SUSE-SA:2004:028: kernel

High Nessus Plugin ID 14600


The remote host is missing a vendor-supplied security patch


The remote host is missing the patch for the advisory SUSE-SA:2004:028 (kernel).

Various signedness issues and integer overflows have been fixed within kNFSd and the XDR decode functions of kernel 2.6.
These bugs can be triggered remotely by sending a package with a trusted source IP address and a write request with a size greater then 2^31.
The result will be a kernel Oops, it is unknown if this bug is otherwise exploitable yet.
Kernel 2.4 nfsd code is different but may suffer from the same vulnerability.
Additionally a local denial-of-service condition via /dev/ptmx, which affects kernel 2.6 only has been fixed. Thanks to Jan Engelhardt for reporting this issue to us.


Plugin Details

Severity: High

ID: 14600

File Name: suse_SA_2004_028.nasl

Version: $Revision: 1.11 $

Agent: unix

Published: 2004/09/01

Modified: 2016/12/27

Dependencies: 12634

Risk Information

Risk Factor: High

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Reference Information

BID: 11081