This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.
The remote SuSE 10 host is missing a security-related patch.
This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes
several security issues and bugs.
The following security issues were fixed :
- A local attacker could use a Oops (kernel crash) caused
by other flaws to write a 0 byte to a attacker
controlled address in the kernel. This could lead to
privilege escalation together with other issues.
- The backend driver in Xen 3.x allows guest OS users to
cause a denial of service via a kernel thread leak,
which prevents the device and guest OS from being shut
down or create a zombie domain, causes a hang in
zenwatch, or prevents unspecified xm commands from
working properly, related to (1) netback, (2) blkback,
or (3) blktap. (CVE-2010-3699)
- The econet_sendmsg function in net/econet/af_econet.c in
the Linux kernel, when an econet address is configured,
allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a sendmsg call that
specifies a NULL value for the remote address field.
- Stack-based buffer overflow in the econet_sendmsg
function in net/econet/af_econet.c in the Linux kernel
when an econet address is configured, allowed local
users to gain privileges by providing a large number of
iovec structures. (CVE-2010-3848)
- The ec_dev_ioctl function in net/econet/af_econet.c in
the Linux kernel did not require the CAP_NET_ADMIN
capability, which allowed local users to bypass intended
access restrictions and configure econet addresses via
an SIOCSIFADDR ioctl call. (CVE-2010-3850)
- A overflow in sendto() and recvfrom() routines was fixed
that could be used by local attackers to potentially
crash the kernel using some socket families like L2TP.
See also :
Apply ZYPP patch number 7303.
Risk factor :
Medium / CVSS Base Score : 6.9
Public Exploit Available : true
Family: SuSE Local Security Checks
Nessus Plugin ID: 51752 ()
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now