SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 7303)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes
several security issues and bugs.

The following security issues were fixed :

- A local attacker could use a Oops (kernel crash) caused
by other flaws to write a 0 byte to a attacker
controlled address in the kernel. This could lead to
privilege escalation together with other issues.
(CVE-2010-4258)

- The backend driver in Xen 3.x allows guest OS users to
cause a denial of service via a kernel thread leak,
which prevents the device and guest OS from being shut
down or create a zombie domain, causes a hang in
zenwatch, or prevents unspecified xm commands from
working properly, related to (1) netback, (2) blkback,
or (3) blktap. (CVE-2010-3699)

- The econet_sendmsg function in net/econet/af_econet.c in
the Linux kernel, when an econet address is configured,
allowed local users to cause a denial of service (NULL
pointer dereference and OOPS) via a sendmsg call that
specifies a NULL value for the remote address field.
(CVE-2010-3849)

- Stack-based buffer overflow in the econet_sendmsg
function in net/econet/af_econet.c in the Linux kernel
when an econet address is configured, allowed local
users to gain privileges by providing a large number of
iovec structures. (CVE-2010-3848)

- The ec_dev_ioctl function in net/econet/af_econet.c in
the Linux kernel did not require the CAP_NET_ADMIN
capability, which allowed local users to bypass intended
access restrictions and configure econet addresses via
an SIOCSIFADDR ioctl call. (CVE-2010-3850)

- A overflow in sendto() and recvfrom() routines was fixed
that could be used by local attackers to potentially
crash the kernel using some socket families like L2TP.
(CVE-2010-4160)

See also :

http://support.novell.com/security/cve/CVE-2010-3699.html
http://support.novell.com/security/cve/CVE-2010-3848.html
http://support.novell.com/security/cve/CVE-2010-3849.html
http://support.novell.com/security/cve/CVE-2010-3850.html
http://support.novell.com/security/cve/CVE-2010-4160.html
http://support.novell.com/security/cve/CVE-2010-4258.html

Solution :

Apply ZYPP patch number 7303.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 51752 ()

Bugtraq ID:

CVE ID: CVE-2010-3699
CVE-2010-3848
CVE-2010-3849
CVE-2010-3850
CVE-2010-4160
CVE-2010-4258

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now