SUSE SLES11 Security Update : kernel (SUSE-SU-2017:2389-1) (Stack Clash)

High Nessus Plugin ID 103110

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed :

- CVE-2017-7482: Several missing length checks ticket decode allowing for information leak or potentially code execution (bsc#1046107).

- CVE-2016-10277: Potential privilege escalation due to a missing bounds check in the lp driver. A kernel command-line adversary can overflow the parport_nr array to execute code (bsc#1039456).

- CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bsc#1049882).

- CVE-2017-7533: Bug in inotify code allowing privilege escalation (bsc#1049483).

- CVE-2017-11176: The mq_notify function in the Linux kernel did not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allowed attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact (bsc#1048275).

- CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603).

- CVE-2017-1000365: The Linux Kernel imposed a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation. (bnc#1039354)

- CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c (bnc#1032340)

- CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow (bnc#1038982).

- CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling (bnc#1038981).

- CVE-2017-1000380: sound/core/timer.c was vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents could have bene disclosed when a read and an ioctl happen at the same time (bnc#1044125)

- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c was too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431)

- CVE-2017-1000363: A buffer overflow in kernel commandline handling of the 'lp' parameter could be used by local console attackers to bypass certain secure boot settings. (bnc#1039456)

- CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885)

- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069)

- CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883)

- CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882)

- CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bnc#1038879)

- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bnc#1038544)

- CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c (bnc#1030593)

- CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the 'dead' type (bnc#1029850)

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t patch sdksp4-kernel-13274=1

SUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-kernel-13274=1

SUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch slexsp3-kernel-13274=1

SUSE Linux Enterprise Real Time Extension 11-SP4:zypper in -t patch slertesp4-kernel-13274=1

SUSE Linux Enterprise High Availability Extension 11-SP4:zypper in -t patch slehasp4-kernel-13274=1

SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-kernel-13274=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1000365

