openSUSE Security Update : kernel (kernel-423)

High Nessus Plugin ID 40011

Synopsis

The remote openSUSE host is missing a security update.

Description

This update fixes various security issues and several bugs in the openSUSE 11.0 kernel. It was also updated to the stable version 2.6.25.20.

CVE-2008-5702: Buffer underflow in the ibwdt_ioctl function in drivers/watchdog/ib700wdt.c might allow local users to have an unknown impact via a certain /dev/watchdog WDIOC_SETTIMEOUT IOCTL call.

CVE-2008-5700: libata did not set minimum timeouts for SG_IO requests, which allows local users to cause a denial of service (Programmed I/O mode on drives) via multiple simultaneous invocations of an unspecified test program.

CVE-2008-5079: net/atm/svc.c in the ATM subsystem allowed local users to cause a denial of service (kernel infinite loop) by making two calls to svc_listen for the same socket, and then reading a /proc/net/atm/*vc file, related to corruption of the vcc table.

CVE-2008-5300: Linux kernel 2.6.28 allows local users to cause a denial of service ('soft lockup' and process loss) via a large number of sendmsg function calls, which does not block during AF_UNIX garbage collection and triggers an OOM condition, a different vulnerability than CVE-2008-5029.

CVE-2008-5029: The __scm_destroy function in net/core/scm.c makes indirect recursive calls to itself through calls to the fput function, which allows local users to cause a denial of service (panic) via vectors related to sending an SCM_RIGHTS message through a UNIX domain socket and closing file descriptors.

CVE-2008-4933: Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c allowed attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function.

CVE-2008-5025: Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c allowed attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933.

CVE-2008-5182: The inotify functionality might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount.

CVE-2008-3831: The i915 driver in drivers/char/drm/i915_dma.c does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration.

CVE-2008-4554: The do_splice_from function in fs/splice.c did not reject file descriptors that have the O_APPEND flag set, which allows local users to bypass append mode and make arbitrary changes to other locations in the file.

Solution

Update the affected kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=362850

https://bugzilla.novell.com/show_bug.cgi?id=371657

https://bugzilla.novell.com/show_bug.cgi?id=399966

https://bugzilla.novell.com/show_bug.cgi?id=405546

https://bugzilla.novell.com/show_bug.cgi?id=419250

https://bugzilla.novell.com/show_bug.cgi?id=429919

https://bugzilla.novell.com/show_bug.cgi?id=439461

https://bugzilla.novell.com/show_bug.cgi?id=442364

https://bugzilla.novell.com/show_bug.cgi?id=442594

https://bugzilla.novell.com/show_bug.cgi?id=443640

https://bugzilla.novell.com/show_bug.cgi?id=443661

https://bugzilla.novell.com/show_bug.cgi?id=445569

https://bugzilla.novell.com/show_bug.cgi?id=446973

https://bugzilla.novell.com/show_bug.cgi?id=447241

https://bugzilla.novell.com/show_bug.cgi?id=447406

https://bugzilla.novell.com/show_bug.cgi?id=450417

https://bugzilla.novell.com/show_bug.cgi?id=457896

https://bugzilla.novell.com/show_bug.cgi?id=457897

https://bugzilla.novell.com/show_bug.cgi?id=457898

Plugin Details

Severity: High

ID: 40011

File Name: suse_11_0_kernel-090114.nasl

Version: Revision: 1.10

Type: local

Agent: unix

Published: 2009/07/21

Updated: 2016/12/21

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-rt, p-cpe:/a:novell:opensuse:kernel-rt_debug, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-xen, cpe:/o:novell:opensuse:11.0

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/01/14

Reference Information

CVE: CVE-2008-3831, CVE-2008-4554, CVE-2008-4933, CVE-2008-5025, CVE-2008-5029, CVE-2008-5079, CVE-2008-5182, CVE-2008-5300, CVE-2008-5700, CVE-2008-5702

CWE: 119, 264, 362, 399