SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6109)

critical Nessus Plugin ID 41538
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This Linux kernel update for SUSE Linux Enterprise 10 Service Pack 2 fixes various bugs and several security issues.

The following security issues were fixed: CVE-2009-0675: The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset the driver statistics, related to an 'inverted logic' issue.

- The sock_getsockopt function in net/core/sock.c in the Linux kernel does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request. (CVE-2009-0676)

- The clone system call in the Linux kernel allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit. (CVE-2009-0028)

- The Linux kernel does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits. (CVE-2008-1294)

- Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID. (CVE-2009-0065)

- The console selection feature in the Linux kernel when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an an off-by-two memory error. It is is not clear if this can be exploited at all. (CVE-2009-1046)

Also a huge number of regular bugs were fixed, please see the RPM changelog for full details.

Solution

Apply ZYPP patch number 6109.

See Also

http://support.novell.com/security/cve/CVE-2008-1294.html

http://support.novell.com/security/cve/CVE-2009-0028.html

http://support.novell.com/security/cve/CVE-2009-0065.html

http://support.novell.com/security/cve/CVE-2009-0675.html

http://support.novell.com/security/cve/CVE-2009-0676.html

http://support.novell.com/security/cve/CVE-2009-1046.html

Plugin Details

Severity: Critical

ID: 41538

File Name: suse_kernel-6109.nasl

Version: 1.13

Type: local

Agent: unix

Published: 9/24/2009

Updated: 1/14/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 3/24/2009

Reference Information

CVE: CVE-2008-1294, CVE-2009-0028, CVE-2009-0065, CVE-2009-0675, CVE-2009-0676, CVE-2009-1046

CWE: 20, 119, 264, 399