SUSE-SA:2005:067: kernel

High Nessus Plugin ID 20282


The remote host is missing a vendor-supplied security patch


The remote host is missing the patch for the advisory SUSE-SA:2005:067 (kernel).

This kernel update for SUSE Linux 10.0 contains fixes for XEN, various security fixes and bug fixes.

This update includes a more recent snapshot of the upcoming XEN 3.0.
Many bugs have been fixed. Stability for x86_64 has been improved.
Stability has been improved for SMP, and now both i586 and x86_64 kernels are built with SMP support.

It also contains several security fixes :

- CVE-2005-3783: A check in ptrace(2) handling that finds out if a process is attaching to itself was incorrect and could be used by a local attacker to crash the machine.

- CVE-2005-3784: A check in reaping of terminating child processes did not consider ptrace(2) attached processes and would leave a ptrace reference dangling. This could lead to a local user being able to crash the machine.

- CVE-2005-3271: A task leak problem when releasing POSIX timers was fixed. This could lead to local users causing a local denial of service by exhausting system memory.

- CVE-2005-3805: A locking problem in POSIX timer handling could be used by a local attacker on a SMP system to deadlock the machine.

- CVE-2005-3181: A problem in the Linux auditing code could lead to a memory leak which finally could exhaust system memory of a machine.

- CVE-2005-2973: An infinite loop in the IPv6 UDP loopback handling can be easily triggered by a local user and lead to a denial of service.

- CVE-2005-3806: A bug in IPv6 flow label handling code could be used by a local attacker to free non-allocated memory and in turn corrupt kernel memory and likely crash the machine.

- CVE-2005-3807: A memory kernel leak in VFS lease handling can exhaust the machine memory and so cause a local denial of service. This is seen in regular Samba use and could also be triggered by local attackers.

- CVE-2005-3055: Unplugging an user space controlled USB device with an URB pending in user space could crash the kernel. This can be easily triggered by local attacker.

- CVE-2005-3180: Fixed incorrect padding in Orinoco wireless driver, which could expose kernel data to the air.

- CVE-2005-3044: Missing sockfd_put() calls in routing_ioctl() leaked file handles which in turn could exhaust system memory.

- CVE-2005-3527: A race condition in do_coredump in signal.c allows local users to cause a denial of service (machine hang) by triggering a core dump in one thread while another thread has a pending SIGSTOP.


Plugin Details

Severity: High

ID: 20282

File Name: suse_SA_2005_067.nasl

Version: $Revision: 1.4 $

Agent: unix

Published: 2005/12/08

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list