SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5668)

High Nessus Plugin ID 41535

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 8.3

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This kernel update for SUSE Linux Enterprise 10 Service Pack 2 fixes various bugs and some security problems :

- When creating a file, open()/creat() allowed the setgid bit to be set via the mode argument even when, due to the bsdgroups mount option or the file being created in a setgid directory, the new file's group is one which the user is not a member of. The local attacker could then use ftruncate() and memory-mapped I/O to turn the new file into an arbitrary binary and thus gain the privileges of this group, since these operations do not clear the setgid bit.'. (CVE-2008-4210)

- The ext[234] filesystem code fails to properly handle corrupted data structures. With a mounted filesystem image or partition that have corrupted dir->i_size and dir->i_blocks, a user performing either a read or write operation on the mounted image or partition can lead to a possible denial of service by spamming the logfile.
(CVE-2008-3528)

- The S/390 ptrace code allowed local users to cause a denial of service (kernel panic) via the user-area-padding test from the ptrace testsuite in 31-bit mode, which triggers an invalid dereference.
(CVE-2008-1514)

- fs/direct-io.c in the dio subsystem in the Linux kernel did not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. (CVE-2007-6716)

- Added missing capability checks in sbni_ioctl().
(CVE-2008-3525)

Also OCFS2 was updated to version v1.4.1-1.

The full amount of changes can be reviewed in the RPM changelog.

Solution

Apply ZYPP patch number 5668.

See Also

http://support.novell.com/security/cve/CVE-2007-6716.html

http://support.novell.com/security/cve/CVE-2008-1514.html

http://support.novell.com/security/cve/CVE-2008-3525.html

http://support.novell.com/security/cve/CVE-2008-3528.html

http://support.novell.com/security/cve/CVE-2008-4210.html

Plugin Details

Severity: High

ID: 41535

File Name: suse_kernel-5668.nasl

Version: 1.13

Type: local

Agent: unix

Published: 2009/09/24

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 8.3

CVSS v2.0

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2008/10/08

Reference Information

CVE: CVE-2007-6716, CVE-2008-1514, CVE-2008-3525, CVE-2008-3528, CVE-2008-4210

CWE: 264, 399