Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871268
Category:Red Hat Local Security Checks
Title:RedHat Update for kernel RHSA-2014:1392-01
Summary:The remote host is missing an update for the 'kernel'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A NULL pointer dereference flaw was found in the way the Linux kernel's
Stream Control Transmission Protocol (SCTP) implementation handled
simultaneous connections between the same hosts. A remote attacker could
use this flaw to crash the system. (CVE-2014-5077, Important)

* An integer overflow flaw was found in the way the Linux kernel's Frame
Buffer device implementation mapped kernel memory to user space via the
mmap syscall. A local user able to access a frame buffer device file
(/dev/fb*) could possibly use this flaw to escalate their privileges on the
system. (CVE-2013-2596, Important)

* A flaw was found in the way the ipc_rcu_putref() function in the Linux
kernel's IPC implementation handled reference counter decrementing.
A local, unprivileged user could use this flaw to trigger an Out of Memory
(OOM) condition and, potentially, crash the system. (CVE-2013-4483,
Moderate)

* It was found that the permission checks performed by the Linux kernel
when a netlink message was received were not sufficient. A local,
unprivileged user could potentially bypass these restrictions by passing a
netlink socket as stdout or stderr to a more privileged process and
altering the output of this process. (CVE-2014-0181, Moderate)

* It was found that the try_to_unmap_cluster() function in the Linux
kernel's Memory Management subsystem did not properly handle page locking in
certain cases, which could potentially trigger the BUG_ON() macro in the
mlock_vma_page() function. A local, unprivileged user could use this flaw
to crash the system. (CVE-2014-3122, Moderate)

* A flaw was found in the way the Linux kernel's kvm_iommu_map_pages()
function handled IOMMU mapping failures. A privileged user in a guest with
an assigned host device could use this flaw to crash the host.
(CVE-2014-3601, Moderate)

* Multiple use-after-free flaws were found in the way the Linux kernel's
Advanced Linux Sound Architecture (ALSA) implementation handled user
controls. A local, privileged user could use either of these flaws to crash
the system. (CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, Moderate)

* A flaw was found in the way the Linux kernel's VFS subsystem handled
reference counting when performing unmount operations on symbolic links.
A local, unprivileged user could use this flaw to exhaust all available
memory on the system or, potentially, trigger a use-after-free error,
resulting in a system crash or privilege esca ...

Description truncated, please see the referenced URL(s) for more information.

