openSUSE Security Update : kernel (kernel-270)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This patch updates the openSUSE 11.0 kernel to the 2.6.25.18 stable
release.

It also includes bugfixes and security fixes :

CVE-2008-4410: The vmi_write_ldt_entry function in
arch/x86/kernel/vmi_32.c in the Virtual Machine Interface (VMI) in the
Linux kernel 2.6.26.5 invokes write_idt_entry where write_ldt_entry
was intended, which allows local users to cause a denial of service
(persistent application failure) via crafted function calls, related
to the Java Runtime Environment (JRE) experiencing improper LDT
selector state.

sctp: Fix kernel panic while process protocol violation parameter.

CVE-2008-3528: The ext[234] filesystem code fails to properly handle
corrupted data structures. With a mounted filesystem image or
partition that have corrupted dir->i_size and dir->i_blocks, a user
performing either a read or write operation on the mounted image or
partition can lead to a possible denial of service by spamming the
logfile.

CVE-2008-3526: Integer overflow in the sctp_setsockopt_auth_key
function in net/sctp/socket.c in the Stream Control Transmission
Protocol (sctp) implementation in the Linux kernel allows remote
attackers to cause a denial of service (panic) or possibly have
unspecified other impact via a crafted sca_keylength field associated
with the SCTP_AUTH_KEY option.

CVE-2008-3525: Added missing capability checks in sbni_ioctl().

CVE-2008-4576: SCTP in Linux kernel before 2.6.25.18 allows remote
attackers to cause a denial of service (OOPS) via an INIT-ACK that
states the peer does not support AUTH, which causes the
sctp_process_init function to clean up active transports and triggers
the OOPS when the T1-Init timer expires.

CVE-2008-4445: The sctp_auth_ep_set_hmacs function in net/sctp/auth.c
in the Stream Control Transmission Protocol (sctp) implementation in
the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is
enabled, does not verify that the identifier index is within the
bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users
to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL
request involving the sctp_getsockopt function.

CVE-2008-3792: net/sctp/socket.c in the Stream Control Transmission
Protocol (sctp) implementation in the Linux kernel 2.6.26.3 does not
verify that the SCTP-AUTH extension is enabled before proceeding with
SCTP-AUTH API functions, which allows attackers to cause a denial of
service (panic) via vectors that result in calls to (1)
sctp_setsockopt_auth_chunk, (2) sctp_setsockopt_hmac_ident, (3)
sctp_setsockopt_auth_key, (4) sctp_setsockopt_active_key, (5)
sctp_setsockopt_del_key, (6) sctp_getsockopt_maxburst, (7)
sctp_getsockopt_active_key, (8) sctp_getsockopt_peer_auth_chunks, or
(9) sctp_getsockopt_local_auth_chunks.

CVE-2008-4113: The sctp_getsockopt_hmac_ident function in
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)
implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH
extension is enabled, relies on an untrusted length value to limit
copying of data from kernel memory, which allows local users to obtain
sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request
involving the sctp_getsockopt function.

CVE-2008-3911: The proc_do_xprt function in net/sunrpc/sysctl.c in the
Linux kernel 2.6.26.3 does not check the length of a certain buffer
obtained from userspace, which allows local users to overflow a
stack-based buffer and have unspecified other impact via a crafted
read system call for the /proc/sys/sunrpc/transports file.

See also :

https://bugzilla.novell.com/show_bug.cgi?id=403346
https://bugzilla.novell.com/show_bug.cgi?id=406656
https://bugzilla.novell.com/show_bug.cgi?id=409961
https://bugzilla.novell.com/show_bug.cgi?id=415372
https://bugzilla.novell.com/show_bug.cgi?id=417821
https://bugzilla.novell.com/show_bug.cgi?id=419134
https://bugzilla.novell.com/show_bug.cgi?id=421321
https://bugzilla.novell.com/show_bug.cgi?id=427244
https://bugzilla.novell.com/show_bug.cgi?id=432488
https://bugzilla.novell.com/show_bug.cgi?id=432490

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 40010 ()

Bugtraq ID:

CVE ID: CVE-2008-3525
CVE-2008-3526
CVE-2008-3528
CVE-2008-3792
CVE-2008-3911
CVE-2008-4113
CVE-2008-4410
CVE-2008-4445
CVE-2008-4576

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now