Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support update for kernel



Published: 2018-10-16
Risk Medium
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2018-10675
CVE-2018-14634
CVE-2018-5390
CVE-2018-5391
CWE-ID CWE-416
CWE-190
CWE-400
CWE-20
Exploitation vector Network
Public exploit Public exploit code for vulnerability #2 is available.
Vulnerable software
Subscribe
Red Hat Enterprise Linux Server - TUS
Operating systems & Components / Operating system

Red Hat Enterprise Linux Server - AUS
Operating systems & Components / Operating system

kernel (Red Hat package)
Operating systems & Components / Operating system package or component

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Use-after-free error

EUVDB-ID: #VU13023

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-10675

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the do_get_mempolicy function in mm/mempolicy.c due to use-after-free error. A local attacker can use specially crafted system calls, trigger memory corruption and cause the service to crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server - TUS: 6.6

Red Hat Enterprise Linux Server - AUS: 6.6

kernel (Red Hat package): before 2.6.32-504.76.2.el6

External links

http://access.redhat.com/errata/RHSA-2018:2924


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Integer overflow

EUVDB-ID: #VU15168

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-14634

CWE-ID: CWE-190 - Integer overflow

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow in create_elf_tables() function when processing SUID binaries. A local unprivileged user can use this vulnerability to execute execute arbitrary code on the system with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server - TUS: 6.6

Red Hat Enterprise Linux Server - AUS: 6.6

kernel (Red Hat package): before 2.6.32-504.76.2.el6

External links

http://access.redhat.com/errata/RHSA-2018:2924


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Resource exhaustion

EUVDB-ID: #VU14200

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5390

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to the system uses an inefficient TCP reassembly algorithm. A remote attacker can send specially crafted packets within ongoing TCP sessions to consume excessive CPU resources and cause the service to crash.

Note: The issue has been called "SegmentSmack".

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server - TUS: 6.6

Red Hat Enterprise Linux Server - AUS: 6.6

kernel (Red Hat package): before 2.6.32-504.76.2.el6

External links

http://access.redhat.com/errata/RHSA-2018:2924


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper input validation

EUVDB-ID: #VU14437

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5391

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to an error when handling reassembly of fragmented IPv4 and IPv6 packets. A remote attacker can send specially crafted packets, trigger time and calculation expensive fragment reassembly algorithms and cause the service to crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Server - TUS: 6.6

Red Hat Enterprise Linux Server - AUS: 6.6

kernel (Red Hat package): before 2.6.32-504.76.2.el6

External links

http://access.redhat.com/errata/RHSA-2018:2924


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###