SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 4039 / 4042 / 4043)
high Nessus Plugin ID 52597
Language:
New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.
VPR Score: 6.7
Synopsis
The remote SuSE 11 host is missing one or more security updates.Description
The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 2.6.32.29 and fixes various bugs and security issues.- The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure. (CVE-2010-3875)
- net/packet/af_packet.c in the Linux kernel did not properly initialize certain structure members, which allowed local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_RAW capability to read copies of the applicable structures. (CVE-2010-3876)
- The get_name function in net/tipc/socket.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain potentially sensitive information from kernel stack memory by reading a copy of this structure. (CVE-2010-3877)
- The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux kernel did not properly validate the hmac_ids array of an SCTP peer, which allowed remote attackers to cause a denial of service (memory corruption and panic) via a crafted value in the last element of this array. (CVE-2010-3705)
- A stack memory information leak in the xfs FSGEOMETRY_V1 ioctl was fixed. (CVE-2011-0711)
- Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel might have allowed attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to (1) the snd_usb_caiaq_audio_init function in sound/usb/caiaq/audio.c and (2) the snd_usb_caiaq_midi_init function in sound/usb/caiaq/midi.c. (CVE-2011-0712)
- The task_show_regs function in arch/s390/kernel/traps.c in the Linux kernel on the s390 platform allowed local users to obtain the values of the registers of an arbitrary process by reading a status file under /proc/.
(CVE-2011-0710)
- The xfs implementation in the Linux kernel did not look up inode allocation btrees before reading inode buffers, which allowed remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle. (CVE-2010-2943)
- The uart_get_count function in drivers/serial/serial_core.c in the Linux kernel did not properly initialize a certain structure member, which allowed local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. (CVE-2010-4075)
- The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel did not properly initialize a certain structure member, which allowed local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. (CVE-2010-4076)
- The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the Linux kernel did not properly initialize a certain structure member, which allowed local users to obtain potentially sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call. (CVE-2010-4077)
- fs/exec.c in the Linux kernel did not enable the OOM Killer to assess use of stack memory by arrays representing the (1) arguments and (2) environment, which allows local users to cause a denial of service (memory consumption) via a crafted exec system call, aka an OOM dodging issue, a related issue to CVE-2010-3858.
(CVE-2010-4243)
- The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel allowed local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4163. (CVE-2010-4668)
- Integer underflow in the irda_getsockopt function in net/irda/af_irda.c in the Linux kernel on platforms other than x86 allowed local users to obtain potentially sensitive information from kernel heap memory via an IRLMP_ENUMDEVICES getsockopt call. (CVE-2010-4529)
- The aun_incoming function in net/econet/af_econet.c in the Linux kernel, when Econet is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending an Acorn Universal Networking (AUN) packet over UDP. (CVE-2010-4342)
- The backend driver in Xen 3.x allowed guest OS users to cause a denial of service via a kernel thread leak, which prevented the device and guest OS from being shut down or create a zombie domain, causing a hang in zenwatch, or preventing unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap. (CVE-2010-3699)
- The install_special_mapping function in mm/mmap.c in the Linux kernel did not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL pointer dereference attacks via a crafted assembly-language application. (CVE-2010-4346)