https://bugzilla.suse.com/show_bug.cgi?id=1000380

https://bugzilla.suse.com/show_bug.cgi?id=1012422

https://bugzilla.suse.com/show_bug.cgi?id=1013018

https://bugzilla.suse.com/show_bug.cgi?id=1015452

https://bugzilla.suse.com/show_bug.cgi?id=1023051

https://bugzilla.suse.com/show_bug.cgi?id=1029140

https://bugzilla.suse.com/show_bug.cgi?id=1029850

https://bugzilla.suse.com/show_bug.cgi?id=1030552

https://bugzilla.suse.com/show_bug.cgi?id=1030593

https://bugzilla.suse.com/show_bug.cgi?id=1030814

https://bugzilla.suse.com/show_bug.cgi?id=1032340

https://bugzilla.suse.com/show_bug.cgi?id=1032471

https://bugzilla.suse.com/show_bug.cgi?id=1034026

https://bugzilla.suse.com/show_bug.cgi?id=1034670

https://bugzilla.suse.com/show_bug.cgi?id=1035576

https://bugzilla.suse.com/show_bug.cgi?id=1035721

https://bugzilla.suse.com/show_bug.cgi?id=1035777

https://bugzilla.suse.com/show_bug.cgi?id=1035920

https://bugzilla.suse.com/show_bug.cgi?id=1036056

https://bugzilla.suse.com/show_bug.cgi?id=1036288

https://bugzilla.suse.com/show_bug.cgi?id=1036629

https://bugzilla.suse.com/show_bug.cgi?id=1037191

https://bugzilla.suse.com/show_bug.cgi?id=1037193

https://bugzilla.suse.com/show_bug.cgi?id=1037227

https://bugzilla.suse.com/show_bug.cgi?id=1037232

https://bugzilla.suse.com/show_bug.cgi?id=1037233

https://bugzilla.suse.com/show_bug.cgi?id=1037356

https://bugzilla.suse.com/show_bug.cgi?id=1037358

https://bugzilla.suse.com/show_bug.cgi?id=1037359

https://bugzilla.suse.com/show_bug.cgi?id=1037441

https://bugzilla.suse.com/show_bug.cgi?id=1038544

https://bugzilla.suse.com/show_bug.cgi?id=1038879

https://bugzilla.suse.com/show_bug.cgi?id=1038981

https://bugzilla.suse.com/show_bug.cgi?id=1038982

https://bugzilla.suse.com/show_bug.cgi?id=1039258

https://bugzilla.suse.com/show_bug.cgi?id=1039354

https://bugzilla.suse.com/show_bug.cgi?id=1039456

https://bugzilla.suse.com/show_bug.cgi?id=1039594

https://bugzilla.suse.com/show_bug.cgi?id=1039882

https://bugzilla.suse.com/show_bug.cgi?id=1039883

https://bugzilla.suse.com/show_bug.cgi?id=1039885

https://bugzilla.suse.com/show_bug.cgi?id=1040069

https://bugzilla.suse.com/show_bug.cgi?id=1040351

https://bugzilla.suse.com/show_bug.cgi?id=1041160

https://bugzilla.suse.com/show_bug.cgi?id=1041431

https://bugzilla.suse.com/show_bug.cgi?id=1041762

https://bugzilla.suse.com/show_bug.cgi?id=1041975

https://bugzilla.suse.com/show_bug.cgi?id=1042045

https://bugzilla.suse.com/show_bug.cgi?id=1042615

https://bugzilla.suse.com/show_bug.cgi?id=1042633

https://bugzilla.suse.com/show_bug.cgi?id=1042687

https://bugzilla.suse.com/show_bug.cgi?id=1042832

https://bugzilla.suse.com/show_bug.cgi?id=1042863

https://bugzilla.suse.com/show_bug.cgi?id=1043014

https://bugzilla.suse.com/show_bug.cgi?id=1043234

https://bugzilla.suse.com/show_bug.cgi?id=1043935

https://bugzilla.suse.com/show_bug.cgi?id=1044015

https://bugzilla.suse.com/show_bug.cgi?id=1044125

https://bugzilla.suse.com/show_bug.cgi?id=1044216

https://bugzilla.suse.com/show_bug.cgi?id=1044230

https://bugzilla.suse.com/show_bug.cgi?id=1044854

https://bugzilla.suse.com/show_bug.cgi?id=1044882

https://bugzilla.suse.com/show_bug.cgi?id=1044913

https://bugzilla.suse.com/show_bug.cgi?id=1045154

https://bugzilla.suse.com/show_bug.cgi?id=1045356

https://bugzilla.suse.com/show_bug.cgi?id=1045416

https://bugzilla.suse.com/show_bug.cgi?id=1045479

https://bugzilla.suse.com/show_bug.cgi?id=1045487

https://bugzilla.suse.com/show_bug.cgi?id=1045525

https://bugzilla.suse.com/show_bug.cgi?id=1045538

https://bugzilla.suse.com/show_bug.cgi?id=1045547

https://bugzilla.suse.com/show_bug.cgi?id=1045615

https://bugzilla.suse.com/show_bug.cgi?id=1046107

https://bugzilla.suse.com/show_bug.cgi?id=1046192

https://bugzilla.suse.com/show_bug.cgi?id=1046715

https://bugzilla.suse.com/show_bug.cgi?id=1047027

https://bugzilla.suse.com/show_bug.cgi?id=1047053

