SuSE 10 Security Update : the Linux Kernel (i386) (ZYPP Patch Number 6726)

High Nessus Plugin ID 43398

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This update fixes a several security issues and various bugs in the SUSE Linux Enterprise 10 SP 2 kernel.

The following security issues were fixed: CVE-2009-3939: A sysctl variable of the megaraid_sas driver was worldwriteable, allowing local users to cause a denial of service or potential code execution.

- The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005)

- A negative offset in a ioctl in the GDTH RAID driver was fixed. (CVE-2009-3080)

- The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack. (CVE-2009-4021)

- The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file. (CVE-2009-3889)

- Memory leak in the appletalk subsystem in the Linux kernel when the appletalk and ipddp modules are loaded but the ipddp'N' device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams. (CVE-2009-2903)

- net/unix/af_unix.c in the Linux kernel allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket. (CVE-2009-3621)

- The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue existed because of an incomplete fix for CVE-2005-4881. (CVE-2009-3612 / CVE-2005-4881)

- The ATI Rage 128 (aka r128) driver in the Linux kernel does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. (CVE-2009-3620)

- The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.
(CVE-2009-3726)

- The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash) by using jumbo frames for a large amount of network traffic, as demonstrated by a flood ping. (CVE-2009-3613)

The rio and sx serial multiport card drivers were disabled via a modprobe blacklist due to severe bugs.

For a full list of changes, please read the RPM changelog.

Solution

Apply ZYPP patch number 6726.

See Also

http://support.novell.com/security/cve/CVE-2005-4881.html

http://support.novell.com/security/cve/CVE-2009-2903.html

http://support.novell.com/security/cve/CVE-2009-3080.html

http://support.novell.com/security/cve/CVE-2009-3612.html

http://support.novell.com/security/cve/CVE-2009-3613.html

http://support.novell.com/security/cve/CVE-2009-3620.html

http://support.novell.com/security/cve/CVE-2009-3621.html

http://support.novell.com/security/cve/CVE-2009-3726.html

http://support.novell.com/security/cve/CVE-2009-3889.html

http://support.novell.com/security/cve/CVE-2009-3939.html

http://support.novell.com/security/cve/CVE-2009-4005.html

http://support.novell.com/security/cve/CVE-2009-4021.html

Plugin Details

Severity: High

ID: 43398

File Name: suse_kernel-6726.nasl

Version: 1.15

Type: local

Agent: unix

Published: 2009/12/23

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2009/12/16

Reference Information

CVE: CVE-2005-4881, CVE-2009-2903, CVE-2009-3080, CVE-2009-3612, CVE-2009-3613, CVE-2009-3620, CVE-2009-3621, CVE-2009-3726, CVE-2009-3889, CVE-2009-3939, CVE-2009-4005, CVE-2009-4021

CWE: 20, 119, 200, 264, 399