- Fixed a verify_ioctl overflow in 'cuse' in the fuse filesystem. The code should only be called by root users though. (CVE-2010-4650)
- Race condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in the Linux kernel allowed remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function. (CVE-2010-4526)
- The load_mixer_volumes function in sound/oss/soundcard.c in the OSS sound subsystem in the Linux kernel incorrectly expected that a certain name field ends with a '0' character, which allowed local users to conduct buffer overflow attacks and gain privileges, or possibly obtain sensitive information from kernel memory, via a SOUND_MIXER_SETLEVELS ioctl call. (CVE-2010-4527)
- Fixed a LSM bug in IMA (Integrity Measuring Architecture). IMA is not enabled in SUSE kernels, so we were not affected. (CVE-2011-0006)
Solution
Apply SAT patch number 4039 / 4042 / 4043 as appropriate.See Also
https://bugzilla.novell.com/show_bug.cgi?id=466279
https://bugzilla.novell.com/show_bug.cgi?id=552250
https://bugzilla.novell.com/show_bug.cgi?id=564423
https://bugzilla.novell.com/show_bug.cgi?id=602969
https://bugzilla.novell.com/show_bug.cgi?id=620929
https://bugzilla.novell.com/show_bug.cgi?id=622868
https://bugzilla.novell.com/show_bug.cgi?id=623393
https://bugzilla.novell.com/show_bug.cgi?id=625965
https://bugzilla.novell.com/show_bug.cgi?id=629170
https://bugzilla.novell.com/show_bug.cgi?id=630970
https://bugzilla.novell.com/show_bug.cgi?id=632317
https://bugzilla.novell.com/show_bug.cgi?id=633026
https://bugzilla.novell.com/show_bug.cgi?id=636435
https://bugzilla.novell.com/show_bug.cgi?id=638258
https://bugzilla.novell.com/show_bug.cgi?id=640850
https://bugzilla.novell.com/show_bug.cgi?id=642309
https://bugzilla.novell.com/show_bug.cgi?id=643266
https://bugzilla.novell.com/show_bug.cgi?id=643513
https://bugzilla.novell.com/show_bug.cgi?id=648647
https://bugzilla.novell.com/show_bug.cgi?id=648701
https://bugzilla.novell.com/show_bug.cgi?id=648916
https://bugzilla.novell.com/show_bug.cgi?id=649473
https://bugzilla.novell.com/show_bug.cgi?id=650067
https://bugzilla.novell.com/show_bug.cgi?id=650366
https://bugzilla.novell.com/show_bug.cgi?id=650748
https://bugzilla.novell.com/show_bug.cgi?id=651152
https://bugzilla.novell.com/show_bug.cgi?id=652391
https://bugzilla.novell.com/show_bug.cgi?id=655220
https://bugzilla.novell.com/show_bug.cgi?id=655278
https://bugzilla.novell.com/show_bug.cgi?id=655964
https://bugzilla.novell.com/show_bug.cgi?id=657248
https://bugzilla.novell.com/show_bug.cgi?id=657763
https://bugzilla.novell.com/show_bug.cgi?id=658037
https://bugzilla.novell.com/show_bug.cgi?id=658254
https://bugzilla.novell.com/show_bug.cgi?id=658337
https://bugzilla.novell.com/show_bug.cgi?id=658353
https://bugzilla.novell.com/show_bug.cgi?id=658461
https://bugzilla.novell.com/show_bug.cgi?id=658551
https://bugzilla.novell.com/show_bug.cgi?id=658720
https://bugzilla.novell.com/show_bug.cgi?id=659101
https://bugzilla.novell.com/show_bug.cgi?id=659394
https://bugzilla.novell.com/show_bug.cgi?id=659419
https://bugzilla.novell.com/show_bug.cgi?id=660546
https://bugzilla.novell.com/show_bug.cgi?id=661605
https://bugzilla.novell.com/show_bug.cgi?id=661945
https://bugzilla.novell.com/show_bug.cgi?id=662031
https://bugzilla.novell.com/show_bug.cgi?id=662192
https://bugzilla.novell.com/show_bug.cgi?id=662202
https://bugzilla.novell.com/show_bug.cgi?id=662212
https://bugzilla.novell.com/show_bug.cgi?id=662335
https://bugzilla.novell.com/show_bug.cgi?id=662340
https://bugzilla.novell.com/show_bug.cgi?id=662360
https://bugzilla.novell.com/show_bug.cgi?id=662673
https://bugzilla.novell.com/show_bug.cgi?id=662722
https://bugzilla.novell.com/show_bug.cgi?id=662800
https://bugzilla.novell.com/show_bug.cgi?id=662931
https://bugzilla.novell.com/show_bug.cgi?id=662945
https://bugzilla.novell.com/show_bug.cgi?id=663537
https://bugzilla.novell.com/show_bug.cgi?id=663582
https://bugzilla.novell.com/show_bug.cgi?id=663706
https://bugzilla.novell.com/show_bug.cgi?id=664149
https://bugzilla.novell.com/show_bug.cgi?id=664463
https://bugzilla.novell.com/show_bug.cgi?id=665480
https://bugzilla.novell.com/show_bug.cgi?id=665499
