SuSE9 Security Update : Linux kernel (YOU Patch Number 12541)

high Nessus Plugin ID 42812
New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 8.9

Synopsis

The remote SuSE 9 host is missing a security-related patch.

Description

This update fixes various security issues and some bugs in the SUSE Linux Enterprise 9 kernel.

The following security bugs were fixed :

- A race condition in the pipe(2) systemcall could be used by local attackers to execute code. (CVE-2009-3547)

- On x86_64 systems a information leak of high register contents (upper 32bit) was fixed. (CVE-2009-2910)

- The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. (CVE-2009-1192)

- Unsigned check in the ax25 socket handler could allow local attackers to potentially crash the kernel or even execute code. (CVE-2009-2909)

- The execve function in the Linux kernel did not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. (CVE-2009-2848)

- Fixed various sockethandler getname leaks, which could disclose memory previously used by the kernel or other userland processes to the local attacker.
(CVE-2009-3002)

- Multiple buffer overflows in the cifs subsystem in the Linux kernel allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c. (CVE-2009-1633)

- The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state. (CVE-2009-3726)

Solution

Apply YOU patch number 12541.

See Also

http://support.novell.com/security/cve/CVE-2009-1192.html

http://support.novell.com/security/cve/CVE-2009-1633.html

http://support.novell.com/security/cve/CVE-2009-2848.html

http://support.novell.com/security/cve/CVE-2009-2909.html

http://support.novell.com/security/cve/CVE-2009-2910.html

http://support.novell.com/security/cve/CVE-2009-3002.html

http://support.novell.com/security/cve/CVE-2009-3547.html

http://support.novell.com/security/cve/CVE-2009-3726.html

Plugin Details

Severity: High

ID: 42812

File Name: suse9_12541.nasl

Version: 1.18

Type: local

Agent: unix

Published: 11/16/2009

Updated: 1/14/2021

Dependencies: ssh_get_info.nasl

Risk Information

Risk Factor: High

VPR Score: 8.9

CVSS v2.0

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/11/2009

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2009-1192, CVE-2009-1633, CVE-2009-2848, CVE-2009-2909, CVE-2009-2910, CVE-2009-3002, CVE-2009-3547, CVE-2009-3726

CWE: 119, 189, 200, 362, 399