SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 3760 / 3762 / 3763)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing one or more security updates.

Description :

The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to
2.6.32.27 and fixes various bugs and security issues.

The following security issues were fixed :

- A local attacker could use a Oops (kernel crash) caused
by other flaws to write a 0 byte to a attacker
controlled address in the kernel. This could lead to
privilege escalation together with other issues.
(CVE-2010-4258)

- A overflow in sendto() and recvfrom() routines was fixed
that could be used by local attackers to potentially
crash the kernel using some socket families like L2TP.
(CVE-2010-4160)

- A 32bit vs 64bit integer mismatch in gdth_ioctl_alloc
could lead to memory corruption in the GDTH driver.
(CVE-2010-4157)

- The do_tcp_setsockopt function in net/ipv4/tcp.c in the
Linux kernel did not properly restrict TCP_MAXSEG (aka
MSS) values, which allowed local users to cause a denial
of service (OOPS) via a setsockopt call that specifies a
small value, leading to a divide-by-zero error or
incorrect use of a signed integer. (CVE-2010-4165)

- A remote (or local) attacker communicating over X.25
could cause a kernel panic by attempting to negotiate
malformed facilities. (CVE-2010-4164)

- A local attacker could cause memory overruns in the RDS
protocol stack, potentially crashing the kernel. So far
it is considered not to be exploitable. (CVE-2010-4175)

- Use-after-free vulnerability in mm/mprotect.c in the
Linux kernel allwed local users to cause a denial of
service via vectors involving an mprotect system call.
(CVE-2010-4169)

- A minor heap overflow in the CAN network module was
fixed. Due to nature of the memory allocator it is
likely not exploitable. (CVE-2010-3874)

- A memory information leak in berkely packet filter rules
allowed local attackers to read uninitialized memory of
the kernel stack. (CVE-2010-4158)

- A local denial of service in the blockdevice layer was
fixed. (CVE-2010-4162)

- By submitting certain I/O requests with 0 length, a
local user could have caused a kernel panic.
(CVE-2010-4163)

- The ethtool_get_rxnfc function in net/core/ethtool.c in
the Linux kernel did not initialize a certain block of
heap memory, which allowed local users to obtain
potentially sensitive information via an
ETHTOOL_GRXCLSRLALL ethtool command with a large
info.rule_cnt value. (CVE-2010-3861)

- arch/x86/kvm/x86.c in the Linux kernel did not
initialize certain structure members, which allowed
local users to obtain potentially sensitive information
from kernel stack memory via read operations on the
/dev/kvm device. (CVE-2010-3881)

- A range checking overflow in pktcdvd ioctl was fixed.
(CVE-2010-3437)

- The viafb_ioctl_get_viafb_info function in
drivers/video/via/ioctl.c in the Linux kernel did not
properly initialize a certain structure member, which
allowed local users to obtain potentially sensitive
information from kernel stack memory via a
VIAFB_GET_INFO ioctl call. (CVE-2010-4082)

- The ipc subsystem in the Linux kernel did not initialize
certain structures, which allowed local users to obtain
potentially sensitive information from kernel stack
memory via vectors related to the (1) compat_sys_semctl,
(2) compat_sys_msgctl, and (3) compat_sys_shmctl
functions in ipc/compat.c; and the (4)
compat_sys_mq_open and (5) compat_sys_mq_getsetattr
functions in ipc/compat_mq.c. (CVE-2010-4073)

- The copy_shmid_to_user function in ipc/shm.c in the
Linux kernel did not initialize a certain structure,
which allowed local users to obtain potentially
sensitive information from kernel stack memory via
vectors related to the shmctl system call and the 'old
shm interface.'. (CVE-2010-4072)

