Detections
Analytics

SuSE 10 Security Update : Linux kernel (i386) (ZYPP Patch Number 2097)

high Nessus Plugin ID 29485

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This kernel update fixes the following security problems :

 - A double userspace copy in a SCTP ioctl allows local attackers to overflow a buffer in the kernel, potentially allowing code execution and privilege escalation. [#199441]. (CVE-2006-3745)

 - Local attackers were able to crash PowerPC systems with PPC970 processor using a not correctly disabled privileged instruction ('attn'). [#197810].
 (CVE-2006-4093)

 - Remote attackers able to access an NFS of a ext2 or ext3 filesystem can cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only. [#192988].
 (CVE-2006-3468)

and the following non security bugs :

 - XEN patches/fixes :

 - kunmap_atomic() must zap the PTE to avoid dangling references.

 - Fix oops on io scheduler unload on a process without ioc (backport)

 - OCFS2 updated to to version 1.2.3.

 - update patches.arch/ppc-update_gtod-race.patch: restrict to 64bit only because it leads to deadlocks on ppc32 [#202146]

 - Fix MCA recovery in context switch path [#199472]

 - fix gettimeofday vs. update_gtod race [#197699]

 - LKCD: dump all slab pages. [#196330]

 - Make idle io be lowest priority best-effort [#195387]

 - Fix dropping of wrong cic. [#195387]

 - Fix stale file handle problem with subtree_checking.
 [#195040]

 - Remove Altix PROM bit that can race on MCAs. [#193296]

 - Prevent silent data corruption caused by XPC. [#193132]

 - Fix race condition during COW [#192259]

 - sched: fix group power for allnodes_domains [#191929]

 - Allow dma_alloc_coherent() to work for regions up to 2MB. [#191615]

 - fix ABBA deadlock between cpuset callback_sem and hotplug cpucontrol mutex [#191582]

 - Check for existing sysfs directory prior to creating one [#191360]

 - Fix possible NFS panic in readdir. [#189951]

 - MPT driver: Fix oops on module loading [#189534]

 - SUNRPC: Ensure that rpc_mkpipe returns a refcounted dentry [#183013]

 - Pass file mode on DMAPI remove events [#182691]

 - MPT driver: Fix oops during error recovery [#177919]

 - flush icache on POWER4 cpus to fix itrace crash [#171699]

 - KPROBES: Fix system panic if user doing copy_from_user in the probe handlers [#171483]

 - patches.xen/xen-balloon-max-target: Expose limit domain can be ballooned up to [#152667]

 - Avoid possible soft-lockup, particularly related to md [#152099]

 - reiserfs: fix transaction overflowing [#145070]

Fixes for S/390 :

 - IBM Patchcluster 6

 - Problem-ID: 25393 - xpram: module parameter parsing.

 - Problem-ID: 23720 - zfcp: failed paths remain unavailable

 - Problem-ID: 23989 - zfcp: ERP 'deadlock' when registering a scsi device or remote port (partII)

 - Problem-ID: 24645 - qeth: qethconf not adding ipa entries

 - Problem-ID: 25507 - cio: 5 min timeout after setting chpid offline.

 - Problem-ID: 25511 - cio: Fix some path grouping and path verification related problems.

 - IBM Patchcluster 7

 - Problem-ID: 25564 - qeth: race during setup of qeth device

 - Problem-ID: 25799 - iucv: multiple interfaces with same peer established

 - Problem-ID: 25801 - cio: permanent subchannel busy conditions may cause I/O stall

 - Problem-ID: 23575 - cio: module containing ccwgroup driver cannot be unloaded.

 - Problem-ID: 25802 - cio: Disallow ccwgroup devices containing non-unique ccw devices.

 - Problem-ID: 26016 - qeth: race when reboot and recovery run concurrently

 - Problem-ID: 26068 - qeth: kernel panic under heavy UDP workload

 - Problem-ID: 26103 - cio: I/O stall due to lost interupt after CHPID vary off/on cycle

 - Problem-ID: 26014 - qeth: stack trace with msg 'inconsistent lock state'

 - Problem-ID: 26118 - dasd: kernel BUG when setting a DASD device offline.

 - Problem-ID: 19628 - zfcp: do adapter reopen on do_QDIO error

 - Problem-ID: 26144 - qeth: Setrouting for ipv6 invalid on hipersockets.

 - Problem-ID: 23427, 24855 - cio: Inconsistent values in channel measurement facility.

 - Problem-ID: 24511 - dasd: Cleanup queue fails during offline processing.

 For further describtion of the named Problem-IDs, please look to http://www-128.ibm.com/developerworks/linux/linux390/apr il20 04_recommended.html

In the former Kernel the HZ_TIMER was switched on by default. This is now switched off. (see cat /proc/sys/kernel/hz_timer on the system)

Solution

Apply ZYPP patch number 2097.

See Also

http://support.novell.com/security/cve/CVE-2006-3468.html

http://support.novell.com/security/cve/CVE-2006-3745.html

http://support.novell.com/security/cve/CVE-2006-4093.html

Plugin Details

Severity: High

ID: 29485

File Name: suse_kernel-2097.nasl

Version: 1.16

Type: local

Agent: unix

Published: 12/13/2007

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 9/19/2006

Reference Information

CVE: CVE-2006-3468, CVE-2006-3745, CVE-2006-4093