This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.
The remote SuSE 10 host is missing a security-related patch.
This kernel update for SUSE Linux Enterprise 10 Service Pack 2 fixes
various bugs and some security problems :
- When creating a file, open()/creat() allowed the setgid
bit to be set via the mode argument even when, due to
the bsdgroups mount option or the file being created in
a setgid directory, the new file's group is one which
the user is not a member of. The local attacker could
then use ftruncate() and memory-mapped I/O to turn the
new file into an arbitrary binary and thus gain the
privileges of this group, since these operations do not
clear the setgid bit.'. (CVE-2008-4210)
- The ext filesystem code fails to properly handle
corrupted data structures. With a mounted filesystem
image or partition that have corrupted dir->i_size and
dir->i_blocks, a user performing either a read or write
operation on the mounted image or partition can lead to
a possible denial of service by spamming the logfile.
- The S/390 ptrace code allowed local users to cause a
denial of service (kernel panic) via the
user-area-padding test from the ptrace testsuite in
31-bit mode, which triggers an invalid dereference.
- fs/direct-io.c in the dio subsystem in the Linux kernel
did not properly zero out the dio struct, which allows
local users to cause a denial of service (OOPS), as
demonstrated by a certain fio test. (CVE-2007-6716)
- Added missing capability checks in sbni_ioctl().
Also OCFS2 was updated to version v1.4.1-1.
The full amount of changes can be reviewed in the RPM changelog.
See also :
Apply ZYPP patch number 5667.
Risk factor :
High / CVSS Base Score : 7.2