- The copy_semid_to_user function in ipc/sem.c in the
Linux kernel did not initialize a certain structure,
which allowed local users to obtain potentially
sensitive information from kernel stack memory via a (1)
IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT
command in a semctl system call. (CVE-2010-4083)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=595215
https://bugzilla.novell.com/show_bug.cgi?id=602838
https://bugzilla.novell.com/show_bug.cgi?id=615630
https://bugzilla.novell.com/show_bug.cgi?id=628180
https://bugzilla.novell.com/show_bug.cgi?id=636672
https://bugzilla.novell.com/show_bug.cgi?id=637542
https://bugzilla.novell.com/show_bug.cgi?id=638258
https://bugzilla.novell.com/show_bug.cgi?id=639803
https://bugzilla.novell.com/show_bug.cgi?id=640878
https://bugzilla.novell.com/show_bug.cgi?id=641105
https://bugzilla.novell.com/show_bug.cgi?id=641811
https://bugzilla.novell.com/show_bug.cgi?id=642043
https://bugzilla.novell.com/show_bug.cgi?id=642313
https://bugzilla.novell.com/show_bug.cgi?id=642314
https://bugzilla.novell.com/show_bug.cgi?id=642486
https://bugzilla.novell.com/show_bug.cgi?id=643173
https://bugzilla.novell.com/show_bug.cgi?id=643477
https://bugzilla.novell.com/show_bug.cgi?id=645659
https://bugzilla.novell.com/show_bug.cgi?id=646226
https://bugzilla.novell.com/show_bug.cgi?id=646542
https://bugzilla.novell.com/show_bug.cgi?id=646702
https://bugzilla.novell.com/show_bug.cgi?id=646908
https://bugzilla.novell.com/show_bug.cgi?id=647567
https://bugzilla.novell.com/show_bug.cgi?id=648112
https://bugzilla.novell.com/show_bug.cgi?id=648701
https://bugzilla.novell.com/show_bug.cgi?id=649187
https://bugzilla.novell.com/show_bug.cgi?id=649548
https://bugzilla.novell.com/show_bug.cgi?id=650067
https://bugzilla.novell.com/show_bug.cgi?id=650185
https://bugzilla.novell.com/show_bug.cgi?id=650487
https://bugzilla.novell.com/show_bug.cgi?id=650748
https://bugzilla.novell.com/show_bug.cgi?id=651066
https://bugzilla.novell.com/show_bug.cgi?id=651218
https://bugzilla.novell.com/show_bug.cgi?id=651596
https://bugzilla.novell.com/show_bug.cgi?id=652024
https://bugzilla.novell.com/show_bug.cgi?id=652293
https://bugzilla.novell.com/show_bug.cgi?id=652563
https://bugzilla.novell.com/show_bug.cgi?id=652603
https://bugzilla.novell.com/show_bug.cgi?id=652842
https://bugzilla.novell.com/show_bug.cgi?id=652939
https://bugzilla.novell.com/show_bug.cgi?id=652940
https://bugzilla.novell.com/show_bug.cgi?id=652945
https://bugzilla.novell.com/show_bug.cgi?id=653148
https://bugzilla.novell.com/show_bug.cgi?id=653258
https://bugzilla.novell.com/show_bug.cgi?id=653260
https://bugzilla.novell.com/show_bug.cgi?id=653266
https://bugzilla.novell.com/show_bug.cgi?id=653800
https://bugzilla.novell.com/show_bug.cgi?id=653930
https://bugzilla.novell.com/show_bug.cgi?id=654150
https://bugzilla.novell.com/show_bug.cgi?id=654530
https://bugzilla.novell.com/show_bug.cgi?id=654581
https://bugzilla.novell.com/show_bug.cgi?id=654701
https://bugzilla.novell.com/show_bug.cgi?id=654837
https://bugzilla.novell.com/show_bug.cgi?id=654967
https://bugzilla.novell.com/show_bug.cgi?id=655027
https://bugzilla.novell.com/show_bug.cgi?id=655278
https://bugzilla.novell.com/show_bug.cgi?id=656471
https://bugzilla.novell.com/show_bug.cgi?id=657324
https://bugzilla.novell.com/show_bug.cgi?id=657350
https://bugzilla.novell.com/show_bug.cgi?id=657412
https://bugzilla.novell.com/show_bug.cgi?id=657415
https://bugzilla.novell.com/show_bug.cgi?id=657976
https://bugzilla.novell.com/show_bug.cgi?id=658464
https://bugzilla.novell.com/show_bug.cgi?id=658829
https://bugzilla.novell.com/show_bug.cgi?id=659144
http://support.novell.com/security/cve/CVE-2010-3437.html
http://support.novell.com/security/cve/CVE-2010-3861.html
http://support.novell.com/security/cve/CVE-2010-3874.html
http://support.novell.com/security/cve/CVE-2010-3881.html
http://support.novell.com/security/cve/CVE-2010-4072.html
http://support.novell.com/security/cve/CVE-2010-4073.html
http://support.novell.com/security/cve/CVE-2010-4082.html
http://support.novell.com/security/cve/CVE-2010-4083.html
http://support.novell.com/security/cve/CVE-2010-4157.html
http://support.novell.com/security/cve/CVE-2010-4158.html
http://support.novell.com/security/cve/CVE-2010-4160.html
http://support.novell.com/security/cve/CVE-2010-4162.html
http://support.novell.com/security/cve/CVE-2010-4163.html
http://support.novell.com/security/cve/CVE-2010-4164.html
http://support.novell.com/security/cve/CVE-2010-4165.html
http://support.novell.com/security/cve/CVE-2010-4169.html
http://support.novell.com/security/cve/CVE-2010-4175.html
http://support.novell.com/security/cve/CVE-2010-4258.html

Solution :

Apply SAT patch number 3760 / 3762 / 3763 as appropriate.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now