SuSE Security Update: Kernel Update for SUSE Linux 10.1 (kernel-4193)

high Nessus Plugin ID 27296

Synopsis

The remote SuSE system is missing the security patch kernel-4193.

Description

This kernel update brings the kernel to the one shipped with SLES 10 Service Pack 1 and also fixes the following security problems:

- CVE-2007-2242: The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.

The default is that RH0 is disabled now. To adjust this, write to the file /proc/net/accept_source_route6.

- CVE-2007-2453: The random number feature in the Linux kernel 2.6 (1) did not properly seed pools when there is no entropy, or (2) used an incorrect cast when extracting entropy, which might have caused the random number generator to provide the same values after reboots on systems without an entropy source.

- CVE-2007-2876: A NULL pointer dereference in SCTP connection tracking could be caused by a remote attacker by sending specially crafted packets. Note that this requires SCTP set-up and active to be exploitable.

- CVE-2007-3105: Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving 'bound check ordering'.

Since this value can only be changed by a root user, exploitability is low.

- CVE-2007-3107: The signal handling in the Linux kernel, when run on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency.

- CVE-2007-2525: Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel allowed local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized.

- CVE-2007-3513: The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kernel did not limit the amount of memory used by a caller, which allowed local users to cause a denial of service (memory consumption).

- CVE-2007-3851: On machines with a Intel i965 based graphics card local users with access to the direct rendering devicenode could overwrite memory on the machine and so gain root privileges.

This kernel is not compatible to the previous SUSE Linux 10.1 kernel, so the Kernel Module Packages will need to be updated.

Solution

Install the security patch kernel-4193.

Plugin Details

Severity: High

ID: 27296

File Name: suse_kernel-4193.nasl

Version: 1.14

Agent: unix

Family: SuSE Local Security Checks

Published: 10/17/2007

Updated: 1/14/2021

Supported Sensors: Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Reference Information

CVE: CVE-2007-2242, CVE-2007-2453, CVE-2007-2876, CVE-2007-3105, CVE-2007-3107, CVE-2007-2525, CVE-2007-3513, CVE-2007-3851

CWE: 119, 399