SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5668)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

This kernel update for SUSE Linux Enterprise 10 Service Pack 2 fixes
various bugs and some security problems :

- When creating a file, open()/creat() allowed the setgid
bit to be set via the mode argument even when, due to
the bsdgroups mount option or the file being created in
a setgid directory, the new file's group is one which
the user is not a member of. The local attacker could
then use ftruncate() and memory-mapped I/O to turn the
new file into an arbitrary binary and thus gain the
privileges of this group, since these operations do not
clear the setgid bit.'. (CVE-2008-4210)

- The ext[234] filesystem code fails to properly handle
corrupted data structures. With a mounted filesystem
image or partition that have corrupted dir->i_size and
dir->i_blocks, a user performing either a read or write
operation on the mounted image or partition can lead to
a possible denial of service by spamming the logfile.
(CVE-2008-3528)

- The S/390 ptrace code allowed local users to cause a
denial of service (kernel panic) via the
user-area-padding test from the ptrace testsuite in
31-bit mode, which triggers an invalid dereference.
(CVE-2008-1514)

- fs/direct-io.c in the dio subsystem in the Linux kernel
did not properly zero out the dio struct, which allows
local users to cause a denial of service (OOPS), as
demonstrated by a certain fio test. (CVE-2007-6716)

- Added missing capability checks in sbni_ioctl().
(CVE-2008-3525)

Also OCFS2 was updated to version v1.4.1-1.

The full amount of changes can be reviewed in the RPM changelog.

See also :

http://support.novell.com/security/cve/CVE-2007-6716.html
http://support.novell.com/security/cve/CVE-2008-1514.html
http://support.novell.com/security/cve/CVE-2008-3525.html
http://support.novell.com/security/cve/CVE-2008-3528.html
http://support.novell.com/security/cve/CVE-2008-4210.html

Solution :

Apply ZYPP patch number 5668.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 41535 ()

Bugtraq ID:

CVE ID: CVE-2007-6716
CVE-2008-1514
CVE-2008-3525
CVE-2008-3528
CVE-2008-4210

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now