SUSE-SA:2005:029: kernel

high Nessus Plugin ID 18462

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2005:029 (kernel).


The Linux kernel is the core component of the Linux system.

This update fixes various security as well as non-security problems discovered since the last round of kernel updates.


The following security problems have been fixed:

- when creating directories on ext2 filesystems the kernel did not zero initialize the memory allocated. Therefore potentially sensitive information could be exposed to users (CVE-2005-0400).

All SUSE LINUX based products are affected.

- local users can crash the kernel via a crafted ELF library or executable, which causes a free of an invalid pointer (CVE-2005-0749).

All SUSE LINUX based products are affected.

- local users could gain root access via a bluetooth socket (CVE-2005-0750).

The fix for this problem was missing in SUSE LINUX 9.3 only.

- local users could gain root access by causing a core dump of specially crafted ELF executables (CVE-2005-1263).

The problem is believed to be not exploitable on any SUSE LINUX based product. The patch is included nevertheless.

- on the x86-64 platform various bugs allowed local users to crash the kernel or CPU (CVE-2005-0756, CVE-2005-1762, CVE-2005-1764, CVE-2005-1765)

All SUSE LINUX based products on the x86-64 architecture are affected.

- an overflow in the x86-64 ptrace code allowed local users to write a few bytes into kernel memory pages they normally shouldn't have access to (CVE-2005-1763).

SLES 9 and SUSE LINUX 9.1-9.3 on the x86-64 architecture are affected.

- insufficient checks in the 32bit DRM ioctl functions could allow unprivileged local users to gain root access.

SLES 9 and SUSE LINUX 9.1-9.3 on the x86-64 architecture are affected.

Solution

http://www.suse.de/security/advisories/2005_29_kernel.html

Plugin Details

Severity: High

ID: 18462

File Name: suse_SA_2005_029.nasl

Version: 1.9

Agent: unix

Published: 6/10/2005

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list