SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5473)

critical Nessus Plugin ID 41533

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

This is a respin of the previous kernel update, which got retracted due to an IDE-CDROM regression, where any IDE CDROM access would hang or crash the system. Only this problem was fixed additionally.

This kernel update fixes the following security problems :

- On x86_64 a denial of service attack could be used by local attackers to immediately panic / crash the machine. (CVE-2008-1615)

- Fixed a SMP ordering problem in fcntl_setlk could potentially allow local attackers to execute code by timing file locking. (CVE-2008-1669)

- Fixed a resource starvation problem in the handling of ZERO mmap pages. (CVE-2008-2372)

- The asn1 implementation in (a) the Linux kernel, as used in the cifs and ip_nat_snmp_basic modules does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding.
(CVE-2008-1673)

- Various tty / serial devices did not check functionpointers for NULL before calling them, leading to potential crashes or code execution. The devices affected are usually only accessible by the root user though. (CVE-2008-2812)

- A missing permission check in mount changing was added which could have been used by local attackers to change the mountdirectory. (CVE-2008-2931)

Additionally a very large number of bugs was fixed. Details can be found in the RPM changelog of the included packages.

OCFS2 has been upgraded to the 1.4.1 release :

- Endian fixes

- Use slab caches for DLM objects

- Export DLM state info to debugfs

- Avoid ENOSPC in rare conditions when free inodes are reserved by other nodes

- Error handling fix in ocfs2_start_walk_page_trans()

- Cleanup lockres printing

- Allow merging of extents

- Fix to allow changing permissions of symlinks

- Merged local fixes upstream (no code change)

Solution

Apply ZYPP patch number 5473.

See Also

http://support.novell.com/security/cve/CVE-2008-1615.html

http://support.novell.com/security/cve/CVE-2008-1669.html

http://support.novell.com/security/cve/CVE-2008-1673.html

http://support.novell.com/security/cve/CVE-2008-2372.html

http://support.novell.com/security/cve/CVE-2008-2812.html

http://support.novell.com/security/cve/CVE-2008-2931.html

Plugin Details

Severity: Critical

ID: 41533

File Name: suse_kernel-5473.nasl

Version: 1.14

Type: local

Agent: unix

Published: 9/24/2009

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 7/28/2008

Reference Information

CVE: CVE-2008-1615, CVE-2008-1669, CVE-2008-1673, CVE-2008-2372, CVE-2008-2812, CVE-2008-2931

CWE: 119, 20, 264, 362, 399, 94