https://bugzilla.suse.com/show_bug.cgi?id=1047343

https://bugzilla.suse.com/show_bug.cgi?id=1047354

https://bugzilla.suse.com/show_bug.cgi?id=1047487

https://bugzilla.suse.com/show_bug.cgi?id=1047523

https://bugzilla.suse.com/show_bug.cgi?id=1047653

https://bugzilla.suse.com/show_bug.cgi?id=1048185

https://bugzilla.suse.com/show_bug.cgi?id=1048221

https://bugzilla.suse.com/show_bug.cgi?id=1048232

https://bugzilla.suse.com/show_bug.cgi?id=1048275

https://bugzilla.suse.com/show_bug.cgi?id=1049128

https://bugzilla.suse.com/show_bug.cgi?id=1049483

https://bugzilla.suse.com/show_bug.cgi?id=1049603

https://bugzilla.suse.com/show_bug.cgi?id=1049688

https://bugzilla.suse.com/show_bug.cgi?id=1049882

https://bugzilla.suse.com/show_bug.cgi?id=1050154

https://bugzilla.suse.com/show_bug.cgi?id=1050431

https://bugzilla.suse.com/show_bug.cgi?id=1051478

https://bugzilla.suse.com/show_bug.cgi?id=1051515

https://bugzilla.suse.com/show_bug.cgi?id=1051770

https://bugzilla.suse.com/show_bug.cgi?id=1055680

https://bugzilla.suse.com/show_bug.cgi?id=784815

https://bugzilla.suse.com/show_bug.cgi?id=792863

https://bugzilla.suse.com/show_bug.cgi?id=799133

https://bugzilla.suse.com/show_bug.cgi?id=909618

https://bugzilla.suse.com/show_bug.cgi?id=919382

https://bugzilla.suse.com/show_bug.cgi?id=928138

https://bugzilla.suse.com/show_bug.cgi?id=938352

https://bugzilla.suse.com/show_bug.cgi?id=943786

https://bugzilla.suse.com/show_bug.cgi?id=948562

https://bugzilla.suse.com/show_bug.cgi?id=962257

https://bugzilla.suse.com/show_bug.cgi?id=971975

https://bugzilla.suse.com/show_bug.cgi?id=972891

https://bugzilla.suse.com/show_bug.cgi?id=986924

https://bugzilla.suse.com/show_bug.cgi?id=990682

https://bugzilla.suse.com/show_bug.cgi?id=995542

https://www.suse.com/security/cve/CVE-2014-9922/

https://www.suse.com/security/cve/CVE-2016-10277/

https://www.suse.com/security/cve/CVE-2017-1000363/

https://www.suse.com/security/cve/CVE-2017-1000365/

https://www.suse.com/security/cve/CVE-2017-1000380/

https://www.suse.com/security/cve/CVE-2017-11176/

https://www.suse.com/security/cve/CVE-2017-11473/

https://www.suse.com/security/cve/CVE-2017-2647/

https://www.suse.com/security/cve/CVE-2017-6951/

https://www.suse.com/security/cve/CVE-2017-7482/

https://www.suse.com/security/cve/CVE-2017-7487/

https://www.suse.com/security/cve/CVE-2017-7533/

https://www.suse.com/security/cve/CVE-2017-7542/

https://www.suse.com/security/cve/CVE-2017-8890/

https://www.suse.com/security/cve/CVE-2017-8924/

https://www.suse.com/security/cve/CVE-2017-8925/

https://www.suse.com/security/cve/CVE-2017-9074/

https://www.suse.com/security/cve/CVE-2017-9075/

https://www.suse.com/security/cve/CVE-2017-9076/

https://www.suse.com/security/cve/CVE-2017-9077/

https://www.suse.com/security/cve/CVE-2017-9242/

http://www.nessus.org/u?d921ed6a

Plugin Details

Severity: High

ID: 103110

File Name: suse_SU-2017-2389-1.nasl

Version: 3.7

Type: local

Agent: unix

Published: 2017/09/11

Updated: 2018/11/30

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-ec2, p-cpe:/a:novell:suse_linux:kernel-ec2-base, p-cpe:/a:novell:suse_linux:kernel-ec2-devel, p-cpe:/a:novell:suse_linux:kernel-pae, p-cpe:/a:novell:suse_linux:kernel-pae-base, p-cpe:/a:novell:suse_linux:kernel-pae-devel, p-cpe:/a:novell:suse_linux:kernel-source, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-trace, p-cpe:/a:novell:suse_linux:kernel-trace-base, p-cpe:/a:novell:suse_linux:kernel-trace-devel, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-xen-devel, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/09/08

Reference Information

CVE: CVE-2014-9922, CVE-2016-10277, CVE-2017-1000363, CVE-2017-1000365, CVE-2017-1000380, CVE-2017-11176, CVE-2017-11473, CVE-2017-2647, CVE-2017-6951, CVE-2017-7482, CVE-2017-7487, CVE-2017-7533, CVE-2017-7542, CVE-2017-8890, CVE-2017-8924, CVE-2017-8925, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242