openSUSE Security Update : kernel (kernel-733)

Medium Nessus Plugin ID 40249

Synopsis

The remote openSUSE host is missing a security update.

Description

This Linux kernel update for openSUSE 11.1 fixes lots of bugs and some security issues.

The kernel was also updated to the 2.6.27.21 stable release.

CVE-2009-1072: nfsd in the Linux kernel does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.

CVE-2009-0676: The sock_getsockopt function in net/core/sock.c in the Linux kernel does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request. The fix for this was incomplete.

CVE-2009-0835: The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod.

Solution

Update the affected kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=417417

https://bugzilla.novell.com/show_bug.cgi?id=439348

https://bugzilla.novell.com/show_bug.cgi?id=441420

https://bugzilla.novell.com/show_bug.cgi?id=450468

https://bugzilla.novell.com/show_bug.cgi?id=457472

https://bugzilla.novell.com/show_bug.cgi?id=458222

https://bugzilla.novell.com/show_bug.cgi?id=462913

https://bugzilla.novell.com/show_bug.cgi?id=463829

https://bugzilla.novell.com/show_bug.cgi?id=465854

https://bugzilla.novell.com/show_bug.cgi?id=465955

https://bugzilla.novell.com/show_bug.cgi?id=467174

https://bugzilla.novell.com/show_bug.cgi?id=467317

https://bugzilla.novell.com/show_bug.cgi?id=467381

https://bugzilla.novell.com/show_bug.cgi?id=469576

https://bugzilla.novell.com/show_bug.cgi?id=470238

https://bugzilla.novell.com/show_bug.cgi?id=471249

https://bugzilla.novell.com/show_bug.cgi?id=472783

https://bugzilla.novell.com/show_bug.cgi?id=473881

https://bugzilla.novell.com/show_bug.cgi?id=474335

https://bugzilla.novell.com/show_bug.cgi?id=476330

https://bugzilla.novell.com/show_bug.cgi?id=477624

https://bugzilla.novell.com/show_bug.cgi?id=478534

https://bugzilla.novell.com/show_bug.cgi?id=479558

https://bugzilla.novell.com/show_bug.cgi?id=479617

https://bugzilla.novell.com/show_bug.cgi?id=479730

https://bugzilla.novell.com/show_bug.cgi?id=479784

https://bugzilla.novell.com/show_bug.cgi?id=480391

https://bugzilla.novell.com/show_bug.cgi?id=480448

https://bugzilla.novell.com/show_bug.cgi?id=480524

https://bugzilla.novell.com/show_bug.cgi?id=480617

https://bugzilla.novell.com/show_bug.cgi?id=480749

https://bugzilla.novell.com/show_bug.cgi?id=480753

https://bugzilla.novell.com/show_bug.cgi?id=480809

https://bugzilla.novell.com/show_bug.cgi?id=481749

https://bugzilla.novell.com/show_bug.cgi?id=482052

https://bugzilla.novell.com/show_bug.cgi?id=482220

https://bugzilla.novell.com/show_bug.cgi?id=482506

https://bugzilla.novell.com/show_bug.cgi?id=482614

https://bugzilla.novell.com/show_bug.cgi?id=482796

https://bugzilla.novell.com/show_bug.cgi?id=482818

https://bugzilla.novell.com/show_bug.cgi?id=483706

https://bugzilla.novell.com/show_bug.cgi?id=484529

https://bugzilla.novell.com/show_bug.cgi?id=484664

https://bugzilla.novell.com/show_bug.cgi?id=484767

https://bugzilla.novell.com/show_bug.cgi?id=485089

https://bugzilla.novell.com/show_bug.cgi?id=486001

https://bugzilla.novell.com/show_bug.cgi?id=486331

https://bugzilla.novell.com/show_bug.cgi?id=486728

https://bugzilla.novell.com/show_bug.cgi?id=487247

https://bugzilla.novell.com/show_bug.cgi?id=490517

Plugin Details

Severity: Medium

ID: 40249

File Name: suse_11_1_kernel-090401.nasl

Version: Revision: 1.10

Type: local

Agent: unix

Published: 2009/07/21

Updated: 2016/12/21

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-extra, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-extra, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-extra, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-trace-extra, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-extra, cpe:/o:novell:opensuse:11.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2009/04/01

Reference Information

CVE: CVE-2009-0676, CVE-2009-0835, CVE-2009-1072

CWE: 16, 264