Scientific Linux Security Update : kernel on SL5.x i386/x86_64

2012-08-0100:00:00

www.tenable.com

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.023

Percentile

89.9%

JSON

a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a denial of service or potential remote access. Exploitation would require the attacker to be able to send arbitrary frames over the ISDN network to the victim’s machine. (CVE-2007-1217, Moderate)
- a flaw in the perfmon subsystem on ia64 platforms that allowed a local user to cause a denial of service.
  (CVE-2006-0558, Moderate)

In addition, the following bugs were addressed :

a panic after reloading of the LSI Fusion driver.
a vm performance problem was corrected by balancing inactive page lists.
added a nodirplus option to address NFSv3 performance issues with large directories.
changed the personality handling to disallow personality changes of setuid and setgid binaries. This ensures they keep any randomization and Exec-shield protection.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(60247);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2006-0558", "CVE-2007-1217");

  script_name(english:"Scientific Linux Security Update : kernel on SL5.x i386/x86_64");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Scientific Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"  - a flaw in the ISDN CAPI subsystem that allowed a remote
    user to cause a denial of service or potential remote
    access. Exploitation would require the attacker to be
    able to send arbitrary frames over the ISDN network to
    the victim's machine. (CVE-2007-1217, Moderate)

  - a flaw in the perfmon subsystem on ia64 platforms that
    allowed a local user to cause a denial of service.
    (CVE-2006-0558, Moderate)

In addition, the following bugs were addressed :

  - a panic after reloading of the LSI Fusion driver.

  - a vm performance problem was corrected by balancing
    inactive page lists.

  - added a nodirplus option to address NFSv3 performance
    issues with large directories.

  - changed the personality handling to disallow personality
    changes of setuid and setgid binaries. This ensures they
    keep any randomization and Exec-shield protection."
  );
  # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0709&L=scientific-linux-errata&T=0&P=910
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6d809d8c"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2007/09/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Scientific Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);


flag = 0;
if (rpm_check(release:"SL5", reference:"kernel-2.6.18-8.1.10.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-2.6.18-8.1.10.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-PAE-devel-2.6.18-8.1.10.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-devel-2.6.18-8.1.10.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"i386", reference:"kernel-doc-2.6.18-8.1.10.el5")) flag++;
if (rpm_check(release:"SL5", cpu:"x86_64", reference:"kernel-headers-2.6.18-8.1.10.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-2.6.18-8.1.10.el5")) flag++;
if (rpm_check(release:"SL5", reference:"kernel-xen-devel-2.6.18-8.1.10.el5")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");