Detections
Analytics
openSUSE Security Update : Kernel (openSUSE-SU-2010:0592-1)
high Nessus Plugin ID 75548
Language:
Synopsis
The remote openSUSE host is missing a security update.Description
This update of the openSUSE 11.3 kernel brings the kernel to version 2.6.34.4 and contains a lot of bug and security fixesCVE-2010-3110: Missing bounds checks in several ioctls of the Novell Client novfs /proc interface allowed unprivileged local users to crash the kernel or even execute code in kernel context.
CVE-2010-2524: a malicious local user could fill the cache used by CIFS do perform dns lookups with chosen data, therefore tricking the kernel into mounting a wrong CIFS server.
CVE-2010-2798: a local user could trigger a NULL derefence on a gfs2 file system
CVE-2010-2537: a local user could overwrite append-only files on a btrfs file system
CVE-2010-2538: a local user could read kernel memory of a btrfs file system
Solution
Update the affected Kernel packages.See Also
https://bugzilla.novell.com/show_bug.cgi?id=619021
https://bugzilla.novell.com/show_bug.cgi?id=619416
https://bugzilla.novell.com/show_bug.cgi?id=619440
https://bugzilla.novell.com/show_bug.cgi?id=619727
https://bugzilla.novell.com/show_bug.cgi?id=621598
https://bugzilla.novell.com/show_bug.cgi?id=623005
https://bugzilla.novell.com/show_bug.cgi?id=623472
https://bugzilla.novell.com/show_bug.cgi?id=624118
https://bugzilla.novell.com/show_bug.cgi?id=624587
https://bugzilla.novell.com/show_bug.cgi?id=624606
https://bugzilla.novell.com/show_bug.cgi?id=624814
https://bugzilla.novell.com/show_bug.cgi?id=625339
https://bugzilla.novell.com/show_bug.cgi?id=627212
https://bugzilla.novell.com/show_bug.cgi?id=627310
https://bugzilla.novell.com/show_bug.cgi?id=627386
https://bugzilla.novell.com/show_bug.cgi?id=627447
https://bugzilla.novell.com/show_bug.cgi?id=629908
https://bugzilla.novell.com/show_bug.cgi?id=631066
https://bugzilla.novell.com/show_bug.cgi?id=631185
https://bugzilla.novell.com/show_bug.cgi?id=631319
https://lists.opensuse.org/opensuse-updates/2010-09/msg00009.html
https://bugzilla.novell.com/show_bug.cgi?id=529535
https://bugzilla.novell.com/show_bug.cgi?id=584720
https://bugzilla.novell.com/show_bug.cgi?id=586643
https://bugzilla.novell.com/show_bug.cgi?id=594362
https://bugzilla.novell.com/show_bug.cgi?id=599671
https://bugzilla.novell.com/show_bug.cgi?id=608300
https://bugzilla.novell.com/show_bug.cgi?id=610362
https://bugzilla.novell.com/show_bug.cgi?id=610828
https://bugzilla.novell.com/show_bug.cgi?id=615656
https://bugzilla.novell.com/show_bug.cgi?id=617530
Plugin Details
Severity: High
ID: 75548
File Name: suse_11_3_Kernel-100824.nasl
Version: 1.5
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 6/13/2014
Updated: 1/14/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.2
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:preload-kmp-default, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-vmi-devel, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:preload-kmp-desktop, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-devel, cpe:/o:novell:opensuse:11.3
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Patch Publication Date: 8/24/2010
Reference Information
CVE: CVE-2010-2524, CVE-2010-2537, CVE-2010-2538, CVE-2010-2798, CVE-2010-3110