openSUSE Security Update : kernel (kernel-1211)

high Nessus Plugin ID 40783
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 8.9

Synopsis

The remote openSUSE host is missing a security update.

Description

This kernel update for openSUSE 11.0 fixes some bugs and several security problems.

The following security issues are fixed: CVE-2009-2692: A missing NULL pointer check in the socket sendpage function can be used by local attackers to gain root privileges.

CVE-2009-2406: A kernel stack overflow when mounting eCryptfs filesystems in parse_tag_11_packet() was fixed. Code execution might be possible of ecryptfs is in use.

CVE-2009-2407: A kernel heap overflow when mounting eCryptfs filesystems in parse_tag_3_packet() was fixed. Code execution might be possible of ecryptfs is in use.

The compiler option -fno-delete-null-pointer-checks was added to the kernel build, and the -fwrapv compiler option usage was fixed to be used everywhere. This works around the compiler removing checks too aggressively.

CVE-2009-1389: A crash in the r8169 driver when receiving large packets was fixed. This is probably exploitable only in the local network.

CVE-2009-1895: Personality flags on set*id were not cleared correctly, so ASLR and NULL page protection could be bypassed.

CVE-2009-1046: A utf-8 console memory corruption that can be used for local privilege escalation was fixed.

The NULL page protection using mmap_min_addr was enabled (was disabled before).

No CVE yet: A sigaltstack kernel memory disclosure was fixed.

CVE-2008-5033: A local denial of service (Oops) in video4linux tvaudio was fixed.

CVE-2009-1385: A Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size.

Solution

Update the affected kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=444982

https://bugzilla.novell.com/show_bug.cgi?id=474549

https://bugzilla.novell.com/show_bug.cgi?id=478462

https://bugzilla.novell.com/show_bug.cgi?id=478699

https://bugzilla.novell.com/show_bug.cgi?id=503870

https://bugzilla.novell.com/show_bug.cgi?id=509822

https://bugzilla.novell.com/show_bug.cgi?id=511243

https://bugzilla.novell.com/show_bug.cgi?id=521427

https://bugzilla.novell.com/show_bug.cgi?id=522686

https://bugzilla.novell.com/show_bug.cgi?id=522914

https://bugzilla.novell.com/show_bug.cgi?id=523719

https://bugzilla.novell.com/show_bug.cgi?id=527848

https://bugzilla.novell.com/show_bug.cgi?id=530151

Plugin Details

Severity: High

ID: 40783

File Name: suse_11_0_kernel-090814.nasl

Version: 1.14

Type: local

Agent: unix

Published: 8/27/2009

Updated: 1/14/2021

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: High

VPR Score: 8.9

CVSS v2.0

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:acerhk-kmp-debug, p-cpe:/a:novell:opensuse:acx-kmp-debug, p-cpe:/a:novell:opensuse:appleir-kmp-debug, p-cpe:/a:novell:opensuse:at76_usb-kmp-debug, p-cpe:/a:novell:opensuse:atl2-kmp-debug, p-cpe:/a:novell:opensuse:aufs-kmp-debug, p-cpe:/a:novell:opensuse:dazuko-kmp-debug, p-cpe:/a:novell:opensuse:drbd-kmp-debug, p-cpe:/a:novell:opensuse:gspcav-kmp-debug, p-cpe:/a:novell:opensuse:iscsitarget-kmp-debug, p-cpe:/a:novell:opensuse:ivtv-kmp-debug, p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kqemu-kmp-debug, p-cpe:/a:novell:opensuse:nouveau-kmp-debug, p-cpe:/a:novell:opensuse:omnibook-kmp-debug, p-cpe:/a:novell:opensuse:pcc-acpi-kmp-debug, p-cpe:/a:novell:opensuse:pcfclock-kmp-debug, p-cpe:/a:novell:opensuse:tpctl-kmp-debug, p-cpe:/a:novell:opensuse:uvcvideo-kmp-debug, p-cpe:/a:novell:opensuse:virtualbox-ose-kmp-debug, p-cpe:/a:novell:opensuse:vmware-kmp-debug, p-cpe:/a:novell:opensuse:wlan-ng-kmp-debug, cpe:/o:novell:opensuse:11.0

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/14/2009

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Linux Kernel Sendpage Local Privilege Escalation)

Reference Information

CVE: CVE-2008-5033, CVE-2009-1046, CVE-2009-1385, CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407, CVE-2009-2692

CWE: 16, 119, 189, 399