openSUSE 10 Security Update : kernel (kernel-2635)

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This kernel update fixes the following security problems :

- CVE-2006-2936: The ftdi_sio driver allowed local users
to cause a denial of service (memory consumption) by
writing more data to the serial port than the hardware
can handle, which causes the data to be queued. This
requires this driver to be loaded, which only happens if
such a device is plugged in. [#191836]

- CVE-2006-4814: A deadlock in mincore that could be
caused by local attackers was fixed. [#207667]

- CVE-2006-6106: Multiple buffer overflows in the
cmtp_recv_interopmsg function in the Bluetooth driver
(net/bluetooth/cmtp/capi.c) in the Linux kernel allowed
remote attackers to cause a denial of service (crash)
and possibly execute arbitrary code via CAPI messages
with a large value for the length of the (1) manu
(manufacturer) or (2) serial (serial number) field.
[#227603]

- CVE-2006-5749: The isdn_ppp_ccp_reset_alloc_state
function in drivers/isdn/isdn_ppp.c in the Linux kernel
does not call the init_timer function for the ISDN PPP
CCP reset state timer, which has unknown attack vectors
and results in a system crash. [#229619]

- CVE-2006-5753: Unspecified vulnerability in the
listxattr system call in Linux kernel, when a 'bad
inode' is present, allows local users to cause a denial
of service (data corruption) and possibly gain
privileges. [#230270]

- A remote denial of service problem on NFSv3 mounts with
ACL enabled was fixed. [#244909]

Furthermore, this kernel catches up to the SLE 10 state of the kernel,
with massive additional fixes.

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 27292 ()

Bugtraq ID:

CVE ID: CVE-2006-2936
CVE-2006-4814
CVE-2006-5749
CVE-2006-5753
CVE-2006-6106

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now