SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 7303)

Medium Nessus Plugin ID 51752

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes several security issues and bugs.

The following security issues were fixed :

- A local attacker could use a Oops (kernel crash) caused by other flaws to write a 0 byte to a attacker controlled address in the kernel. This could lead to privilege escalation together with other issues.
(CVE-2010-4258)

- The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap. (CVE-2010-3699)

- The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel, when an econet address is configured, allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.
(CVE-2010-3849)

- Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel when an econet address is configured, allowed local users to gain privileges by providing a large number of iovec structures. (CVE-2010-3848)

- The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel did not require the CAP_NET_ADMIN capability, which allowed local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call. (CVE-2010-3850)

- A overflow in sendto() and recvfrom() routines was fixed that could be used by local attackers to potentially crash the kernel using some socket families like L2TP.
(CVE-2010-4160)

Solution

Apply ZYPP patch number 7303.

See Also

http://support.novell.com/security/cve/CVE-2010-3699.html

http://support.novell.com/security/cve/CVE-2010-3848.html

http://support.novell.com/security/cve/CVE-2010-3849.html

http://support.novell.com/security/cve/CVE-2010-3850.html

http://support.novell.com/security/cve/CVE-2010-4160.html

http://support.novell.com/security/cve/CVE-2010-4258.html

Plugin Details

Severity: Medium

ID: 51752

File Name: suse_kernel-7303.nasl

Version: Revision: 1.7

Type: local

Agent: unix

Published: 2011/01/27

Updated: 2016/12/22

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/01/12

Exploitable With

Core Impact

Reference Information

CVE: CVE-2010-3699, CVE-2010-3848, CVE-2010-3849, CVE-2010-3850, CVE-2010-4160, CVE-2010-4258