2013:1173
http://rhn.redhat.com/errata/RHSA-2013-1173.html
SUSE-SU-2013:1744
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00020.html
SUSE-SU-2013:1748
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00021.html
SUSE-SU-2013:1749
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00023.html
SUSE-SU-2013:1750
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00024.html
USN-1939-1
http://www.ubuntu.com/usn/USN-1939-1
[oss-security] 20130620 Re: CVE Request -- Linux kernel: sctp: duplicate cookie handling NULL pointer dereference
http://www.openwall.com/lists/oss-security/2013/06/21/1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f2815633504b442ca0b0605c16bf3d88a3a0fcea
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.5
https://bugzilla.redhat.com/show_bug.cgi?id=976562
https://github.com/torvalds/linux/commit/f2815633504b442ca0b0605c16bf3d88a3a0fcea
Common Vulnerability Exposure (CVE) ID: CVE-2013-2224
RHSA-2013:1450
http://rhn.redhat.com/errata/RHSA-2013-1450.html
[oss-security] 20130630 Re: CVE request: Kernel 2.6.32+ IP_RETOPTS Buffer Poisoning DoS
http://www.openwall.com/lists/oss-security/2013/06/30/7
https://bugzilla.redhat.com/show_bug.cgi?id=979936
Common Vulnerability Exposure (CVE) ID: CVE-2013-2232
USN-1938-1
http://www.ubuntu.com/usn/USN-1938-1
USN-1943-1
http://www.ubuntu.com/usn/USN-1943-1
USN-1944-1
http://www.ubuntu.com/usn/USN-1944-1
USN-1945-1
http://www.ubuntu.com/usn/USN-1945-1
USN-1946-1
http://www.ubuntu.com/usn/USN-1946-1
USN-1947-1
http://www.ubuntu.com/usn/USN-1947-1
[oss-security] 20130702 Re: CVE Request: kernel: ipv6: using ipv4 vs ipv6 structure during routing lookup in sendmsg
http://www.openwall.com/lists/oss-security/2013/07/02/5
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a963a37d384d71ad43b3e9e79d68d42fbe0901f3
https://github.com/torvalds/linux/commit/a963a37d384d71ad43b3e9e79d68d42fbe0901f3
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2
Common Vulnerability Exposure (CVE) ID: CVE-2013-2234
[oss-security] 20130702 Re: CVE Request: information leak in AF_KEY notify messages
http://www.openwall.com/lists/oss-security/2013/07/02/7
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887
https://bugzilla.redhat.com/show_bug.cgi?id=980995
https://github.com/torvalds/linux/commit/a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887
Common Vulnerability Exposure (CVE) ID: CVE-2013-2237
USN-1970-1
http://www.ubuntu.com/usn/USN-1970-1
USN-1972-1
http://www.ubuntu.com/usn/USN-1972-1
USN-1973-1
http://www.ubuntu.com/usn/USN-1973-1
USN-1992-1
http://www.ubuntu.com/usn/USN-1992-1
USN-1993-1
http://www.ubuntu.com/usn/USN-1993-1
USN-1995-1
http://www.ubuntu.com/usn/USN-1995-1
USN-1998-1
http://www.ubuntu.com/usn/USN-1998-1
[oss-security] 20130703 Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush
http://www.openwall.com/lists/oss-security/2013/07/04/3
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=85dfb745ee40232876663ae206cba35f24ab2a40
https://bugzilla.redhat.com/show_bug.cgi?id=981220
https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40
https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.9.bz2
Common Vulnerability Exposure (CVE) ID: CVE-2012-3552
RHSA-2012:1540
http://rhn.redhat.com/errata/RHSA-2012-1540.html
[oss-security] 20120831 Re: CVE Request -- kernel: net: slab corruption due to improper synchronization around inet->opt
http://www.openwall.com/lists/oss-security/2012/08/31/11
http://ftp.osuosl.org/pub/linux/kernel/v3.0/ChangeLog-3.0
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f6d8bd051c391c1c0458a30b2a7abcd939329259
https://bugzilla.redhat.com/show_bug.cgi?id=853465
https://github.com/torvalds/linux/commit/f6d8bd051c391c1c0458a30b2a7abcd939329259
CopyrightCopyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.