SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 1212 / 1218 / 1219)

High Nessus Plugin ID 41414

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.29 fixing various bugs and security issues.

The following security issues were fixed :

- A missing NULL pointer check in the socket sendpage function can be used by local attackers to gain root privileges. (CVE-2009-2692)

- A kernel stack overflow when mounting eCryptfs filesystems in parse_tag_11_packet() was fixed. Code execution might be possible of ecryptfs is in use.
(CVE-2009-2406)

- A kernel heap overflow when mounting eCryptfs filesystems in parse_tag_3_packet() was fixed. Code execution might be possible of ecryptfs is in use.
(CVE-2009-2407)

The compiler option -fno-delete-null-pointer-checks was added to the kernel build, and the -fwrapv compiler option usage was fixed to be used everywhere. This works around the compiler removing checks too aggressively.

- A crash in the r8169 driver when receiving large packets was fixed. This is probably exploitable only in the local network. (CVE-2009-1389)

No CVE yet: A sigaltstack kernel memory disclosure was fixed.

The NULL page protection using mmap_min_addr was enabled (was disabled before).

This update also adds the Microsoft Hyper-V drivers from upstream.

Additionaly a lot of bugs were fixed.

Solution

Apply SAT patch number 1212 / 1218 / 1219 as appropriate.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=402922

https://bugzilla.novell.com/show_bug.cgi?id=467846

https://bugzilla.novell.com/show_bug.cgi?id=484306

https://bugzilla.novell.com/show_bug.cgi?id=489105

https://bugzilla.novell.com/show_bug.cgi?id=490030

https://bugzilla.novell.com/show_bug.cgi?id=492324

https://bugzilla.novell.com/show_bug.cgi?id=492658

https://bugzilla.novell.com/show_bug.cgi?id=495259

https://bugzilla.novell.com/show_bug.cgi?id=496871

https://bugzilla.novell.com/show_bug.cgi?id=498358

https://bugzilla.novell.com/show_bug.cgi?id=498402

https://bugzilla.novell.com/show_bug.cgi?id=501160

https://bugzilla.novell.com/show_bug.cgi?id=501663

https://bugzilla.novell.com/show_bug.cgi?id=502092

https://bugzilla.novell.com/show_bug.cgi?id=504646

https://bugzilla.novell.com/show_bug.cgi?id=509407

https://bugzilla.novell.com/show_bug.cgi?id=509495

https://bugzilla.novell.com/show_bug.cgi?id=509497

https://bugzilla.novell.com/show_bug.cgi?id=511079

https://bugzilla.novell.com/show_bug.cgi?id=511306

https://bugzilla.novell.com/show_bug.cgi?id=512070

https://bugzilla.novell.com/show_bug.cgi?id=513437

https://bugzilla.novell.com/show_bug.cgi?id=513954

https://bugzilla.novell.com/show_bug.cgi?id=514265

https://bugzilla.novell.com/show_bug.cgi?id=514375

https://bugzilla.novell.com/show_bug.cgi?id=514767

https://bugzilla.novell.com/show_bug.cgi?id=515266

https://bugzilla.novell.com/show_bug.cgi?id=517098

https://bugzilla.novell.com/show_bug.cgi?id=518291

https://bugzilla.novell.com/show_bug.cgi?id=519111

https://bugzilla.novell.com/show_bug.cgi?id=519188

https://bugzilla.novell.com/show_bug.cgi?id=520975

https://bugzilla.novell.com/show_bug.cgi?id=521190

https://bugzilla.novell.com/show_bug.cgi?id=521578

https://bugzilla.novell.com/show_bug.cgi?id=522414

https://bugzilla.novell.com/show_bug.cgi?id=522686

https://bugzilla.novell.com/show_bug.cgi?id=522764

https://bugzilla.novell.com/show_bug.cgi?id=522911

https://bugzilla.novell.com/show_bug.cgi?id=522914

https://bugzilla.novell.com/show_bug.cgi?id=523719

https://bugzilla.novell.com/show_bug.cgi?id=524347

https://bugzilla.novell.com/show_bug.cgi?id=525903

https://bugzilla.novell.com/show_bug.cgi?id=526514

https://bugzilla.novell.com/show_bug.cgi?id=527284

https://bugzilla.novell.com/show_bug.cgi?id=527361

https://bugzilla.novell.com/show_bug.cgi?id=527748

https://bugzilla.novell.com/show_bug.cgi?id=527848

https://bugzilla.novell.com/show_bug.cgi?id=528769

https://bugzilla.novell.com/show_bug.cgi?id=528853

https://bugzilla.novell.com/show_bug.cgi?id=529188

https://bugzilla.novell.com/show_bug.cgi?id=529369

https://bugzilla.novell.com/show_bug.cgi?id=529660

https://bugzilla.novell.com/show_bug.cgi?id=530151

https://bugzilla.novell.com/show_bug.cgi?id=530535

https://bugzilla.novell.com/show_bug.cgi?id=531533

http://support.novell.com/security/cve/CVE-2009-1389.html

http://support.novell.com/security/cve/CVE-2009-2406.html

http://support.novell.com/security/cve/CVE-2009-2407.html

http://support.novell.com/security/cve/CVE-2009-2692.html

Plugin Details

Severity: High

ID: 41414

File Name: suse_11_kernel-090816.nasl

Version: Revision: 1.14

Type: local

Agent: unix

Published: 2009/09/24

Updated: 2016/12/21

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-vmi, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen, p-cpe:/a:novell:suse_linux:11:kernel-default, p-cpe:/a:novell:suse_linux:11:kernel-default-base, p-cpe:/a:novell:suse_linux:11:kernel-default-extra, p-cpe:/a:novell:suse_linux:11:kernel-default-man, p-cpe:/a:novell:suse_linux:11:kernel-pae, p-cpe:/a:novell:suse_linux:11:kernel-pae-base, p-cpe:/a:novell:suse_linux:11:kernel-pae-extra, p-cpe:/a:novell:suse_linux:11:kernel-source, p-cpe:/a:novell:suse_linux:11:kernel-syms, p-cpe:/a:novell:suse_linux:11:kernel-vmi, p-cpe:/a:novell:suse_linux:11:kernel-vmi-base, p-cpe:/a:novell:suse_linux:11:kernel-xen, p-cpe:/a:novell:suse_linux:11:kernel-xen-base, p-cpe:/a:novell:suse_linux:11:kernel-xen-extra, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/08/16

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Linux Kernel Sendpage Local Privilege Escalation)

Reference Information

CVE: CVE-2009-1389, CVE-2009-2406, CVE-2009-2407, CVE-2009-2692

CWE: 119