SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6637)

high Nessus Plugin ID 49867

Language:

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This update fixes various bugs and some security issues in the SUSE Linux Enterprise 10 SP 3 kernel.

The following security issues were fixed: CVE-2009-3238: The get_random_int function in drivers/char/random.c in the Linux kernel produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the functions tendency to return the same value over and over again for long stretches of time.

- The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. (CVE-2009-1192)

- Unsigned check in the ax25 socket handler could allow local attackers to potentially crash the kernel or even execute code. (CVE-2009-2909)

Solution

Apply ZYPP patch number 6637.

See Also

http://support.novell.com/security/cve/CVE-2009-1192.html

http://support.novell.com/security/cve/CVE-2009-2909.html

http://support.novell.com/security/cve/CVE-2009-3238.html

Plugin Details

Severity: High

ID: 49867

File Name: suse_kernel-6637.nasl

Version: 1.9

Type: local

Agent: unix

Published: 10/11/2010

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 11/3/2009

Reference Information

CVE: CVE-2009-1192, CVE-2009-2909, CVE-2009-3238

CWE: 189, 310