Slackware 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / current : udev (SSA:2009-111-01)

high Nessus Plugin ID 36186

Synopsis

The remote Slackware host is missing a security update.

Description

New udev packages are available for Slackware 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix security issues. The udev packages in Slackware 10.2, 11.0, 12.0, 12.1, 12.2, and -current contained a local root hole vulnerability:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185 The udev packages in Slackware 12.0, 12.1, 12.2, and -current had an integer overflow which could result in a denial of service:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1186 Note that udev is only used with 2.6 kernels, which are not used by default with Slackware 10.2 and 11.0.

Solution

Update the affected udev package.

See Also

http://www.nessus.org/u?42006a3b

Plugin Details

Severity: High

ID: 36186

File Name: Slackware_SSA_2009-111-01.nasl

Version: 1.23

Type: local

Published: 4/21/2009

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:slackware:slackware_linux:udev, cpe:/o:slackware:slackware_linux, cpe:/o:slackware:slackware_linux:10.2, cpe:/o:slackware:slackware_linux:11.0, cpe:/o:slackware:slackware_linux:12.0, cpe:/o:slackware:slackware_linux:12.1, cpe:/o:slackware:slackware_linux:12.2

Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/21/2009

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Linux udev Netlink Local Privilege Escalation)

Reference Information

CVE: CVE-2009-1185, CVE-2009-1186

BID: 34536, 34539

CWE: 119, 20

SSA: 2009-111-01