openSUSE 10 Security Update : kernel (kernel-2099)

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This kernel update fixes the following security problems :

- CVE-2006-3745: A double userspace copy in a SCTP ioctl
allows local attackers to overflow a buffer in the
kernel, potentially allowing code execution and
privilege escalation. [#199441]

- CVE-2006-4093: Local attackers were able to crash
PowerPC systems with PPC970 processor using a not
correctly disabled privileged instruction ('attn').
[#197810]

- CVE-2006-3468: Remote attackers able to access an NFS of
a ext2 or ext3 filesystem can cause a denial of service
(file system panic) via a crafted UDP packet with a V2
lookup procedure that specifies a bad file handle (inode
number), which triggers an error and causes an exported
directory to be remounted read-only. [#192988]

Additionaly this kernel catches up to the SLE 10 state of the kernel,
with massive additional fixes.

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 27290 ()

Bugtraq ID:

CVE ID: CVE-2006-3468
CVE-2006-3745
CVE-2006-4093

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now