SUSE-SA:2005:003: kernel

medium Nessus Plugin ID 16307

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2005:003 (kernel).



Several exploitable security problems were identified and fixed in the Linux kernel, the core of every SUSE Linux product.


- Due to missing locking in the sys_uselib system call a local attacker can gain root access. This was found by Paul Starzetz and is tracked by the Mitre CVE ID CVE-2004-1235.


- Paul Starzetz also found a race condition in SMP page table handling which could lead to a local attacker gaining root access on SMP machines. This is tracked by the Mitre CVE ID CVE-2005-0001.


- A local denial of service was found in the auditing subsystem which have lead a local attacker crashing the machine. This was reported and fixed by Redhat.


- The sendmsg / cmsg fix from the previous kernel update was faulty on 64bit systems with 32bit compatibility layer and could lead to 32bit applications not working correctly on those 64bit systems.


- The smbfs security fixes from a before-previous kernel update were faulty for some file write cases.


- A local denial of service with Direct I/O access to NFS file systems could lead a local attacker to crash a machine with NFS mounts.


- grsecurity reported a signed integer problem in the SCSI ioctl handling which had a missing boundary check.
Due to C language specifics, this evaluation was not correct and there actually is no problem in this code.
The signed / unsigned mismatch was fixed nevertheless.


- Several more small non security problems were fixed.


NOTE: Two days ago we released the Service Pack 1 for the SUSE Linux Enterprise Server 9. This kernel update contains fixes for the SUSE Linux Enterprise Server 9 GA version kernel line.

A fix for the Service Pack 1 version line will be available shortly.

Solution

http://www.suse.de/security/advisories/2005_03_kernel.html

Plugin Details

Severity: Medium

ID: 16307

File Name: suse_SA_2005_003.nasl

Version: 1.11

Agent: unix

Published: 2/3/2005

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2004-1235, CVE-2005-0001