Rapid7 Vulnerability & Exploit Database

RHSA-2001:013: Three security holes fixed in new kernel

Back to Search

RHSA-2001:013: Three security holes fixed in new kernel



Three security holes fixed in new kernel, and several other updates and bug fixes have been applied as well.

Three security holes have been fixed in the kernel. One involves ptrace, another involves sysctl, and the last is specific to some Intel CPUs. All three security holes involve local access only (they do not provide a hole to remote attackers without a local account). The ptrace and sysctl bugs provide local users with the potential to compromise the root account. Neither has an active exploit available at the time of this writing. The last security hole is a DOS (Denial Of Service) that does not provide access to the root account but does allow any user with shell access the ability to halt the CPU. All users are strongly recommended to upgrade. In addition to the security fixes, these kernels contain more advanced support for the Intel Pentium 4 processors, as well as a number of driver updates. These updates include e100, sis900, cs46xx, qla1x160, qla2x00, ServeRAID, and ipvs. In addition, a number of other bugs have been fixed. Most notably, the RAW I/O facility could corrupt data under certain usage patterns.


  • redhat-upgrade-kernel
  • redhat-upgrade-kernel-boot
  • redhat-upgrade-kernel-doc
  • redhat-upgrade-kernel-enterprise
  • redhat-upgrade-kernel-ibcs
  • redhat-upgrade-kernel-pcmcia-cs
  • redhat-upgrade-kernel-smp
  • redhat-upgrade-kernel-source
  • redhat-upgrade-kernel-utils

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center