SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5608)

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

This update of the SUSE Linux Enterprise 10 Service Pack 1 kernel
contains lots of bugfixes and several security fixes :

- Added missing capability checks in sbni_ioctl().
(CVE-2008-3525)

- On AMD64 some string operations could leak kernel
information into userspace. (CVE-2008-0598)

- Added range checking in ASN.1 handling for the CIFS and
SNMP NAT netfilter modules. (CVE-2008-1673)

- Fixed range checking in the snd_seq OSS ioctl, which
could be used to leak information from the kernel.
(CVE-2008-3272)

- Fixed a memory leak when looking up deleted directories
which could be used to run the system out of memory.
(CVE-2008-3275)

- The do_change_type function in fs/namespace.c did not
verify that the caller has the CAP_SYS_ADMIN capability,
which allows local users to gain privileges or cause a
denial of service by modifying the properties of a
mountpoint. (CVE-2008-2931)

- Various NULL ptr checks have been added to the tty ops
functions, which might have been used by local attackers
to execute code. We think that this affects only devices
openable by root, so the impact is limited.
(CVE-2008-2812)

See also :

http://support.novell.com/security/cve/CVE-2008-0598.html
http://support.novell.com/security/cve/CVE-2008-1673.html
http://support.novell.com/security/cve/CVE-2008-2812.html
http://support.novell.com/security/cve/CVE-2008-2931.html
http://support.novell.com/security/cve/CVE-2008-3272.html
http://support.novell.com/security/cve/CVE-2008-3275.html
http://support.novell.com/security/cve/CVE-2008-3525.html

Solution :

Apply ZYPP patch number 5608.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 59131 ()

Bugtraq ID:

CVE ID: CVE-2008-0598
CVE-2008-1673
CVE-2008-2812
CVE-2008-2931
CVE-2008-3272
CVE-2008-3275
CVE-2008-3525

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now