SUSE-SA:2005:068: kernel

This script is Copyright (C) 2005-2010 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a vendor-supplied security patch

Description :

The remote host is missing the patch for the advisory SUSE-SA:2005:068 (kernel).


The Linux kernel was updated to fix several security problems and
several bugs, listed below:

Security fixes:
- CVE-2005-3783: A check in ptrace(2) handling that finds out if
a process is attaching to itself was incorrect and could be used
by a local attacker to crash the machine. (All)

- CVE-2005-3784: A check in reaping of terminating child processes did
not consider ptrace(2) attached processes and would leave a ptrace
reference dangling. This could lead to a local user being able to
crash the machine. (Linux kernel 2.6 based products only)

- CVE-2005-3806: A bug in IPv6 flow label handling code could be used
by a local attacker to free non-allocated memory and in turn corrupt
kernel memory and likely crash the machine. (All)

- CVE-2005-3805: A locking problem in POSIX timer handling could
be used by a local attacker on a SMP system to deadlock the
machine. (SUSE Linux 9.3)

- CVE-2005-3527: A race condition in do_coredump in signal.c allows
local users to cause a denial of service (machine hang) by
triggering a core dump in one thread while another thread has a
pending SIGSTOP. (SUSE Linux 9.3)

- CVE-2005-3807: A memory kernel leak in VFS lease handling can exhaust
the machine memory and so cause a local denial of service. This
is seen in regular Samba use and could also be triggered by local
attackers. (SUSE Linux 9.3)

- Others: see original advisory

Solution :

http://www.suse.de/security/advisories/2005_68_kernel.html

Risk factor :

High

Family: SuSE Local Security Checks

Nessus Plugin ID: 20334 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now