SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 2682 / 2687 / 2689)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

The SUSE Linux Enterprise 11 kernel was updated to 2.6.27.48, fixing
various bugs and security issues :

- The do_gfs2_set_flags() function in fs/gfs2/file.c of
the Linux kernel does not verify the ownership of a
file, which allows local users to bypass intended access
restrictions via a SETFLAGS ioctl request.
(CVE-2010-1641)

- The nfs_wait_on_request() function in fs/nfs/pagelist.c
of the Linux kernel allows attackers to cause a denial
of service (Oops) via unknown vectors related to
truncating a file and an operation that is not
interruptible. (CVE-2010-1087)

- When strict overcommit is enabled, mm/shmem.c does not
properly handle the export of shmemfs objects by knfsd,
which allows attackers to cause a denial of service
(NULL pointer dereference and knfsd crash) or possibly
have unspecified other impact via unknown vectors.
(CVE-2010-1643)

- A race condition in the find_keyring_by_name() function
in security/keys/keyring.c of the Linux kernel allows
local users to cause a denial of service (memory
corruption and system crash) or possibly have
unspecified other impact via keyctl session commands
that trigger access to a dead keyring that is undergoing
deletion by the key_cleanup() function. (CVE-2010-1437)

- arch/1/mm/fsl_booke_mmu.c in KGDB in the Linux kernel,
when running on PowerPC, does not properly perform a
security check for access to a kernel page, which allows
local users to overwrite arbitrary kernel memory.
(CVE-2010-1446)

- The release_one_tty() function in drivers/char/tty_io.c
of the Linux kernel omits certain required calls to the
put_pid() function, which has an unspecified impact and
local attack vectors. (CVE-2010-1162)

- The r8169 driver of the Linux kernel does not properly
check the size of an Ethernet frame that exceeds the
MTU, which allows remote attackers to cause a denial of
service (temporary network outage) via a packet with a
crafted size, in conjunction with certain packets
containing A characters and certain packets containing E
characters; or cause a denial of service (system crash)
via a packet with a crafted size, in conjunction with
certain packets containing '0' characters, related to
the value of the status register and erroneous behavior
associated with the RxMaxSize register. This
vulnerability exists due to an incorrect fix for
CVE-2009-1389. (CVE-2009-4537)

For a list of non-security related fixes please refer to the kernel
RPM changelog.

See also :

https://bugzilla.novell.com/show_bug.cgi?id=465707
https://bugzilla.novell.com/show_bug.cgi?id=543480
https://bugzilla.novell.com/show_bug.cgi?id=557710
https://bugzilla.novell.com/show_bug.cgi?id=559111
https://bugzilla.novell.com/show_bug.cgi?id=567376
https://bugzilla.novell.com/show_bug.cgi?id=569916
https://bugzilla.novell.com/show_bug.cgi?id=574006
https://bugzilla.novell.com/show_bug.cgi?id=577967
https://bugzilla.novell.com/show_bug.cgi?id=583677
https://bugzilla.novell.com/show_bug.cgi?id=584216
https://bugzilla.novell.com/show_bug.cgi?id=590415
https://bugzilla.novell.com/show_bug.cgi?id=591371
https://bugzilla.novell.com/show_bug.cgi?id=591556
https://bugzilla.novell.com/show_bug.cgi?id=593881
https://bugzilla.novell.com/show_bug.cgi?id=596113
https://bugzilla.novell.com/show_bug.cgi?id=596462
https://bugzilla.novell.com/show_bug.cgi?id=597337
https://bugzilla.novell.com/show_bug.cgi?id=599213
https://bugzilla.novell.com/show_bug.cgi?id=599955
https://bugzilla.novell.com/show_bug.cgi?id=600774
https://bugzilla.novell.com/show_bug.cgi?id=601283
https://bugzilla.novell.com/show_bug.cgi?id=602969
https://bugzilla.novell.com/show_bug.cgi?id=604183
https://bugzilla.novell.com/show_bug.cgi?id=608366
https://bugzilla.novell.com/show_bug.cgi?id=608576
https://bugzilla.novell.com/show_bug.cgi?id=608933
https://bugzilla.novell.com/show_bug.cgi?id=609134
https://bugzilla.novell.com/show_bug.cgi?id=610296
https://bugzilla.novell.com/show_bug.cgi?id=612213
http://support.novell.com/security/cve/CVE-2009-1389.html
http://support.novell.com/security/cve/CVE-2009-4537.html
http://support.novell.com/security/cve/CVE-2010-1087.html
http://support.novell.com/security/cve/CVE-2010-1162.html
http://support.novell.com/security/cve/CVE-2010-1437.html
http://support.novell.com/security/cve/CVE-2010-1446.html
http://support.novell.com/security/cve/CVE-2010-1641.html
http://support.novell.com/security/cve/CVE-2010-1643.html

Solution :

Apply SAT patch number 2682 / 2687 / 2689 as appropriate.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 50922 ()

Bugtraq ID:

CVE ID: CVE-2009-1389
CVE-2009-4537
CVE-2010-1087
CVE-2010-1162
CVE-2010-1437
CVE-2010-1446
CVE-2010-1641
CVE-2010-1643

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now