SuSE9 Security Update : Linux kernel (YOU Patch Number 12541)

high Nessus Plugin ID 42812

Synopsis

The remote SuSE 9 host is missing a security-related patch.

Description

This update fixes various security issues and some bugs in the SUSE Linux Enterprise 9 kernel.

The following security bugs were fixed :

- A race condition in the pipe(2) systemcall could be used by local attackers to execute code. (CVE-2009-3547)

- On x86_64 systems a information leak of high register contents (upper 32bit) was fixed. (CVE-2009-2910)

- The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. (CVE-2009-1192)

- Unsigned check in the ax25 socket handler could allow local attackers to potentially crash the kernel or even execute code. (CVE-2009-2909)

- The execve function in the Linux kernel did not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. (CVE-2009-2848)

- Fixed various sockethandler getname leaks, which could disclose memory previously used by the kernel or other userland processes to the local attacker.
(CVE-2009-3002)

- Multiple buffer overflows in the cifs subsystem in the Linux kernel allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c. (CVE-2009-1633)

- The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state. (CVE-2009-3726)

Solution

Apply YOU patch number 12541.

See Also

http://support.novell.com/security/cve/CVE-2009-1192.html

http://support.novell.com/security/cve/CVE-2009-1633.html

http://support.novell.com/security/cve/CVE-2009-2848.html

http://support.novell.com/security/cve/CVE-2009-2909.html

http://support.novell.com/security/cve/CVE-2009-2910.html

http://support.novell.com/security/cve/CVE-2009-3002.html

http://support.novell.com/security/cve/CVE-2009-3547.html

http://support.novell.com/security/cve/CVE-2009-3726.html

Plugin Details

Severity: High

ID: 42812

File Name: suse9_12541.nasl

Version: 1.18

Type: local

Agent: unix

Published: 11/16/2009

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.0

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/11/2009

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2009-1192, CVE-2009-1633, CVE-2009-2848, CVE-2009-2909, CVE-2009-2910, CVE-2009-3002, CVE-2009-3547, CVE-2009-3726

CWE: 119, 189, 200, 362, 399