SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 2040 / 2043 / 2044)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.45 fixing
various bugs and security issues.

- The wake_futex_pi function in kernel/futex.c in the
Linux kernel before 2.6.33-rc7 does not properly handle
certain unlock operations for a Priority Inheritance
(PI) futex, which allows local users to cause a denial
of service (OOPS) and possibly have unspecified other
impact via vectors involving modification of the futex
value from user space. (CVE-2010-0622)

- The load_elf_binary function in fs/binfmt_elf.c in the
Linux kernel before 2.6.32.8 on the x86_64 platform does
not ensure that the ELF interpreter is available before
a call to the SET_PERSONALITY macro, which allows local
users to cause a denial of service (system crash) via a
32-bit application that attempts to execute a 64-bit
application and then triggers a segmentation fault, as
demonstrated by amd64_killer, related to the
flush_old_exec function. (CVE-2010-0307)

- Users could send/allocate arbitrary amounts of
NETLINK_CONNECTOR messages to the kernel, causing OOM
condition, killing selected processes or halting the
system. (CVE-2010-0410)

- The do_pages_move function in mm/migrate.c in the Linux
kernel before 2.6.33-rc7 does not validate node values,
which allows local users to read arbitrary kernel memory
locations, cause a denial of service (OOPS), and
possibly have unspecified other impact by specifying a
node that is not part of the kernels node set.
(CVE-2010-0415)

- net/bridge/netfilter/ebtables.c in the ebtables module
in the netfilter framework in the Linux kernel before
2.6.33-rc4 does not require the CAP_NET_ADMIN capability
for setting or modifying rules, which allows local users
to bypass intended access restrictions and configure
arbitrary network-traffic filtering via a modified
ebtables application. (CVE-2010-0007)

- drivers/net/e1000/e1000_main.c in the e1000 driver in
the Linux kernel 2.6.32.3 and earlier handles Ethernet
frames that exceed the MTU by processing certain
trailing payload data as if it were a complete frame,
which allows remote attackers to bypass packet filters
via a large packet with a crafted payload.
(CVE-2009-4536)

- drivers/net/e1000e/netdev.c in the e1000e driver in the
Linux kernel 2.6.32.3 and earlier does not properly
check the size of an Ethernet frame that exceeds the
MTU, which allows remote attackers to have an
unspecified impact via crafted packets. (CVE-2009-4538)

- The print_fatal_signal function in kernel/signal.c in
the Linux kernel before 2.6.32.4 on the i386 platform,
when print-fatal-signals is enabled, allows local users
to discover the contents of arbitrary memory locations
by jumping to an address and then reading a log file,
and might allow local users to cause a denial of service
(system slowdown or crash) by jumping to an address.
(CVE-2010-0003)

- The poll_mode_io file for the megaraid_sas driver in the
Linux kernel 2.6.31.6 and earlier has world-writable
permissions, which allows local users to change the I/O
mode of the driver by modifying this file.
(CVE-2009-3939)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=474773
https://bugzilla.novell.com/show_bug.cgi?id=492469
https://bugzilla.novell.com/show_bug.cgi?id=492961
https://bugzilla.novell.com/show_bug.cgi?id=510449
https://bugzilla.novell.com/show_bug.cgi?id=534629
https://bugzilla.novell.com/show_bug.cgi?id=537016
https://bugzilla.novell.com/show_bug.cgi?id=547433
https://bugzilla.novell.com/show_bug.cgi?id=548529
https://bugzilla.novell.com/show_bug.cgi?id=553175
https://bugzilla.novell.com/show_bug.cgi?id=554081
https://bugzilla.novell.com/show_bug.cgi?id=554567
https://bugzilla.novell.com/show_bug.cgi?id=556282
https://bugzilla.novell.com/show_bug.cgi?id=561078
https://bugzilla.novell.com/show_bug.cgi?id=566634
https://bugzilla.novell.com/show_bug.cgi?id=566768
https://bugzilla.novell.com/show_bug.cgi?id=566857
https://bugzilla.novell.com/show_bug.cgi?id=567376
https://bugzilla.novell.com/show_bug.cgi?id=569071
https://bugzilla.novell.com/show_bug.cgi?id=569125
https://bugzilla.novell.com/show_bug.cgi?id=569902
https://bugzilla.novell.com/show_bug.cgi?id=570314
https://bugzilla.novell.com/show_bug.cgi?id=570606
https://bugzilla.novell.com/show_bug.cgi?id=571804
https://bugzilla.novell.com/show_bug.cgi?id=573107
https://bugzilla.novell.com/show_bug.cgi?id=573460
https://bugzilla.novell.com/show_bug.cgi?id=573478
https://bugzilla.novell.com/show_bug.cgi?id=574224
https://bugzilla.novell.com/show_bug.cgi?id=575179
https://bugzilla.novell.com/show_bug.cgi?id=575644
https://bugzilla.novell.com/show_bug.cgi?id=576267
https://bugzilla.novell.com/show_bug.cgi?id=576277
https://bugzilla.novell.com/show_bug.cgi?id=576927
https://bugzilla.novell.com/show_bug.cgi?id=577753
https://bugzilla.novell.com/show_bug.cgi?id=579439
https://bugzilla.novell.com/show_bug.cgi?id=580047
https://bugzilla.novell.com/show_bug.cgi?id=580354
https://bugzilla.novell.com/show_bug.cgi?id=581718
http://support.novell.com/security/cve/CVE-2009-3939.html
http://support.novell.com/security/cve/CVE-2009-4536.html
http://support.novell.com/security/cve/CVE-2009-4538.html
http://support.novell.com/security/cve/CVE-2010-0003.html
http://support.novell.com/security/cve/CVE-2010-0007.html
http://support.novell.com/security/cve/CVE-2010-0307.html
http://support.novell.com/security/cve/CVE-2010-0410.html
http://support.novell.com/security/cve/CVE-2010-0415.html
http://support.novell.com/security/cve/CVE-2010-0622.html

Solution :

Apply SAT patch number 2040 / 2043 / 2044 as appropriate.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 44966 ()

Bugtraq ID:

CVE ID: CVE-2009-3939
CVE-2009-4536
CVE-2009-4538
CVE-2010-0003
CVE-2010-0007
CVE-2010-0307
CVE-2010-0410
CVE-2010-0415
CVE-2010-0622

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now