SuSE9 Security Update : the Linux kernel (YOU Patch Number 12578)

High Nessus Plugin ID 44654

Synopsis

The remote SuSE 9 host is missing a security-related patch.

Description

This update fixes various security issues and some bugs in the SUSE Linux Enterprise 9 kernel.

- The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. (CVE-2009-4005)

- Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. (CVE-2009-3080)

- Missing CAP_NET_ADMIN checks in the ebtables netfilter code might have allowed local attackers to modify bridge firewall settings. (CVE-2010-0007)

- drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. (CVE-2009-4536)

- The dbg_lvl file for the megaraid_sas driver in the Linux kernel has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file.
(CVE-2009-3889)

- The z90crypt_unlocked_ioctl function in the z90crypt driver in the Linux kernel does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage. (CVE-2009-1883)

- Memory leak in the appletalk subsystem in the Linux kernel, when the appletalk and ipddp modules are loaded but the ipddp'N' device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams. (CVE-2009-2903)

- net/1/af_unix.c in the Linux kernel allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket. (CVE-2009-3621)

- The ATI Rage 128 (aka r128) driver in the Linux kernel does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls. (CVE-2009-3620)

Solution

Apply YOU patch number 12578.

See Also

https://www.suse.com/security/cve/CVE-2009-1883/

http://support.novell.com/security/cve/CVE-2009-2903.html

http://support.novell.com/security/cve/CVE-2009-3080.html

http://support.novell.com/security/cve/CVE-2009-3620.html

http://support.novell.com/security/cve/CVE-2009-3621.html

http://support.novell.com/security/cve/CVE-2009-3889.html

http://support.novell.com/security/cve/CVE-2009-4005.html

http://support.novell.com/security/cve/CVE-2009-4536.html

http://support.novell.com/security/cve/CVE-2010-0007.html

Plugin Details

Severity: High

ID: 44654

File Name: suse9_12578.nasl

Version: 1.12

Type: local

Agent: unix

Published: 2010/02/18

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2010/02/10

Reference Information

CVE: CVE-2009-1883, CVE-2009-2903, CVE-2009-3080, CVE-2009-3620, CVE-2009-3621, CVE-2009-3889, CVE-2009-4005, CVE-2009-4536, CVE-2010-0007

CWE: 20, 119, 189, 264, 399