SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 7011)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

This update fixes a several security issues and various bugs in the
SUSE Linux Enterprise 10 SP 2 kernel. The bugs fixed include a serious
data corruption regression in NFS.

The following security issues were fixed :

- drivers/net/r8169.c in the r8169 driver in the Linux
kernel does not properly check the size of an Ethernet
frame that exceeds the MTU, which allows remote
attackers to (1) cause a denial of service (temporary
network outage) via a packet with a crafted size, in
conjunction with certain packets containing A characters
and certain packets containing E characters; or (2)
cause a denial of service (system crash) via a packet
with a crafted size, in conjunction with certain packets
containing '0' characters, related to the value of the
status register and erroneous behavior associated with
the RxMaxSize register. (CVE-2009-4537)

- The ULE decapsulation functionality in
drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in the
Linux kernel arlier allows attackers to cause a denial
of service (infinite loop) via a crafted MPEG2-TS frame,
related to an invalid Payload Pointer ULE.
(CVE-2010-1086)

- fs/namei.c in Linux kernel does not always follow NFS
automount 'symlinks,' which allows attackers to have an
unknown impact, related to LOOKUP_FOLLOW.
(CVE-2010-1088)

- Stack-based buffer overflow in the hfs subsystem in the
Linux kernel allows remote attackers to have an
unspecified impact via a crafted Hierarchical File
System (HFS) filesystem, related to the hfs_readdir
function in fs/hfs/dir.c. (CVE-2009-4020)

- The processcompl_compat function in
drivers/usb/core/devio.c in the Linux kernel does not
clear the transfer buffer before returning to userspace
when a USB command fails, which might make it easier for
physically proximate attackers to obtain sensitive
information (kernel memory). (CVE-2010-1083)

- drivers/connector/connector.c in the Linux kernel allows
local users to cause a denial of service (memory
consumption and system crash) by sending the kernel many
NETLINK_CONNECTOR messages. (CVE-2010-0410)

See also :

http://support.novell.com/security/cve/CVE-2009-4020.html
http://support.novell.com/security/cve/CVE-2009-4537.html
http://support.novell.com/security/cve/CVE-2010-0410.html
http://support.novell.com/security/cve/CVE-2010-1083.html
http://support.novell.com/security/cve/CVE-2010-1086.html
http://support.novell.com/security/cve/CVE-2010-1088.html

Solution :

Apply ZYPP patch number 7011.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 46252 ()

Bugtraq ID:

CVE ID: CVE-2009-4020
CVE-2009-4537
CVE-2010-0410
CVE-2010-1083
CVE-2010-1086
CVE-2010-1088

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now