SuSE9 Security Update : Linux kernel (YOU Patch Number 12636)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 9 host is missing a security-related patch.

Description :

This update fixes various security issues and some bugs in the SUSE
Linux Enterprise 9 kernel.

The following security issues were fixed :

- A crafted NFS write request might have caused a buffer
overwrite, potentially causing a kernel crash.
(CVE-2010-2521)

- The x86_64 copy_to_user implementation might have leaked
kernel memory depending on specific user buffer setups.
(CVE-2008-0598)

- drivers/net/r8169.c in the r8169 driver in the Linux
kernel did not properly check the size of an Ethernet
frame that exceeds the MTU, which allows remote
attackers to (1) cause a denial of service (temporary
network outage) via a packet with a crafted size, in
conjunction with certain packets containing A characters
and certain packets containing E characters; or (2)
cause a denial of service (system crash) via a packet
with a crafted size, in conjunction with certain packets
containing '\0' characters, related to the value of the
status register and erroneous behavior associated with
the RxMaxSize register. NOTE: this vulnerability exists
because of an incorrect fix for CVE-2009-1389.
(CVE-2009-4537)

- Use-after-free vulnerability in net/ipv4/tcp_input.c in
the Linux kernel 2.6 when IPV6_RECVPKTINFO is set on a
listening socket, allowed remote attackers to cause a
denial of service (kernel panic) via a SYN packet while
the socket is in a listening (TCP_LISTEN) state, which
is not properly handled causes the skb structure to be
freed. (CVE-2010-1188)

- The (1) real_lookup and (2) __lookup_hash functions in
fs/namei.c in the vfs implementation in the Linux kernel
did not prevent creation of a child dentry for a deleted
(aka S_DEAD) directory, which allowed local users to
cause a denial of service ('overflow' of the UBIFS
orphan area) via a series of attempted file creations
within deleted directories. (CVE-2008-3275)

- The nfs_lock function in fs/nfs/file.c in the Linux
kernel did not properly remove POSIX locks on files that
are setgid without group-execute permission, which
allows local users to cause a denial of service (BUG and
system crash) by locking a file on an NFS filesystem and
then changing this files permissions, a related issue to
CVE-2010-0727. (CVE-2007-6733)

- The do_coredump function in fs/exec.c in Linux kernel
did not change the UID of a core dump file if it exists
before a root process creates a core dump in the same
location, which might have allowed local users to obtain
sensitive information. (CVE-2007-6206)

- fs/namei.c in the Linux kernel did not always follow NFS
automount 'symlinks,' which allowed attackers to have an
unknown impact, related to LOOKUP_FOLLOW.
(CVE-2010-1088)

- Stack-based buffer overflow in the hfs subsystem in the
Linux kernel allowed remote attackers to have an
unspecified impact via a crafted Hierarchical File
System (HFS) filesystem, related to the hfs_readdir
function in fs/hfs/dir.c. (CVE-2009-4020)

- The processcompl_compat function in
drivers/usb/core/devio.c in Linux kernel did not clear
the transfer buffer before returning to userspace when a
USB command fails, which might have made it easier for
physically proximate attackers to obtain sensitive
information (kernel memory). (CVE-2010-1083)

See also :

http://support.novell.com/security/cve/CVE-2007-6206.html
http://support.novell.com/security/cve/CVE-2007-6733.html
http://support.novell.com/security/cve/CVE-2008-0598.html
http://support.novell.com/security/cve/CVE-2008-3275.html
http://support.novell.com/security/cve/CVE-2009-1389.html
http://support.novell.com/security/cve/CVE-2009-4020.html
http://support.novell.com/security/cve/CVE-2009-4537.html
http://support.novell.com/security/cve/CVE-2010-0727.html
http://support.novell.com/security/cve/CVE-2010-1083.html
http://support.novell.com/security/cve/CVE-2010-1088.html
http://support.novell.com/security/cve/CVE-2010-1188.html
http://support.novell.com/security/cve/CVE-2010-2521.html

Solution :

Apply YOU patch number 12636.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now