SuSE 11.2 Security Update: kernel (2010-01-28)

Critical Nessus Plugin ID 44411

Synopsis

The remote openSUSE host is missing a security update.

Description

The Linux kernel for openSUSE 11.2 was updated to 2.6.31.12 to fix the following bugs and security issues :

- The permission of the devtmpfs root directory was incorrectly 1777 (instead of 755). If it was used, local attackers could escalate privileges. (openSUSE 11.2 does not use this filesystem by default). (CVE-2010-0299)

- The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
(CVE-2009-3939)

- ebtables was lacking a CAP_NET_ADMIN check, making it possible for local unprivileged attackers to modify the network bridge management. (CVE-2010-0007)

- An information leakage on fatal signals on x86_64 machines was fixed. (CVE-2010-0003)

- A race condition in fasync handling could be used by local attackers to crash the machine or potentially execute code. (CVE-2009-4141)

- The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram. (CVE-2010-0006)

- drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload.
(CVE-2009-4536)

- drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets. (CVE-2009-4538)

Solution

Update the affected kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=565027

https://bugzilla.novell.com/show_bug.cgi?id=574664

https://bugzilla.novell.com/show_bug.cgi?id=573050

https://bugzilla.novell.com/show_bug.cgi?id=565904

https://bugzilla.novell.com/show_bug.cgi?id=492233

https://bugzilla.novell.com/show_bug.cgi?id=552353

https://bugzilla.novell.com/show_bug.cgi?id=557180

https://bugzilla.novell.com/show_bug.cgi?id=540589

https://bugzilla.novell.com/show_bug.cgi?id=565083

https://bugzilla.novell.com/show_bug.cgi?id=569902

https://bugzilla.novell.com/show_bug.cgi?id=570606

https://bugzilla.novell.com/show_bug.cgi?id=568231

https://bugzilla.novell.com/show_bug.cgi?id=567340

https://bugzilla.novell.com/show_bug.cgi?id=568120

https://bugzilla.novell.com/show_bug.cgi?id=537016

https://bugzilla.novell.com/show_bug.cgi?id=568120

https://bugzilla.novell.com/show_bug.cgi?id=569902

https://bugzilla.novell.com/show_bug.cgi?id=568305

https://bugzilla.novell.com/show_bug.cgi?id=551356

https://bugzilla.novell.com/show_bug.cgi?id=535939

https://bugzilla.novell.com/show_bug.cgi?id=564940

Plugin Details

Severity: Critical

ID: 44411

File Name: suse_11_2_kernel-100128.nasl

Version: 1.11

Type: local

Agent: unix

Published: 2010/02/09

Updated: 2018/07/31

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:preload-kmp-default, p-cpe:/a:novell:opensuse:preload-kmp-desktop, cpe:/o:novell:opensuse:11.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/01/28

Vulnerability Publication Date: 2009/11/16

Reference Information

CVE: CVE-2009-3939, CVE-2009-4141, CVE-2009-4536, CVE-2009-4538, CVE-2010-0003, CVE-2010-0006, CVE-2010-0007, CVE-2010-0299

BID: 37019, 37519, 37523, 37724, 37762, 37806, 37810, 38437

CWE: 20, 189, 200, 264, 399