SuSE 10 Security Update : the Linux kernel (ZYPP Patch Number 6236)

high Nessus Plugin ID 59137
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

The Linux kernel on SUSE Linux Enterprise 10 Service Pack 2 was updated to fix various security issues and several bugs.

The following security issues were fixed: CVE-2009-0834: The audit_syscall_entry function in the Linux kernel on the x86_64 platform did not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls.

- nfsd in the Linux kernel did not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option. (CVE-2009-1072)

- The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod. (CVE-2009-0835)

- Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) or potential code execution via a long nativeFileSystem field in a Tree Connect response to an SMB mount request.
(CVE-2009-1439)

This requires that kernel can be made to mount a 'cifs' filesystem from a malicious CIFS server.

- The exit_notify function in kernel/exit.c in the Linux kernel did not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.
(CVE-2009-1337)

- The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program. (SUSE is enabling CONFIG_SHMEM, so is by default not affected, the fix is just for completeness). (CVE-2009-0859)

The GCC option -fwrapv has been added to compilation to work around potentially removing integer overflow checks.

- Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel might allow attackers to obtain sensitive information via a large length value, which causes 'garbage' memory to be sent. (CVE-2009-1265)

Also a number of bugs were fixed, for details please see the RPM changelog.

Solution

Apply ZYPP patch number 6236.

See Also

http://support.novell.com/security/cve/CVE-2009-0834.html

http://support.novell.com/security/cve/CVE-2009-0835.html

http://support.novell.com/security/cve/CVE-2009-0859.html

http://support.novell.com/security/cve/CVE-2009-1072.html

http://support.novell.com/security/cve/CVE-2009-1265.html

http://support.novell.com/security/cve/CVE-2009-1337.html

http://support.novell.com/security/cve/CVE-2009-1439.html

Plugin Details

Severity: High

ID: 59137

File Name: suse_kernel-6236.nasl

Version: 1.8

Type: local

Agent: unix

Published: 5/17/2012

Updated: 1/14/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 5/12/2009

Reference Information

CVE: CVE-2009-0834, CVE-2009-0835, CVE-2009-0859, CVE-2009-1072, CVE-2009-1265, CVE-2009-1337, CVE-2009-1439

CWE: 16, 20, 119, 264