openSUSE Security Update : kernel (openSUSE-SU-2013:1043-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The openSUSE 12.3 kernel was updated to fix a critical security issue
and two reiserfs bugs.

CVE-2013-2850: Incorrect strncpy usage in the network listening part
of the iscsi target driver could have been used by remote attackers to
crash the kernel or execute code.

This required the iscsi target running on the machine and the attacker
able to make a network connection to it (aka not filtered by
firewalls).

Bugs fixed :

- reiserfs: fix spurious multiple-fill in
reiserfs_readdir_dentry (bnc#822722).

- reiserfs: fix problems with chowning setuid file w/
xattrs (bnc#790920).

- iscsi-target: fix heap buffer overflow on error
(CVE-2013-2850, bnc#821560).

See also :

http://lists.opensuse.org/opensuse-updates/2013-06/msg00167.html
https://bugzilla.novell.com/show_bug.cgi?id=790920
https://bugzilla.novell.com/show_bug.cgi?id=821560
https://bugzilla.novell.com/show_bug.cgi?id=822722

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.9
(CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 75049 ()

Bugtraq ID: 60243

CVE ID: CVE-2013-2850

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now