SuSE 10 Security Update : Linux kernel (x86) (ZYPP Patch Number 6925)

High Nessus Plugin ID 49870

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 3.6

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This update fixes lots of bugs and some security issues in the SUSE Linux Enterprise 10 SP 3 kernel.

- A stack-based buffer overflow in the HFS subsystem of the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir() function in fs/hfs/dir.c. CVE-2010-0410: The connector netlink driver (drivers/connector/connector.c) of the Linux kernel allows local users to cause a denial of service (memory consumption or system crash) by sending the kernel many NETLINK_CONNECTOR messages.
CVE-2009-3556: A configuration value in the qla2xxx driver of the Linux kernel when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the vport_create and vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files. (CVE-2009-4020)

Solution

Apply ZYPP patch number 6925.

See Also

http://support.novell.com/security/cve/CVE-2009-3556.html

http://support.novell.com/security/cve/CVE-2009-4020.html

http://support.novell.com/security/cve/CVE-2010-0410.html

Plugin Details

Severity: High

ID: 49870

File Name: suse_kernel-6925.nasl

Version: 1.14

Type: local

Agent: unix

Published: 2010/10/11

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 3.6

CVSS v2.0

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2010/03/16

Reference Information

CVE: CVE-2009-3556, CVE-2009-4020, CVE-2010-0410

CWE: 119, 264, 399