SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 6439)

high Nessus Plugin ID 41540
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This patch updates the SUSE Linux Enterprise 10 SP2 kernel to fix various bugs and some security issues.

The following security issues were fixed: CVE-2009-2692: A missing NULL pointer check in the socket sendpage function can be used by local attackers to gain root privileges.

(No cve yet) A information leak from using sigaltstack was fixed.

Enabled -fno-delete-null-pointer-checks to avoid optimizing away NULL pointer checks and fixed Makefiles to make sure

-fwrapv is used everywhere. CVE-2009-1758: The hypervisor_callback function in Xen allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in 'certain address ranges.'

- A crash on r8169 network cards when receiving large packets was fixed. (CVE-2009-1389)

- The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.
(CVE-2009-1630)

Solution

Apply ZYPP patch number 6439.

See Also

http://support.novell.com/security/cve/CVE-2009-1389.html

http://support.novell.com/security/cve/CVE-2009-1630.html

http://support.novell.com/security/cve/CVE-2009-1758.html

http://support.novell.com/security/cve/CVE-2009-2692.html

Plugin Details

Severity: High

ID: 41540

File Name: suse_kernel-6439.nasl

Version: 1.18

Type: local

Agent: unix

Published: 9/24/2009

Updated: 1/14/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/15/2009

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Linux Kernel Sendpage Local Privilege Escalation)

Reference Information

CVE: CVE-2009-1389, CVE-2009-1630, CVE-2009-1758, CVE-2009-2692

CWE: 119, 264, 399