openSUSE Security Update : kernel (openSUSE-SU-2012:0206-1)

high Nessus Plugin ID 75557

Synopsis

The remote openSUSE host is missing a security update.

Description

The openSUSE 11.3 kernel was updated to fix various bugs and security issues.

Following security issues have been fixed: CVE-2011-4604: If root does read() on a specific socket, it's possible to corrupt (kernel) memory over network, with an ICMP packet, if the B.A.T.M.A.N. mesh protocol is used.

CVE-2011-2525: A flaw allowed the tc_fill_qdisc() function in the Linux kernels packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could have used this flaw to trigger a NULL pointer dereference, resulting in a denial of service.

CVE-2011-2699: Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service.

CVE-2011-2213: The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux kernel did not properly audit INET_DIAG bytecode, which allowed local users to cause a denial of service (kernel infinite loop) via crafted INET_DIAG_REQ_BYTECODE instructions in a netlink message, as demonstrated by an INET_DIAG_BC_JMP instruction with a zero yes value, a different vulnerability than CVE-2010-3880.

CVE-2011-1576: The Generic Receive Offload (GRO) implementation in the Linux kernel allowed remote attackers to cause a denial of service via crafted VLAN packets that are processed by the napi_reuse_skb function, leading to (1) a memory leak or (2) memory corruption, a different vulnerability than CVE-2011-1478.

CVE-2011-2534: Buffer overflow in the clusterip_proc_write function in net/ipv4/netfilter/ipt_CLUSTERIP.c in the Linux kernel might have allowed local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '\0' character.

CVE-2011-1770: Integer underflow in the dccp_parse_options function (net/dccp/options.c) in the Linux kernel allowed remote attackers to cause a denial of service via a Datagram Congestion Control Protocol (DCCP) packet with an invalid feature options length, which triggered a buffer over-read.

CVE-2011-2723: The skb_gro_header_slow function in include/linux/netdevice.h in the Linux kernel, when Generic Receive Offload (GRO) is enabled, reset certain fields in incorrect situations, which allowed remote attackers to cause a denial of service (system crash) via crafted network traffic.

CVE-2011-2898: A kernel information leak in the AF_PACKET protocol was fixed which might have allowed local attackers to read kernel memory.

CVE-2011-2203: A NULL ptr dereference on mounting corrupt hfs filesystems was fixed which could be used by local attackers to crash the kernel.

CVE-2011-4081: Using the crypto interface a local user could Oops the kernel by writing to a AF_ALG socket.

Solution

Update the affected kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=736149

https://lists.opensuse.org/opensuse-updates/2012-02/msg00008.html

https://bugzilla.novell.com/show_bug.cgi?id=691052

https://bugzilla.novell.com/show_bug.cgi?id=692498

https://bugzilla.novell.com/show_bug.cgi?id=698450

https://bugzilla.novell.com/show_bug.cgi?id=699709

https://bugzilla.novell.com/show_bug.cgi?id=700879

https://bugzilla.novell.com/show_bug.cgi?id=702037

https://bugzilla.novell.com/show_bug.cgi?id=707288

https://bugzilla.novell.com/show_bug.cgi?id=709764

https://bugzilla.novell.com/show_bug.cgi?id=710235

https://bugzilla.novell.com/show_bug.cgi?id=726788

https://bugzilla.novell.com/show_bug.cgi?id=728661

https://bugzilla.novell.com/show_bug.cgi?id=735612

Plugin Details

Severity: High

ID: 75557

File Name: suse_11_3_kernel-120104.nasl

Version: 1.4

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-vmi-base, p-cpe:/a:novell:opensuse:kernel-vmi-devel, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:preload-kmp-default, p-cpe:/a:novell:opensuse:preload-kmp-desktop, cpe:/o:novell:opensuse:11.3, p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-ec2-extra, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vmi

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 1/4/2012

Reference Information

CVE: CVE-2010-3880, CVE-2011-1478, CVE-2011-1576, CVE-2011-1770, CVE-2011-2203, CVE-2011-2213, CVE-2011-2525, CVE-2011-2534, CVE-2011-2699, CVE-2011-2723, CVE-2011-2898, CVE-2011-4081, CVE-2011-4604