SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionThis update fixes a several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel.
The following security issues were fixed: CVE-2009-3939: A sysctl variable of the megaraid_sas driver was worldwriteable, allowing local users to cause a denial of service or potential code execution.
- The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005)
- A negative offset in a ioctl in the GDTH RAID driver was fixed. (CVE-2009-3080)
- The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack. (CVE-2009-4021)
- The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file. (CVE-2009-3889)
- Memory leak in the appletalk subsystem in the Linux kernel when the appletalk and ipddp modules are loaded but the ipddp'N' device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams. (CVE-2009-2903)
- net/unix/af_unix.c in the Linux kernel allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket. (CVE-2009-3621)
- The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 188.8.131.52 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue existed because of an incomplete fix for CVE-2005-4881. (CVE-2009-3612 / CVE-2005-4881)
- The ATI Rage 128 (aka r128) driver in the Linux kernel does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. (CVE-2009-3620)
- The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.
- The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping. (CVE-2009-3613)
The rio and sx serial multiport card drivers were disabled via a modprobe blacklist due to severe bugs.
For a full list of changes, please read the RPM changelog.
SolutionApply ZYPP patch number 6726.
File Name: suse_kernel-6726.nasl
Supported Sensors: Nessus Agent
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Patch Publication Date: 12/16/2009
CVE: CVE-2005-4881, CVE-2009-2903, CVE-2009-3080, CVE-2009-3612, CVE-2009-3613, CVE-2009-3620, CVE-2009-3621, CVE-2009-3726, CVE-2009-3889, CVE-2009-3939, CVE-2009-4005, CVE-2009-4021