SUSE-SA:2004:037: kernel

High Nessus Plugin ID 15528


The remote host is missing a vendor-supplied security patch


The remote host is missing the patch for the advisory SUSE-SA:2004:037 (kernel).

An integer underflow problem in the iptables firewall logging rules can allow a remote attacker to crash the machine by using a handcrafted IP packet. This attack is only possible with firewalling enabled.

We would like to thank Richard Hart for reporting the problem.

This problem has already been fixed in the 2.6.8 upstream Linux kernel, this update contains a backport of the fix.

Products running a 2.4 kernel are not affected.

Mitre has assigned the CVE ID CVE-2004-0816 for this problem.

Additionaly Martin Schwidefsky of IBM found an incorrectly handled privileged instruction which can lead to a local user gaining root user privileges.

This only affects the SUSE Linux Enterprise Server 9 on the S/390 platform and has been assigned CVE ID CVE-2004-0887.

Additionaly the following non-security bugs were fixed:

- Two CD burning problems.

- USB 2.0 stability problems under high load on SMP systems.

- Several SUSE Linux Enterprise Server issues.
(see the Maintenance Information Mail for more informations).


Plugin Details

Severity: High

ID: 15528

File Name: suse_SA_2004_037.nasl

Version: $Revision: 1.9 $

Agent: unix

Published: 2004/10/21

Modified: 2010/10/06

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Exploit Available: false

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2004-0816, CVE-2004-0887

BID: 11488, 11489