SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 7303)

medium Nessus Plugin ID 51752

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes several security issues and bugs.

The following security issues were fixed :

- A local attacker could use a Oops (kernel crash) caused by other flaws to write a 0 byte to a attacker controlled address in the kernel. This could lead to privilege escalation together with other issues.
(CVE-2010-4258)

- The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap. (CVE-2010-3699)

- The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel, when an econet address is configured, allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.
(CVE-2010-3849)

- Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel when an econet address is configured, allowed local users to gain privileges by providing a large number of iovec structures. (CVE-2010-3848)

- The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel did not require the CAP_NET_ADMIN capability, which allowed local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call. (CVE-2010-3850)

- A overflow in sendto() and recvfrom() routines was fixed that could be used by local attackers to potentially crash the kernel using some socket families like L2TP.
(CVE-2010-4160)

Solution

Apply ZYPP patch number 7303.

See Also

http://support.novell.com/security/cve/CVE-2010-3699.html

http://support.novell.com/security/cve/CVE-2010-3848.html

http://support.novell.com/security/cve/CVE-2010-3849.html

http://support.novell.com/security/cve/CVE-2010-3850.html

http://support.novell.com/security/cve/CVE-2010-4160.html

http://support.novell.com/security/cve/CVE-2010-4258.html

Plugin Details

Severity: Medium

ID: 51752

File Name: suse_kernel-7303.nasl

Version: 1.10

Type: local

Agent: unix

Published: 1/27/2011

Updated: 1/19/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.4

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/12/2011

Exploitable With

Core Impact

Reference Information

CVE: CVE-2010-3699, CVE-2010-3848, CVE-2010-3849, CVE-2010-3850, CVE-2010-4160, CVE-2010-4258