SuSE 10 Security Update : Linux Kernel (x86_64) (ZYPP Patch Number 5735)

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

This patch updates the SUSE Linux Enterprise 10 SP1 kernel. It fixes
various bugs and security issues.

The following security issues are addressed :

- fs/open.c in the Linux kernel before 2.6.22 does not
properly strip setuid and setgid bits when there is a
write to a file, which allows local users to gain the
privileges of a different group, and obtain sensitive
information or possibly have unspecified other impact,
by creating an executable file in a setgid directory
through the (1) truncate or (2) ftruncate function in
conjunction with memory-mapped I/O. (CVE-2008-4210)

- The ext[234] filesystem code fails to properly handle
corrupted data structures. With a mounted filesystem
image or partition that have corrupted dir->i_size and
dir->i_blocks, a user performing either a read or write
operation on the mounted image or partition can lead to
a possible denial of service by spamming the logfile.
(CVE-2008-3528)

- fs/direct-io.c in the dio subsystem in the Linux kernel
did not properly zero out the dio struct, which allows
local users to cause a denial of service (OOPS), as
demonstrated by a certain fio test. (CVE-2007-6716)

All other bugfixes can be found by looking at the RPM changelog.

See also :

http://support.novell.com/security/cve/CVE-2007-6716.html
http://support.novell.com/security/cve/CVE-2008-3528.html
http://support.novell.com/security/cve/CVE-2008-4210.html

Solution :

Apply ZYPP patch number 5735.

Risk factor :

Medium / CVSS Base Score : 4.7
(CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C)

Family: SuSE Local Security Checks

Nessus Plugin ID: 59134 ()

Bugtraq ID:

CVE ID: CVE-2007-6716
CVE-2008-3528
CVE-2008-4210

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now