SUSE-SA:2004:028: kernel

high Nessus Plugin ID 14600

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2004:028 (kernel).

Various signedness issues and integer overflows have been fixed within kNFSd and the XDR decode functions of kernel 2.6.
These bugs can be triggered remotely by sending a package with a trusted source IP address and a write request with a size greater then 2^31.
The result will be a kernel Oops, it is unknown if this bug is otherwise exploitable yet.
Kernel 2.4 nfsd code is different but may suffer from the same vulnerability.
Additionally a local denial-of-service condition via /dev/ptmx, which affects kernel 2.6 only has been fixed. Thanks to Jan Engelhardt for reporting this issue to us.

Solution

http://www.suse.de/security/2004_28_kernel.html

Plugin Details

Severity: High

ID: 14600

File Name: suse_SA_2004_028.nasl

Version: 1.15

Agent: unix

Family: SuSE Local Security Checks

Published: 9/1/2004

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Reference Information

BID: 11081

Detections

Analytics