openSUSE 10 Security Update : kernel (kernel-3128)

high Nessus Plugin ID 27294

Synopsis

The remote openSUSE host is missing a security update.

Description

This kernel update fixes the following security problems :

- CVE-2007-1000 A NULL pointer dereference in the IPv6 sockopt handling can be used by local attackers to read arbitrary kernel memory and so gain access to private information.

- CVE-2007-1388 A NULL pointer dereference could be used by local attackers to cause a Oops / crash of the machine.

- CVE-2007-1592 A possible double free in the ipv6/flowlabel handling was fixed.

- CVE-2007-1357 A remote denial of service attack in the AppleTalk protocol handler was fixed. This attack is only possible on the local subnet, and requires the AppleTalk protocol module to be loaded (which is not done by default).

and the following non security bugs :

- patches.fixes/visor_write_race.patch: fix race allowing overstepping memory limit in visor_write (Mainline:
2.6.21)

- patches.drivers/libata-ide-via-add-PCI-IDs:
via82cxxx/pata_via: backport PCI IDs (254158).

- libata: implement HDIO_GET_IDENTITY (255413).

- sata_sil24: Add Adaptec 1220SA PCI ID. (Mainline:
2.6.21)

- ide: backport hpt366 from devel tree (244502).

- mm: fix madvise infinine loop (248167).

- libata: hardreset on SERR_INTERNAL (241334).

- limited WPA support for prism54 (207944)

- jmicron: match class instead of function number (224784, 207707)

- ahci: RAID mode SATA patch for Intel ICH9M (Mainline:
2.6.21)

- libata: blacklist FUJITSU MHT2060BH for NCQ (Mainline:
2.6.21)

- libata: add missing PM callbacks. (Mainline: 2.6.20)

- patches.fixes/nfs-readdir-timestamp: Set meaningful value for fattr->time_start in readdirplus results.
(244967).

- patches.fixes/usb_volito.patch: wacom volito tablet not working (#248832).

- patches.fixes/965-fix: fix detection of aperture size versus GTT size on G965 (#258013).

- patches.fixes/sbp2-MODE_SENSE-fix.diff: use proper MODE SENSE, fixes recognition of device properties (261086)

- patches.fixes/ipt_CLUSTERIP_refcnt_fix:
ipv4/netfilter/ipt_CLUSTERIP.c - refcnt fix (238646)

- patches.fixes/reiserfs-fix-vs-13060.diff: reiserfs: fix corruption with vs-13060 (257735).

- patches.drivers/ati-rs400_200-480-disable-msi:
pci-quirks: disable MSI on RS400-200 and RS480 (263893).

- patches.drivers/libata-ahci-ignore-interr-on-SB600:
ahci.c: walkaround for SB600 SATA internal error issue (#264792).

Furthermore, CONFIG_USB_DEVICEFS has been re-enabled to allow use of USB in legacy applications like VMware. (#210899).

Solution

Update the affected kernel packages.

Plugin Details

Severity: High

ID: 27294

File Name: suse_kernel-3128.nasl

Version: 1.20

Type: local

Agent: unix

Published: 10/17/2007

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.8

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-bigsmp, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xenpae, cpe:/o:novell:opensuse:10.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/17/2007

Reference Information

CVE: CVE-2007-1000, CVE-2007-1357, CVE-2007-1388, CVE-2007-1592

CWE: 119