openSUSE 10 Security Update : kernel (kernel-3760)

High Nessus Plugin ID 27295


The remote openSUSE host is missing a security update.


This kernel update fixes the following security problems :

- CVE-2007-1861: The nl_fib_lookup function in net/ipv4/fib_frontend.c allows attackers to cause a denial of service (kernel panic) via NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and a stack overflow.

- CVE-2007-1496: nfnetlink_log in netfilter allows attackers to cause a denial of service (crash) via unspecified vectors involving the (1) nfulnl_recv_config function, (2) using 'multiple packets per netlink message', and (3) bridged packets, which trigger a NULL pointer dereference.

- CVE-2007-1497: nf_conntrack in netfilter does not set nfctinfo during reassembly of fragmented packets, which leaves the default value as IP_CT_ESTABLISHED and might allow remote attackers to bypass certain rulesets using IPv6 fragments.

Please note that the connection tracking option for IPv6 is not enabled in any currently shipping SUSE Linux kernel, so it does not affect SUSE Linux default kernels.

- CVE-2007-2242: The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.

The behaviour has been disabled by default, and the patch introduces a new sysctl with which the administrator can reenable it again.

- CVE-2006-7203: The compat_sys_mount function in fs/compat.c allows local users to cause a denial of service (NULL pointer dereference and oops) by mounting a smbfs file system in compatibility mode ('mount -t smbfs').

- CVE-2007-2453: Seeding of the kernel random generator on boot did not work correctly due to a programming mistake and so the kernel might have more predictable random numbers than assured.

- CVE-2007-2876: A NULL pointer dereference in SCTP connection tracking could be caused by a remote attacker by sending specially crafted packets. Note that this requires SCTP set-up and active to be exploitable.

and the following non security bugs :

- patches.fixes/cpufreq_fix_limited_on_battery.patch:
Fix limited freq when booted on battery. [#231107]

- patches.fixes/usb-keyspan-regression-fix.patch: USB:
keyspan regression fix [#240919]

- - patches.fixes/ tch: hpt366: don't check enablebits for HPT36x [#278696]


Update the affected kernel packages.

Plugin Details

Severity: High

ID: 27295

File Name: suse_kernel-3760.nasl

Version: $Revision: 1.9 $

Type: local

Agent: unix

Published: 2007/10/17

Modified: 2014/06/13

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-bigsmp, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xenpae, cpe:/o:novell:opensuse:10.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2007/06/22

Reference Information

CVE: CVE-2006-7203, CVE-2007-1496, CVE-2007-1497, CVE-2007-1861, CVE-2007-2242, CVE-2007-2453, CVE-2007-2876

CWE: 399