SuSE9 Security Update : the Linux kernel (YOU Patch Number 12578)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 9 host is missing a security-related patch.

Description :

This update fixes various security issues and some bugs in the SUSE
Linux Enterprise 9 kernel.

- The collect_rx_frame function in
drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows
attackers to have an unspecified impact via a crafted
HDLC packet that arrives over ISDN and triggers a buffer
under-read. (CVE-2009-4005)

- Array index error in the gdth_read_event function in
drivers/scsi/gdth.c in the Linux kernel allows local
users to cause a denial of service or possibly gain
privileges via a negative event index in an IOCTL
request. (CVE-2009-3080)

- Missing CAP_NET_ADMIN checks in the ebtables netfilter
code might have allowed local attackers to modify bridge
firewall settings. (CVE-2010-0007)

- drivers/net/e1000/e1000_main.c in the e1000 driver in
the Linux kernel handles Ethernet frames that exceed the
MTU by processing certain trailing payload data as if it
were a complete frame, which allows remote attackers to
bypass packet filters via a large packet with a crafted
payload. (CVE-2009-4536)

- The dbg_lvl file for the megaraid_sas driver in the
Linux kernel has world-writable permissions, which
allows local users to change the (1) behavior and (2)
logging level of the driver by modifying this file.
(CVE-2009-3889)

- The z90crypt_unlocked_ioctl function in the z90crypt
driver in the Linux kernel does not perform a capability
check for the Z90QUIESCE operation, which allows local
users to leverage euid 0 privileges to force a driver
outage. (CVE-2009-1883)

- Memory leak in the appletalk subsystem in the Linux
kernel, when the appletalk and ipddp modules are loaded
but the ipddp'N' device is not found, allows remote
attackers to cause a denial of service (memory
consumption) via IP-DDP datagrams. (CVE-2009-2903)

- net/1/af_unix.c in the Linux kernel allows local users
to cause a denial of service (system hang) by creating
an abstract-namespace AF_UNIX listening socket,
performing a shutdown operation on this socket, and then
performing a series of connect operations to this
socket. (CVE-2009-3621)

- The ATI Rage 128 (aka r128) driver in the Linux kernel
does not properly verify Concurrent Command Engine (CCE)
state initialization, which allows local users to cause
a denial of service (NULL pointer dereference and system
crash) or possibly gain privileges via unspecified ioctl
calls. (CVE-2009-3620)

See also :

http://support.novell.com/security/cve/CVE-2009-1883.html
http://support.novell.com/security/cve/CVE-2009-2903.html
http://support.novell.com/security/cve/CVE-2009-3080.html
http://support.novell.com/security/cve/CVE-2009-3620.html
http://support.novell.com/security/cve/CVE-2009-3621.html
http://support.novell.com/security/cve/CVE-2009-3889.html
http://support.novell.com/security/cve/CVE-2009-4005.html
http://support.novell.com/security/cve/CVE-2009-4536.html
http://support.novell.com/security/cve/CVE-2010-0007.html

Solution :

Apply YOU patch number 12578.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 44654 ()

Bugtraq ID:

CVE ID: CVE-2009-1883
CVE-2009-2903
CVE-2009-3080
CVE-2009-3620
CVE-2009-3621
CVE-2009-3889
CVE-2009-4005
CVE-2009-4536
CVE-2010-0007

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now