SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 2040 / 2043 / 2044)

Critical Nessus Plugin ID 44966

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.45 fixing various bugs and security issues.

- The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space. (CVE-2010-0622)

- The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. (CVE-2010-0307)

- Users could send/allocate arbitrary amounts of NETLINK_CONNECTOR messages to the kernel, causing OOM condition, killing selected processes or halting the system. (CVE-2010-0410)

- The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernels node set.
(CVE-2010-0415)

- net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application. (CVE-2010-0007)

- drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload.
(CVE-2009-4536)

- drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets. (CVE-2009-4538)

- The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address.
(CVE-2010-0003)

- The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
(CVE-2009-3939)

Solution

Apply SAT patch number 2040 / 2043 / 2044 as appropriate.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=474773

https://bugzilla.novell.com/show_bug.cgi?id=492469

https://bugzilla.novell.com/show_bug.cgi?id=492961

https://bugzilla.novell.com/show_bug.cgi?id=510449

https://bugzilla.novell.com/show_bug.cgi?id=534629

https://bugzilla.novell.com/show_bug.cgi?id=537016

https://bugzilla.novell.com/show_bug.cgi?id=547433

https://bugzilla.novell.com/show_bug.cgi?id=548529

https://bugzilla.novell.com/show_bug.cgi?id=553175

https://bugzilla.novell.com/show_bug.cgi?id=554081

https://bugzilla.novell.com/show_bug.cgi?id=554567

https://bugzilla.novell.com/show_bug.cgi?id=556282

https://bugzilla.novell.com/show_bug.cgi?id=561078

https://bugzilla.novell.com/show_bug.cgi?id=566634

https://bugzilla.novell.com/show_bug.cgi?id=566768

https://bugzilla.novell.com/show_bug.cgi?id=566857

https://bugzilla.novell.com/show_bug.cgi?id=567376

https://bugzilla.novell.com/show_bug.cgi?id=569071

https://bugzilla.novell.com/show_bug.cgi?id=569125

https://bugzilla.novell.com/show_bug.cgi?id=569902

https://bugzilla.novell.com/show_bug.cgi?id=570314

https://bugzilla.novell.com/show_bug.cgi?id=570606

https://bugzilla.novell.com/show_bug.cgi?id=571804

https://bugzilla.novell.com/show_bug.cgi?id=573107

https://bugzilla.novell.com/show_bug.cgi?id=573460

https://bugzilla.novell.com/show_bug.cgi?id=573478

https://bugzilla.novell.com/show_bug.cgi?id=574224

https://bugzilla.novell.com/show_bug.cgi?id=575179

https://bugzilla.novell.com/show_bug.cgi?id=575644

https://bugzilla.novell.com/show_bug.cgi?id=576267

https://bugzilla.novell.com/show_bug.cgi?id=576277

https://bugzilla.novell.com/show_bug.cgi?id=576927

https://bugzilla.novell.com/show_bug.cgi?id=577753

https://bugzilla.novell.com/show_bug.cgi?id=579439

https://bugzilla.novell.com/show_bug.cgi?id=580047

https://bugzilla.novell.com/show_bug.cgi?id=580354

https://bugzilla.novell.com/show_bug.cgi?id=581718

http://support.novell.com/security/cve/CVE-2009-3939.html

http://support.novell.com/security/cve/CVE-2009-4536.html

http://support.novell.com/security/cve/CVE-2009-4538.html

http://support.novell.com/security/cve/CVE-2010-0003.html

http://support.novell.com/security/cve/CVE-2010-0007.html

http://support.novell.com/security/cve/CVE-2010-0307.html

http://support.novell.com/security/cve/CVE-2010-0410.html

http://support.novell.com/security/cve/CVE-2010-0415.html

http://support.novell.com/security/cve/CVE-2010-0622.html

Plugin Details

Severity: Critical

ID: 44966

File Name: suse_11_kernel-100223.nasl

Version: Revision: 1.15

Type: local

Agent: unix

Published: 2010/03/03

Updated: 2016/12/21

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-vmi, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen, p-cpe:/a:novell:suse_linux:11:kernel-default, p-cpe:/a:novell:suse_linux:11:kernel-default-base, p-cpe:/a:novell:suse_linux:11:kernel-default-extra, p-cpe:/a:novell:suse_linux:11:kernel-default-man, p-cpe:/a:novell:suse_linux:11:kernel-pae, p-cpe:/a:novell:suse_linux:11:kernel-pae-base, p-cpe:/a:novell:suse_linux:11:kernel-pae-extra, p-cpe:/a:novell:suse_linux:11:kernel-source, p-cpe:/a:novell:suse_linux:11:kernel-syms, p-cpe:/a:novell:suse_linux:11:kernel-vmi, p-cpe:/a:novell:suse_linux:11:kernel-vmi-base, p-cpe:/a:novell:suse_linux:11:kernel-xen, p-cpe:/a:novell:suse_linux:11:kernel-xen-base, p-cpe:/a:novell:suse_linux:11:kernel-xen-extra, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/02/23

Reference Information

CVE: CVE-2009-3939, CVE-2009-4536, CVE-2009-4538, CVE-2010-0003, CVE-2010-0007, CVE-2010-0307, CVE-2010-0410, CVE-2010-0415, CVE-2010-0622

CWE: 189, 200, 264, 399