https://bugzilla.novell.com/show_bug.cgi?id=665524
https://bugzilla.novell.com/show_bug.cgi?id=665663
https://bugzilla.novell.com/show_bug.cgi?id=666012
https://bugzilla.novell.com/show_bug.cgi?id=666893
https://bugzilla.novell.com/show_bug.cgi?id=668545
https://bugzilla.novell.com/show_bug.cgi?id=668633
https://bugzilla.novell.com/show_bug.cgi?id=668929
https://bugzilla.novell.com/show_bug.cgi?id=670129
https://bugzilla.novell.com/show_bug.cgi?id=670577
https://bugzilla.novell.com/show_bug.cgi?id=670864
https://bugzilla.novell.com/show_bug.cgi?id=671256
https://bugzilla.novell.com/show_bug.cgi?id=671274
https://bugzilla.novell.com/show_bug.cgi?id=671483
https://bugzilla.novell.com/show_bug.cgi?id=672292
https://bugzilla.novell.com/show_bug.cgi?id=672492
https://bugzilla.novell.com/show_bug.cgi?id=672499
https://bugzilla.novell.com/show_bug.cgi?id=672524
https://bugzilla.novell.com/show_bug.cgi?id=674735
http://support.novell.com/security/cve/CVE-2010-2943.html
http://support.novell.com/security/cve/CVE-2010-3699.html
http://support.novell.com/security/cve/CVE-2010-3705.html
http://support.novell.com/security/cve/CVE-2010-3858.html
http://support.novell.com/security/cve/CVE-2010-3875.html
http://support.novell.com/security/cve/CVE-2010-3876.html
http://support.novell.com/security/cve/CVE-2010-3877.html
http://support.novell.com/security/cve/CVE-2010-4075.html
http://support.novell.com/security/cve/CVE-2010-4076.html
http://support.novell.com/security/cve/CVE-2010-4077.html
http://support.novell.com/security/cve/CVE-2010-4163.html
http://support.novell.com/security/cve/CVE-2010-4243.html
http://support.novell.com/security/cve/CVE-2010-4342.html
http://support.novell.com/security/cve/CVE-2010-4346.html
http://support.novell.com/security/cve/CVE-2010-4526.html
http://support.novell.com/security/cve/CVE-2010-4527.html
http://support.novell.com/security/cve/CVE-2010-4529.html
http://support.novell.com/security/cve/CVE-2010-4650.html
http://support.novell.com/security/cve/CVE-2010-4668.html
http://support.novell.com/security/cve/CVE-2011-0006.html
http://support.novell.com/security/cve/CVE-2011-0710.html
Plugin Details
Severity: High
ID: 52597
File Name: suse_11_kernel-110228.nasl
Version: 1.8
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 3/9/2011
Updated: 1/19/2021
Dependencies: ssh_get_info.nasl
Risk Information
Risk Factor: High
VPR Score: 6.7
CVSS v2.0
Base Score: 8.3
Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:11:btrfs-kmp-default, p-cpe:/a:novell:suse_linux:11:btrfs-kmp-pae, p-cpe:/a:novell:suse_linux:11:btrfs-kmp-xen, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen, p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-default, p-cpe:/a:novell:suse_linux:11:hyper-v-kmp-pae, p-cpe:/a:novell:suse_linux:11:kernel-default, p-cpe:/a:novell:suse_linux:11:kernel-default-base, p-cpe:/a:novell:suse_linux:11:kernel-default-devel, p-cpe:/a:novell:suse_linux:11:kernel-default-extra, p-cpe:/a:novell:suse_linux:11:kernel-default-man, p-cpe:/a:novell:suse_linux:11:kernel-desktop-devel, p-cpe:/a:novell:suse_linux:11:kernel-ec2, p-cpe:/a:novell:suse_linux:11:kernel-ec2-base, p-cpe:/a:novell:suse_linux:11:kernel-pae, p-cpe:/a:novell:suse_linux:11:kernel-pae-base, p-cpe:/a:novell:suse_linux:11:kernel-pae-devel, p-cpe:/a:novell:suse_linux:11:kernel-pae-extra, p-cpe:/a:novell:suse_linux:11:kernel-source, p-cpe:/a:novell:suse_linux:11:kernel-syms, p-cpe:/a:novell:suse_linux:11:kernel-trace, p-cpe:/a:novell:suse_linux:11:kernel-trace-base, p-cpe:/a:novell:suse_linux:11:kernel-trace-devel, p-cpe:/a:novell:suse_linux:11:kernel-xen, p-cpe:/a:novell:suse_linux:11:kernel-xen-base, p-cpe:/a:novell:suse_linux:11:kernel-xen-devel, p-cpe:/a:novell:suse_linux:11:kernel-xen-extra, cpe:/o:novell:suse_linux:11
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/28/2011
Reference Information
CVE: CVE-2010-2943, CVE-2010-3699, CVE-2010-3705, CVE-2010-3858, CVE-2010-3875, CVE-2010-3876, CVE-2010-3877, CVE-2010-4075, CVE-2010-4076, CVE-2010-4077, CVE-2010-4163, CVE-2010-4243, CVE-2010-4342, CVE-2010-4346, CVE-2010-4526, CVE-2010-4527, CVE-2010-4529, CVE-2010-4650, CVE-2010-4668, CVE-2011-0006, CVE-2011-0710, CVE-2011-0711, CVE-2011-0712