SuSE 10 Security Update : Linux kernel (x86_64) (ZYPP Patch Number 6929)

high Nessus Plugin ID 59146
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This update fixes lots of bugs and some security issues in the SUSE Linux Enterprise 10 SP 3 kernel.

- A stack-based buffer overflow in the HFS subsystem of the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir() function in fs/hfs/dir.c. CVE-2010-0410: The connector netlink driver (drivers/connector/connector.c) of the Linux kernel allows local users to cause a denial of service (memory consumption or system crash) by sending the kernel many NETLINK_CONNECTOR messages.
CVE-2009-3556: A configuration value in the qla2xxx driver of the Linux kernel when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the vport_create and vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files. (CVE-2009-4020)

Solution

Apply ZYPP patch number 6929.

See Also

http://support.novell.com/security/cve/CVE-2009-3556.html

http://support.novell.com/security/cve/CVE-2009-4020.html

http://support.novell.com/security/cve/CVE-2010-0410.html

Plugin Details

Severity: High

ID: 59146

File Name: suse_kernel-6929.nasl

Version: 1.10

Type: local

Agent: unix

Published: 5/17/2012

Updated: 1/14/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 3/16/2010

Reference Information

CVE: CVE-2009-3556, CVE-2009-4020, CVE-2010-0410

CWE: 119, 264, 399