openSUSE Security Update : kernel (openSUSE-SU-2010:0397-1)

High Nessus Plugin ID 47774

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 8.5

Synopsis

The remote openSUSE host is missing a security update.

Description

The SUSE Linux Enterprise 11 Kernel was updated to 2.6.27.48 fixing various bugs and security issues.

CVE-2010-1641: The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request.

CVE-2010-1087: The nfs_wait_on_request function in fs/nfs/pagelist.c in the Linux kernel allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible.

CVE-2010-1643: mm/shmem.c in the Linux kernel, when strict overcommit is enabled, does not properly handle the export of shmemfs objects by knfsd, which allows attackers to cause a denial of service (NULL pointer dereference and knfsd crash) or possibly have unspecified other impact via unknown vectors.

CVE-2010-1437: Race condition in the find_keyring_by_name function in security/keys/keyring.c in the Linux kernel allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via keyctl session commands that trigger access to a dead keyring that is undergoing deletion by the key_cleanup function.

CVE-2010-1446: arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel, when running on PowerPC, does not properly perform a security check for access to a kernel page, which allows local users to overwrite arbitrary kernel memory, related to Fsl booke.

CVE-2010-1162: The release_one_tty function in drivers/char/tty_io.c in the Linux kernel omits certain required calls to the put_pid function, which has unspecified impact and local attack vectors.

CVE-2009-4537: drivers/net/r8169.c in the r8169 driver in the Linux kernel does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.

Solution

Update the affected kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=465707

https://bugzilla.novell.com/show_bug.cgi?id=543480

https://bugzilla.novell.com/show_bug.cgi?id=557710

https://bugzilla.novell.com/show_bug.cgi?id=559111

https://bugzilla.novell.com/show_bug.cgi?id=567376

https://bugzilla.novell.com/show_bug.cgi?id=569916

https://bugzilla.novell.com/show_bug.cgi?id=574006

https://bugzilla.novell.com/show_bug.cgi?id=577967

https://bugzilla.novell.com/show_bug.cgi?id=583677

https://bugzilla.novell.com/show_bug.cgi?id=584216

https://bugzilla.novell.com/show_bug.cgi?id=590415

https://bugzilla.novell.com/show_bug.cgi?id=591371

https://bugzilla.novell.com/show_bug.cgi?id=591556

https://bugzilla.novell.com/show_bug.cgi?id=593881

https://bugzilla.novell.com/show_bug.cgi?id=596113

https://bugzilla.novell.com/show_bug.cgi?id=596462

https://bugzilla.novell.com/show_bug.cgi?id=597337

https://bugzilla.novell.com/show_bug.cgi?id=599213

https://bugzilla.novell.com/show_bug.cgi?id=599955

https://bugzilla.novell.com/show_bug.cgi?id=600774

https://bugzilla.novell.com/show_bug.cgi?id=601283

https://bugzilla.novell.com/show_bug.cgi?id=602969

https://bugzilla.novell.com/show_bug.cgi?id=604183

https://bugzilla.novell.com/show_bug.cgi?id=608366

https://bugzilla.novell.com/show_bug.cgi?id=608576

https://bugzilla.novell.com/show_bug.cgi?id=608933

https://bugzilla.novell.com/show_bug.cgi?id=609134

https://bugzilla.novell.com/show_bug.cgi?id=610296

https://bugzilla.novell.com/show_bug.cgi?id=612213

https://lists.opensuse.org/opensuse-updates/2010-07/msg00020.html

Plugin Details

Severity: High

ID: 47774

File Name: suse_11_1_kernel-100709.nasl

Version: 1.11

Type: local

Agent: unix

Published: 2010/07/21

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 8.5

CVSS v2.0

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-extra, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-extra, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-extra, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-trace-extra, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-extra, cpe:/o:novell:opensuse:11.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/07/09

Vulnerability Publication Date: 2009/06/16

Reference Information

CVE: CVE-2009-1389, CVE-2009-4537, CVE-2010-1087, CVE-2010-1162, CVE-2010-1437, CVE-2010-1446, CVE-2010-1641, CVE-2010-1643

CWE: 20, 119