SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6437)

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 10 host is missing a security-related patch.

Description :

This patch updates the SUSE Linux Enterprise 10 SP2 kernel to fix
various bugs and some security issues.

The following security issues were fixed: CVE-2009-2692: A missing
NULL pointer check in the socket sendpage function can be used by
local attackers to gain root privileges.

(No cve yet) A information leak from using sigaltstack was fixed.

Enabled -fno-delete-null-pointer-checks to avoid optimizing away NULL
pointer checks and fixed Makefiles to make sure

-fwrapv is used everywhere. CVE-2009-1758: The hypervisor_callback
function in Xen allows guest user applications to cause a denial of
service (kernel oops) of the guest OS by triggering a segmentation
fault in 'certain address ranges.'

- A crash on r8169 network cards when receiving large
packets was fixed. (CVE-2009-1389)

- The nfs_permission function in fs/nfs/dir.c in the NFS
client implementation in the Linux kernel, when
atomic_open is available, does not check execute (aka
EXEC or MAY_EXEC) permission bits, which allows local
users to bypass permissions and execute files, as
demonstrated by files on an NFSv4 fileserver.
(CVE-2009-1630)

See also :

http://support.novell.com/security/cve/CVE-2009-1389.html
http://support.novell.com/security/cve/CVE-2009-1630.html
http://support.novell.com/security/cve/CVE-2009-1758.html
http://support.novell.com/security/cve/CVE-2009-2692.html

Solution :

Apply ZYPP patch number 6437.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 59138 ()

Bugtraq ID:

CVE ID: CVE-2009-1389
CVE-2009-1630
CVE-2009-1758
CVE-2009-2692

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now