SuSE 10 Security Update : Linux Kernel (x86) (ZYPP Patch Number 5734)

Medium Nessus Plugin ID 35026

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This patch updates the SUSE Linux Enterprise 10 SP1 kernel. It fixes various bugs and security issues.

The following security issues are addressed :

- fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O. (CVE-2008-4210)

- The ext[234] filesystem code fails to properly handle corrupted data structures. With a mounted filesystem image or partition that have corrupted dir->i_size and dir->i_blocks, a user performing either a read or write operation on the mounted image or partition can lead to a possible denial of service by spamming the logfile.
(CVE-2008-3528)

- fs/direct-io.c in the dio subsystem in the Linux kernel did not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. (CVE-2007-6716)

All other bugfixes can be found by looking at the RPM changelog.

Solution

Apply ZYPP patch number 5734.

See Also

http://support.novell.com/security/cve/CVE-2007-6716.html

http://support.novell.com/security/cve/CVE-2008-3528.html

http://support.novell.com/security/cve/CVE-2008-4210.html

Plugin Details

Severity: Medium

ID: 35026

File Name: suse_kernel-5734.nasl

Version: 1.17

Type: local

Agent: unix

Published: 2008/12/03

Updated: 2018/05/31

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2008/11/03

Reference Information

CVE: CVE-2007-6716, CVE-2008-3528, CVE-2008-4210

CWE: 264