Detections
Analytics
SUSE-SA:2005:068: kernel
high Nessus Plugin ID 20334
Synopsis
The remote host is missing a vendor-supplied security patchDescription
The remote host is missing the patch for the advisory SUSE-SA:2005:068 (kernel).The Linux kernel was updated to fix several security problems and several bugs, listed below:
Security fixes:
- CVE-2005-3783: A check in ptrace(2) handling that finds out if a process is attaching to itself was incorrect and could be used by a local attacker to crash the machine. (All)
- CVE-2005-3784: A check in reaping of terminating child processes did not consider ptrace(2) attached processes and would leave a ptrace reference dangling. This could lead to a local user being able to crash the machine. (Linux kernel 2.6 based products only)
- CVE-2005-3806: A bug in IPv6 flow label handling code could be used by a local attacker to free non-allocated memory and in turn corrupt kernel memory and likely crash the machine. (All)
- CVE-2005-3805: A locking problem in POSIX timer handling could be used by a local attacker on a SMP system to deadlock the machine. (SUSE Linux 9.3)
- CVE-2005-3527: A race condition in do_coredump in signal.c allows local users to cause a denial of service (machine hang) by triggering a core dump in one thread while another thread has a pending SIGSTOP. (SUSE Linux 9.3)
- CVE-2005-3807: A memory kernel leak in VFS lease handling can exhaust the machine memory and so cause a local denial of service. This is seen in regular Samba use and could also be triggered by local attackers. (SUSE Linux 9.3)
- Others: see original advisory
Solution
http://www.suse.de/security/advisories/2005_68_kernel.htmlPlugin Details
Severity: High
ID: 20334
File Name: suse_SA_2005_068.nasl
Version: 1.9
Agent: unix
Family: SuSE Local Security Checks
Published: 12/20/2005
Updated: 1/14/2021
Supported Sensors: Continuous Assessment, Nessus Agent, Nessus
Vulnerability Information
Required KB Items: Host/SuSE/rpm-list