Synopsis
The remote openSUSE host is missing a security update.
Description
This security update of the openSUSE 11.1 kernel updates the kernel to 2.6.27.56 and fixes various security issues and other bugs.
Following security issues were fixed by this update: CVE-2010-2963: A problem in the compat ioctl handling in video4linux allowed local attackers with a video device plugged in to gain privileges on x86_64 systems.
CVE-2010-4157: A 32bit vs 64bit integer mismatch in gdth_ioctl_alloc could lead to memory corruption in the GDTH driver.
CVE-2010-4164: A remote (or local) attacker communicating over X.25 could cause a kernel panic by attempting to negotiate malformed facilities.
CVE-2010-3874: A minor heap overflow in the CAN network module was fixed. Due to nature of the memory allocator it is likely not exploitable.
CVE-2010-4158: A memory information leak in berkely packet filter rules allowed local attackers to read uninitialized memory of the kernel stack.
CVE-2010-4162: A local denial of service in the blockdevice layer was fixed.
CVE-2010-3437: A range checking overflow in pktcdvd ioctl was fixed.
CVE-2010-4078: The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux kernel did not properly initialize a certain structure member, which allowed local users to obtain potentially sensitive information from kernel stack memory via an FBIOGET_VBLANK ioctl call.
CVE-2010-4082: The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c in the Linux kernel did not properly initialize a certain structure member, which allowed local users to obtain potentially sensitive information from kernel stack memory via a VIAFB_GET_INFO ioctl call.
CVE-2010-4073: The ipc subsystem in the Linux kernel did not initialize certain structures, which allowed local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c.
CVE-2010-4072: The copy_shmid_to_user function in ipc/shm.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain potentially sensitive information from kernel stack memory via vectors related to the shmctl system call and the 'old shm interface.'
CVE-2010-4083: The copy_semid_to_user function in ipc/sem.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain potentially sensitive information from kernel stack memory via a (1) IPC_INFO, (2) SEM_INFO, (3) IPC_STAT, or (4) SEM_STAT command in a semctl system call.
CVE-2010-3067: Integer overflow in the do_io_submit function in fs/aio.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via crafted use of the io_submit system call.
CVE-2010-3442: Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel allowed local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl call.
CVE-2010-4080: The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSP_IOCTL_GET_CONFIG_INFO ioctl call.
CVE-2010-4081: The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the Linux kernel did not initialize a certain structure, which allowed local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HDSPM_IOCTL_GET_CONFIG_INFO ioctl call.
Solution
Update the affected kernel packages.
Plugin Details
File Name: suse_11_1_kernel-101202.nasl
Agent: unix
Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-pae-extra, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-default-extra, p-cpe:/a:novell:opensuse:kernel-debug-extra, p-cpe:/a:novell:opensuse:kernel-trace-extra, cpe:/o:novell:opensuse:11.1, p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-xen-extra, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-syms
Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu
Exploit Ease: Exploits are available
Patch Publication Date: 12/2/2010
Reference Information
CVE: CVE-2010-2963, CVE-2010-3067, CVE-2010-3437, CVE-2010-3442, CVE-2010-3874, CVE-2010-4072, CVE-2010-4073, CVE-2010-4078, CVE-2010-4080, CVE-2010-4081, CVE-2010-4082, CVE-2010-4083, CVE-2010-4157, CVE-2010-4158, CVE-2010-4162, CVE-2010-4164