SuSE 10 Security Update : Linux kernel (x86_64) (ZYPP Patch Number 6929)

High Nessus Plugin ID 59146

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 3.6


The remote SuSE 10 host is missing a security-related patch.


This update fixes lots of bugs and some security issues in the SUSE Linux Enterprise 10 SP 3 kernel.

- A stack-based buffer overflow in the HFS subsystem of the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir() function in fs/hfs/dir.c. CVE-2010-0410: The connector netlink driver (drivers/connector/connector.c) of the Linux kernel allows local users to cause a denial of service (memory consumption or system crash) by sending the kernel many NETLINK_CONNECTOR messages.
CVE-2009-3556: A configuration value in the qla2xxx driver of the Linux kernel when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the vport_create and vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files. (CVE-2009-4020)


Apply ZYPP patch number 6929.

See Also

Plugin Details

Severity: High

ID: 59146

File Name: suse_kernel-6929.nasl

Version: 1.10

Type: local

Agent: unix

Published: 2012/05/17

Updated: 2021/01/14

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 3.6

CVSS v2.0

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2010/03/16

Reference Information

CVE: CVE-2009-3556, CVE-2009-4020, CVE-2010-0410

CWE: 119, 264, 399