This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
The openSUSE 10.3 kernel was updated to fix various security problems
and bugs. Following security bugs were fixed :
CVE-2008-5702: Buffer underflow in the ibwdt_ioctl function in
drivers/watchdog/ib700wdt.c might allow local users to have an unknown
impact via a certain /dev/watchdog WDIOC_SETTIMEOUT IOCTL call.
CVE-2008-5079: net/atm/svc.c in the ATM subsystem allowed local users
to cause a denial of service (kernel infinite loop) by making two
calls to svc_listen for the same socket, and then reading a
/proc/net/atm/*vc file, related to corruption of the vcc table.
CVE-2008-5029: The __scm_destroy function in net/core/scm.c makes
indirect recursive calls to itself through calls to the fput function,
which allows local users to cause a denial of service (panic) via
vectors related to sending an SCM_RIGHTS message through a UNIX domain
socket and closing file descriptors.
CVE-2008-5134: Buffer overflow in the lbs_process_bss function in
drivers/net/wireless/libertas/scan.c in the libertas subsystem allowed
remote attackers to have an unknown impact via an 'invalid
CVE-2008-4933: Buffer overflow in the hfsplus_find_cat function in
fs/hfsplus/catalog.c allowed attackers to cause a denial of service
(memory corruption or system crash) via an hfsplus filesystem image
with an invalid catalog namelength field, related to the
CVE-2008-5025: Stack-based buffer overflow in the hfs_cat_find_brec
function in fs/hfs/catalog.c allowed attackers to cause a denial of
service (memory corruption or system crash) via an hfs filesystem
image with an invalid catalog namelength field, a related issue to
CVE-2008-5182: The inotify functionality might allow local users to
gain privileges via unknown vectors related to race conditions in
inotify watch removal and umount.
Update the affected kernel packages.
Risk factor :
Critical / CVSS Base Score : 10.0
Public Exploit Available : true
Family: SuSE Local Security Checks
Nessus Plugin ID: 35446 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now