openSUSE 10 Security Update : kernel (kernel-5751)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This kernel update fixes various bugs and also several security
issues :

CVE-2008-4576: Fixed a crash in SCTP INIT-ACK, on mismatch between
SCTP AUTH availability. This might be exploited remotely for a denial
of service (crash) attack.

CVE-2008-3833: The generic_file_splice_write function in fs/splice.c
in the Linux kernel does not properly strip setuid and setgid bits
when there is a write to a file, which allows local users to gain the
privileges of a different group, and obtain sensitive information or
possibly have unspecified other impact, by splicing into an inode in
order to create an executable file in a setgid directory.

CVE-2008-4210: fs/open.c in the Linux kernel before 2.6.22 does not
properly strip setuid and setgid bits when there is a write to a file,
which allows local users to gain the privileges of a different group,
and obtain sensitive information or possibly have unspecified other
impact, by creating an executable file in a setgid directory through
the (1) truncate or (2) ftruncate function in conjunction with
memory-mapped I/O.

CVE-2008-4302: fs/splice.c in the splice subsystem in the Linux kernel
before 2.6.22.2 does not properly handle a failure of the
add_to_page_cache_lru function, and subsequently attempts to unlock a
page that was not locked, which allows local users to cause a denial
of service (kernel BUG and system crash), as demonstrated by the fio
I/O tool.

CVE-2008-3528: The ext[234] filesystem code fails to properly handle
corrupted data structures. With a mounted filesystem image or
partition that have corrupted dir->i_size and dir->i_blocks, a user
performing either a read or write operation on the mounted image or
partition can lead to a possible denial of service by spamming the
logfile.

CVE-2007-6716: fs/direct-io.c in the dio subsystem in the Linux kernel
did not properly zero out the dio struct, which allows local users to
cause a denial of service (OOPS), as demonstrated by a certain fio
test.

CVE-2008-3525: Added missing capability checks in sbni_ioctl().

CVE-2008-3272: Fixed range checking in the snd_seq OSS ioctl, which
could be used to leak information from the kernel.

CVE-2008-2931: The do_change_type function in fs/namespace.c did not
verify that the caller has the CAP_SYS_ADMIN capability, which allows
local users to gain privileges or cause a denial of service by
modifying the properties of a mountpoint.

CVE-2008-2812: Various NULL ptr checks have been added to tty op
functions, which might have been used by local attackers to execute
code. We think that this affects only devices openable by root, so the
impact is limited.

CVE-2008-1673: Added range checking in ASN.1 handling for the CIFS and
SNMP NAT netfilter modules.

CVE-2008-3527: arch/i386/kernel/sysenter.c in the Virtual Dynamic
Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21
did not properly check boundaries, which allows local users to gain
privileges or cause a denial of service via unspecified vectors,
related to the install_special_mapping, syscall, and syscall32_nopage
functions.

Solution :

Update the affected kernel packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now