SuSE 11 Security Update : Linux kernel (SAT Patch Numbers 927 / 929 / 930)

high Nessus Plugin ID 41411

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

The Linux kernel on SUSE Linux Enterprise 11 was updated to 2.6.27.23 and received lots of bugs and security fixes.

The following security issues have been fixed :

- Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) or potential code execution via a long nativeFileSystem field in a Tree Connect response to an SMB mount request.
(CVE-2009-1439)

This requires that kernel can be made to mount a 'cifs' filesystem from a malicious CIFS server.

- The exit_notify function in kernel/exit.c in the Linux kernel did not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.
(CVE-2009-1337)

The GCC option -fwrapv has been added to compilation to work around potentially removing integer overflow checks.

- Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel might allow attackers to obtain sensitive information via a large length value, which causes 'garbage' memory to be sent. (CVE-2009-1265)

- The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka 'Long mode enable') bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform. (CVE-2009-1242)

- The __inet6_check_established function in net/ipv6/inet6_hashtables.c in the Linux kernel, when Network Namespace Support (aka NET_NS) is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via vectors involving IPv6 packets. (CVE-2009-1360)

- drivers/char/agp/generic.c in the agp subsystem in the Linux kernel does not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. (CVE-2009-1192)

Additionaly a lot of bugs have been fixed and are listed in the RPM changelog.

Solution

Apply SAT patch number 927 / 929 / 930 as appropriate.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=486803

https://bugzilla.novell.com/show_bug.cgi?id=487106

https://bugzilla.novell.com/show_bug.cgi?id=487755

https://bugzilla.novell.com/show_bug.cgi?id=487987

https://bugzilla.novell.com/show_bug.cgi?id=489005

https://bugzilla.novell.com/show_bug.cgi?id=489105

https://bugzilla.novell.com/show_bug.cgi?id=490368

https://bugzilla.novell.com/show_bug.cgi?id=490608

https://bugzilla.novell.com/show_bug.cgi?id=490902

https://bugzilla.novell.com/show_bug.cgi?id=491289

https://bugzilla.novell.com/show_bug.cgi?id=491430

https://bugzilla.novell.com/show_bug.cgi?id=492282

https://bugzilla.novell.com/show_bug.cgi?id=492760

https://bugzilla.novell.com/show_bug.cgi?id=492768

https://bugzilla.novell.com/show_bug.cgi?id=493392

https://bugzilla.novell.com/show_bug.cgi?id=493991

https://bugzilla.novell.com/show_bug.cgi?id=494463

https://bugzilla.novell.com/show_bug.cgi?id=495068

https://bugzilla.novell.com/show_bug.cgi?id=495515

https://bugzilla.novell.com/show_bug.cgi?id=495668

https://bugzilla.novell.com/show_bug.cgi?id=495816

https://bugzilla.novell.com/show_bug.cgi?id=496027

https://bugzilla.novell.com/show_bug.cgi?id=496353

https://bugzilla.novell.com/show_bug.cgi?id=496398

https://bugzilla.novell.com/show_bug.cgi?id=496399

https://bugzilla.novell.com/show_bug.cgi?id=496502

https://bugzilla.novell.com/show_bug.cgi?id=496878

https://bugzilla.novell.com/show_bug.cgi?id=497807

https://bugzilla.novell.com/show_bug.cgi?id=498042

https://bugzilla.novell.com/show_bug.cgi?id=498237

https://bugzilla.novell.com/show_bug.cgi?id=499558

https://bugzilla.novell.com/show_bug.cgi?id=499772

https://bugzilla.novell.com/show_bug.cgi?id=499845

https://bugzilla.novell.com/show_bug.cgi?id=500508

https://bugzilla.novell.com/show_bug.cgi?id=501114

https://bugzilla.novell.com/show_bug.cgi?id=501160

https://bugzilla.novell.com/show_bug.cgi?id=501224

http://support.novell.com/security/cve/CVE-2009-1242.html

http://support.novell.com/security/cve/CVE-2009-1265.html

http://support.novell.com/security/cve/CVE-2009-1337.html

http://support.novell.com/security/cve/CVE-2009-1360.html

http://support.novell.com/security/cve/CVE-2009-1439.html

https://bugzilla.novell.com/show_bug.cgi?id=408304

https://bugzilla.novell.com/show_bug.cgi?id=459065

https://bugzilla.novell.com/show_bug.cgi?id=460284

https://bugzilla.novell.com/show_bug.cgi?id=464360

https://bugzilla.novell.com/show_bug.cgi?id=465854

https://bugzilla.novell.com/show_bug.cgi?id=467518

https://bugzilla.novell.com/show_bug.cgi?id=474062

https://bugzilla.novell.com/show_bug.cgi?id=483706

https://bugzilla.novell.com/show_bug.cgi?id=484931

https://bugzilla.novell.com/show_bug.cgi?id=486430

https://bugzilla.novell.com/show_bug.cgi?id=501234

https://bugzilla.novell.com/show_bug.cgi?id=502026

https://bugzilla.novell.com/show_bug.cgi?id=502425

https://bugzilla.novell.com/show_bug.cgi?id=502733

https://bugzilla.novell.com/show_bug.cgi?id=502903

https://bugzilla.novell.com/show_bug.cgi?id=503038

https://bugzilla.novell.com/show_bug.cgi?id=503101

https://bugzilla.novell.com/show_bug.cgi?id=503161

https://bugzilla.novell.com/show_bug.cgi?id=503457

https://bugzilla.novell.com/show_bug.cgi?id=505831

https://bugzilla.novell.com/show_bug.cgi?id=505925

http://support.novell.com/security/cve/CVE-2009-1192.html

Plugin Details

Severity: High

ID: 41411

File Name: suse_11_kernel-090527.nasl

Version: 1.17

Type: local

Agent: unix

Published: 9/24/2009

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:kernel-vmi, p-cpe:/a:novell:suse_linux:11:kernel-syms, p-cpe:/a:novell:suse_linux:11:kernel-default-extra, p-cpe:/a:novell:suse_linux:11:kernel-default, p-cpe:/a:novell:suse_linux:11:kernel-xen-extra, p-cpe:/a:novell:suse_linux:11:kernel-source, p-cpe:/a:novell:suse_linux:11:kernel-pae-base, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:11:kernel-xen, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-pae, p-cpe:/a:novell:suse_linux:11:kernel-vmi-base, p-cpe:/a:novell:suse_linux:11:kernel-pae, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-default, p-cpe:/a:novell:suse_linux:11:kernel-default-base, p-cpe:/a:novell:suse_linux:11:kernel-default-man, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-vmi, p-cpe:/a:novell:suse_linux:11:kernel-xen-base, p-cpe:/a:novell:suse_linux:11:ext4dev-kmp-xen, p-cpe:/a:novell:suse_linux:11:kernel-pae-extra

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 5/27/2009

Reference Information

CVE: CVE-2009-1192, CVE-2009-1242, CVE-2009-1265, CVE-2009-1337, CVE-2009-1360, CVE-2009-1439

CWE: 119, 264