Affected Software/OS:
kernel on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-2596
BugTraq ID: 59264
http://www.securityfocus.com/bid/59264
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
http://forum.xda-developers.com/showthread.php?t=2255491
http://www.droid-life.com/2013/04/09/root-method-released-for-droid-razr-hd-running-android-4-1-2-other-devices-too/
http://www.droidrzr.com/index.php/topic/15208-root-motochopper-yet-another-android-root-exploit/
http://marc.info/?l=linux-kernel&m=136616837923938&w=2
RedHat Security Advisories: RHSA-2015:0695
http://rhn.redhat.com/errata/RHSA-2015-0695.html
RedHat Security Advisories: RHSA-2015:0782
http://rhn.redhat.com/errata/RHSA-2015-0782.html
RedHat Security Advisories: RHSA-2015:0803
http://rhn.redhat.com/errata/RHSA-2015-0803.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-4483
http://www.openwall.com/lists/oss-security/2013/10/30/4
RedHat Security Advisories: RHSA-2014:0285
http://rhn.redhat.com/errata/RHSA-2014-0285.html
RedHat Security Advisories: RHSA-2015:0284
http://rhn.redhat.com/errata/RHSA-2015-0284.html
SuSE Security Announcement: openSUSE-SU-2014:0247 (Google Search)
http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-0181
http://marc.info/?l=linux-netdev&m=139828832919748&w=2
http://www.openwall.com/lists/oss-security/2014/04/23/6
RedHat Security Advisories: RHSA-2014:1959
http://rhn.redhat.com/errata/RHSA-2014-1959.html
SuSE Security Announcement: SUSE-SU-2015:0481 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
SuSE Security Announcement: SUSE-SU-2015:0652 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html
SuSE Security Announcement: SUSE-SU-2015:0736 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
SuSE Security Announcement: SUSE-SU-2015:0812 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html
SuSE Security Announcement: openSUSE-SU-2015:0566 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-3122
BugTraq ID: 67162
http://www.securityfocus.com/bid/67162
Debian Security Information: DSA-2926 (Google Search)
http://www.debian.org/security/2014/dsa-2926
http://www.openwall.com/lists/oss-security/2014/05/01/7
http://secunia.com/advisories/59386
http://secunia.com/advisories/59599
http://www.ubuntu.com/usn/USN-2240-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-3601
BugTraq ID: 69489
http://www.securityfocus.com/bid/69489
http://secunia.com/advisories/60830
http://www.ubuntu.com/usn/USN-2356-1
http://www.ubuntu.com/usn/USN-2357-1
http://www.ubuntu.com/usn/USN-2358-1
http://www.ubuntu.com/usn/USN-2359-1
XForce ISS Database: linux-kernel-cve20143601-dos(95689)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95689
Common Vulnerability Exposure (CVE) ID: CVE-2014-4608
BugTraq ID: 68214
http://www.securityfocus.com/bid/68214
http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html
http://www.oberhumer.com/opensource/lzo/
https://www.securitymouse.com/lms-2014-06-16-2
http://www.openwall.com/lists/oss-security/2014/06/26/21
RedHat Security Advisories: RHSA-2015:0062
http://rhn.redhat.com/errata/RHSA-2015-0062.html
http://secunia.com/advisories/60011
http://secunia.com/advisories/60174
http://secunia.com/advisories/62633
http://www.ubuntu.com/usn/USN-2416-1
http://www.ubuntu.com/usn/USN-2417-1
http://www.ubuntu.com/usn/USN-2418-1
http://www.ubuntu.com/usn/USN-2419-1
http://www.ubuntu.com/usn/USN-2420-1
http://www.ubuntu.com/usn/USN-2421-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-4653
BugTraq ID: 68164
http://www.securityfocus.com/bid/68164
http://www.openwall.com/lists/oss-security/2014/06/26/6
RedHat Security Advisories: RHSA-2014:1083
http://rhn.redhat.com/errata/RHSA-2014-1083.html
http://secunia.com/advisories/59434
http://secunia.com/advisories/59777
http://secunia.com/advisories/60545
http://secunia.com/advisories/60564
http://www.ubuntu.com/usn/USN-2334-1
http://www.ubuntu.com/usn/USN-2335-1
Common Vulnerability Exposure (CVE) ID: CVE-2014-4654
BugTraq ID: 68162
http://www.securityfocus.com/bid/68162
Common Vulnerability Exposure (CVE) ID: CVE-2014-4655
http://www.securitytracker.com/id/1036763
Common Vulnerability Exposure (CVE) ID: CVE-2014-5045
BugTraq ID: 68862
http://www.securityfocus.com/bid/68862
http://www.openwall.com/lists/oss-security/2014/07/24/2
http://secunia.com/advisories/60353
Common Vulnerability Exposure (CVE) ID: CVE-2014-5077
BugTraq ID: 68881
http://www.securityfocus.com/bid/68881
http://www.openwall.com/lists/oss-security/2014/07/26/1
RedHat Security Advisories: RHSA-2014:1668
http://rhn.redhat.com/errata/RHSA-2014-1668.html
RedHat Security Advisories: RHSA-2014:1763
http://rhn.redhat.com/errata/RHSA-2014-1763.html
http://www.securitytracker.com/id/1030681
http://secunia.com/advisories/60430
http://secunia.com/advisories/60744
http://secunia.com/advisories/62563
SuSE Security Announcement: SUSE-SU-2014:1316 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html
SuSE Security Announcement: SUSE-SU-2014:1319 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html
XForce ISS Database: linux-kernel-cve20145077-dos(95134)
https://exchange.xforce.ibmcloud.com/vulnerabilities/95134
CopyrightCopyright (C) 2014 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.