openSUSE 10 Security Update : kernel (kernel-4929)

High Nessus Plugin ID 30142


The remote openSUSE host is missing a security update.


This kernel update fixes the following security problems :

CVE-2008-0007: Insufficient range checks in certain fault handlers could be used by local attackers to potentially read or write kernel memory.

CVE-2008-0001: Incorrect access mode checks could be used by local attackers to corrupt directory contents and so cause denial of service attacks or potentially execute code.

CVE-2007-5966: Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details are obtained from third-party information.

CVE-2007-3843: The Linux kernel checked the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing despite sec=ntlmv2i in a SetupAndX request.

CVE-2007-2242: The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.

CVE-2007-6417: The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances, which might allow local users to read sensitive kernel data or cause a denial of service (crash).

CVE-2007-4308: The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel did not check permissions for ioctls, which might have allowed local users to cause a denial of service or gain privileges.

CVE-2007-3740: The CIFS filesystem, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.

CVE-2007-3848: The Linux kernel allowed local users to send arbitrary signals to a child process that is running at higher privileges by causing a setuid-root parent process to die, which delivers an attacker-controlled parent process death signal (PR_SET_PDEATHSIG).

CVE-2007-4997: Integer underflow in the ieee80211_rx function in net/ieee80211/ieee80211_rx.c in the Linux kernel allowed remote attackers to cause a denial of service (crash) via a crafted SKB length value in a runt IEEE 802.11 frame when the IEEE80211_STYPE_QOS_DATA flag is set, aka an 'off-by-two error.'

CVE-2007-6063: Buffer overflow in the isdn_net_setcfg function in isdn_net.c in the Linux kernel allowed local users to have an unknown impact via a crafted argument to the isdn_ioctl function.

CVE-none-yet: A failed change_hat call can result in an apparmored task becoming unconfined (326546).

and the following non security bugs :

- patches.suse/apparmor-r206-310260.diff: AppArmor - add audit capability names (310260).

- patches.suse/apparmor-r326-240982.diff: AppArmor - fix memory corruption if policy load fails (240982).

- patches.suse/apparmor-r400-221567.diff: AppArmor - kernel dead locks when audit back log occurs (221567).

- patches.suse/apparmor-r405-247679.diff: AppArmor - apparmor fails to log link reject in complain mode (247679).

- patches.suse/apparmor-r473-326556.diff: AppArmor - fix race on ambiguous deleted file name (326556).

- patches.suse/apparmor-r479-257748.diff: AppArmor - fix kernel crash that can occur on profile removal (257748).

- patches.fixes/usb_unusual_292931.diff: add quirk needed for 1652:6600 (292931).

- patches.drivers/r8169-perform-a-PHY-reset-before.patch:
r8169: perform a PHY reset before any other operation at boot time (345658).

- patches.drivers/r8169-more-alignment-for-the-0x8168:

- patches.fixes/usb_336850.diff: fix missing quirk leading to a device disconnecting under load (336850).

- patches.fixes/avm-fix-capilib-locking: [ISDN] Fix random hard freeze with AVM cards. (#341894)


Update the affected kernel packages.

Plugin Details

Severity: High

ID: 30142

File Name: suse_kernel-4929.nasl

Version: $Revision: 1.7 $

Type: local

Agent: unix

Published: 2008/02/01

Modified: 2016/12/22

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-bigsmp, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-kdump, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xenpae, cpe:/o:novell:opensuse:10.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2008/01/21

Reference Information

CVE: CVE-2007-2242, CVE-2007-3740, CVE-2007-3843, CVE-2007-3848, CVE-2007-4308, CVE-2007-4997, CVE-2007-5966, CVE-2007-6063, CVE-2007-6417, CVE-2008-0001, CVE-2008-0007

CWE: 119, 189, 200, 264, 399