SuSE 11.2 Security Update: kernel (2009-12-18)

High Nessus Plugin ID 43631

Synopsis

The remote openSUSE host is missing a security update.

Description

The Linux kernel for openSUSE 11.2 was updated to 2.6.31.8 to fix the following bugs and security issues :

- A file overwrite issue on the ext4 filesystem could be used by local attackers that have write access to a filesystem to change/overwrite files of other users, including root. (CVE-2009-4131)

- A remote denial of service by sending overly long packets could be used by remote attackers to crash a machine. (CVE-2009-1298)

- The mac80211 subsystem in the Linux kernel allows remote attackers to cause a denial of service (panic) via a crafted Delete Block ACK (aka DELBA) packet, related to an erroneous 'code shuffling patch.' (CVE-2009-4026)

- Race condition in the mac80211 subsystem in the Linux kernel allows remote attackers to cause a denial of service (system crash) via a Delete Block ACK (aka DELBA) packet that triggers a certain state change in the absence of an aggregation session. (CVE-2009-4027)

- The poll_mode_io file for the megaraid_sas driver in the Linux kernel has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file. (CVE-2009-3939)

- The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. This requires the attacker to access the machine on ISDN protocol level. (CVE-2009-4005)

- Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. (CVE-2009-3080)

- The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of service (OOPS) via vectors involving calls to this function without specifying a keyring by ID, as demonstrated by a series of keyctl request2 and keyctl list commands.
(CVE-2009-3624)

- The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack. (CVE-2009-4021)

- Multiple race conditions in fs/pipe.c in the Linux kernel allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. As openSUSE 11.2 by default sets mmap_min_addr protection, this issue will just Oops the kernel and not be able to execute code. (CVE-2009-3547)

- net/unix/af_unix.c in the Linux kernel allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket. (CVE-2009-3621)

- drivers/firewire/ohci.c in the Linux kernel when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field.
(CVE-2009-4138)

- The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal. (CVE-2009-4308)

- The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). (CVE-2009-4307)

- Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel allows local users to cause a denial of service (filesystem corruption) via unknown vectors, a different vulnerability than CVE-2009-4131. (CVE-2009-4306)

- The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions. This can lead to privilege escalations. (CVE-2009-4131)

- The rt2870 and rt2860 drivers were refreshed to the level they are in the Linux 2.6.32 kernel, bringing new device support and new functionality.

Solution

Update the affected kernel packages.

See Also

http://www.nessus.org/u?9d661785

https://bugzilla.novell.com/show_bug.cgi?id=472410

https://bugzilla.novell.com/show_bug.cgi?id=498708

https://bugzilla.novell.com/show_bug.cgi?id=522790

https://bugzilla.novell.com/show_bug.cgi?id=523487

https://bugzilla.novell.com/show_bug.cgi?id=533555

https://bugzilla.novell.com/show_bug.cgi?id=533677

https://bugzilla.novell.com/show_bug.cgi?id=537081

https://bugzilla.novell.com/show_bug.cgi?id=539010

https://bugzilla.novell.com/show_bug.cgi?id=540589

https://bugzilla.novell.com/show_bug.cgi?id=540997

https://bugzilla.novell.com/show_bug.cgi?id=543407

https://bugzilla.novell.com/show_bug.cgi?id=543704

https://bugzilla.novell.com/show_bug.cgi?id=544779

https://bugzilla.novell.com/show_bug.cgi?id=546491

https://bugzilla.novell.com/show_bug.cgi?id=547357

https://bugzilla.novell.com/show_bug.cgi?id=548010

https://bugzilla.novell.com/show_bug.cgi?id=548728

https://bugzilla.novell.com/show_bug.cgi?id=549030

https://bugzilla.novell.com/show_bug.cgi?id=550787

https://bugzilla.novell.com/show_bug.cgi?id=551664

https://bugzilla.novell.com/show_bug.cgi?id=552033

https://bugzilla.novell.com/show_bug.cgi?id=552154

https://bugzilla.novell.com/show_bug.cgi?id=552492

https://bugzilla.novell.com/show_bug.cgi?id=556564

https://bugzilla.novell.com/show_bug.cgi?id=556568

https://bugzilla.novell.com/show_bug.cgi?id=556899

https://bugzilla.novell.com/show_bug.cgi?id=557180

https://bugzilla.novell.com/show_bug.cgi?id=557403

https://bugzilla.novell.com/show_bug.cgi?id=557668

https://bugzilla.novell.com/show_bug.cgi?id=557683

https://bugzilla.novell.com/show_bug.cgi?id=557760

https://bugzilla.novell.com/show_bug.cgi?id=558267

https://bugzilla.novell.com/show_bug.cgi?id=559062

https://bugzilla.novell.com/show_bug.cgi?id=559132

https://bugzilla.novell.com/show_bug.cgi?id=559680

https://bugzilla.novell.com/show_bug.cgi?id=560697

https://bugzilla.novell.com/show_bug.cgi?id=561018

https://bugzilla.novell.com/show_bug.cgi?id=561235

https://bugzilla.novell.com/show_bug.cgi?id=564712

https://bugzilla.novell.com/show_bug.cgi?id=559680

https://bugzilla.novell.com/show_bug.cgi?id=541736

https://bugzilla.novell.com/show_bug.cgi?id=561018

https://bugzilla.novell.com/show_bug.cgi?id=564382

https://bugzilla.novell.com/show_bug.cgi?id=564381

https://bugzilla.novell.com/show_bug.cgi?id=564380

https://bugzilla.novell.com/show_bug.cgi?id=561018

Plugin Details

Severity: High

ID: 43631

File Name: suse_11_2_kernel-091218.nasl

Version: 1.16

Type: local

Agent: unix

Published: 2010/01/05

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:preload-kmp-default, p-cpe:/a:novell:opensuse:preload-kmp-desktop, cpe:/o:novell:opensuse:11.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2009/12/18

Exploitable With

CANVAS (CANVAS)

Core Impact

Reference Information

CVE: CVE-2009-1298, CVE-2009-3080, CVE-2009-3547, CVE-2009-3621, CVE-2009-3624, CVE-2009-3939, CVE-2009-4005, CVE-2009-4021, CVE-2009-4026, CVE-2009-4027, CVE-2009-4131, CVE-2009-4138, CVE-2009-4306, CVE-2009-4307, CVE-2009-4308

BID: 36723, 36793, 36901, 37019, 37036, 37068, 37069, 37170, 37231, 37277, 37339

CWE: 119, 189, 264, 310, 362, 399