SUSE-SA:2005:003: kernel

Medium Nessus Plugin ID 16307

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 8.9

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2005:003 (kernel).



Several exploitable security problems were identified and fixed in the Linux kernel, the core of every SUSE Linux product.


- Due to missing locking in the sys_uselib system call a local attacker can gain root access. This was found by Paul Starzetz and is tracked by the Mitre CVE ID CVE-2004-1235.


- Paul Starzetz also found a race condition in SMP page table handling which could lead to a local attacker gaining root access on SMP machines. This is tracked by the Mitre CVE ID CVE-2005-0001.


- A local denial of service was found in the auditing subsystem which have lead a local attacker crashing the machine. This was reported and fixed by Redhat.


- The sendmsg / cmsg fix from the previous kernel update was faulty on 64bit systems with 32bit compatibility layer and could lead to 32bit applications not working correctly on those 64bit systems.


- The smbfs security fixes from a before-previous kernel update were faulty for some file write cases.


- A local denial of service with Direct I/O access to NFS file systems could lead a local attacker to crash a machine with NFS mounts.


- grsecurity reported a signed integer problem in the SCSI ioctl handling which had a missing boundary check.
Due to C language specifics, this evaluation was not correct and there actually is no problem in this code.
The signed / unsigned mismatch was fixed nevertheless.


- Several more small non security problems were fixed.


NOTE: Two days ago we released the Service Pack 1 for the SUSE Linux Enterprise Server 9. This kernel update contains fixes for the SUSE Linux Enterprise Server 9 GA version kernel line.

A fix for the Service Pack 1 version line will be available shortly.

Solution

http://www.suse.de/security/advisories/2005_03_kernel.html

Plugin Details

Severity: Medium

ID: 16307

File Name: suse_SA_2005_003.nasl

Version: 1.10

Agent: unix

Published: 2005/02/03

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: Medium

VPR Score: 8.9

CVSS v2.0

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2004-1235, CVE-2005-0001