openSUSE Security Update : kernel (openSUSE-SU-2011:0861-1)

high Nessus Plugin ID 75555

Synopsis

The remote openSUSE host is missing a security update.

Description

The openSUSE 11.3 kernel was updated to 2.6.34.10 to fix various bugs and security issues.

Following security issues have been fixed: CVE-2011-2495: The /proc/PID/io interface could be used by local attackers to gain information on other processes like number of password characters typed or similar.

CVE-2011-2484: The add_del_listener function in kernel/taskstats.c in the Linux kernel did not prevent multiple registrations of exit handlers, which allowed local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application.

CVE-2011-2491: A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance.

CVE-2011-2496: The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow.
However, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition.

CVE-2011-1017,CVE-2011-2182: The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions.

CVE-2011-1479: A regression in inotify fix for a memory leak could lead to a double free corruption which could crash the system.

CVE-2011-1593: Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.

CVE-2011-1020: The proc filesystem implementation in the Linux kernel did not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allowed local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.

CVE-2011-1585: When using a setuid root mount.cifs, local users could hijack password protected mounted CIFS shares of other local users.

CVE-2011-1160: Kernel information via the TPM devices could by used by local attackers to read kernel memory.

CVE-2011-1577: The Linux kernel automatically evaluated partition tables of storage devices. The code for evaluating EFI GUID partitions (in fs/partitions/efi.c) contained a bug that causes a kernel oops on certain corrupted GUID partition tables, which might be used by local attackers to crash the kernel or potentially execute code.

CVE-2011-1180: In the IrDA module, length fields provided by a peer for names and attributes may be longer than the destination array sizes and were not checked, this allowed local attackers (close to the irda port) to potentially corrupt memory.

CVE-2011-1016: The Radeon GPU drivers in the Linux kernel did not properly validate data related to the AA resolve registers, which allowed local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values.

CVE-2011-1013: A signedness issue in the drm ioctl handling could be used by local attackers to potentially overflow kernel buffers and execute code.

Solution

Update the affected kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=584493

https://bugzilla.novell.com/show_bug.cgi?id=595586

https://bugzilla.novell.com/show_bug.cgi?id=642142

https://bugzilla.novell.com/show_bug.cgi?id=655693

https://bugzilla.novell.com/show_bug.cgi?id=669889

https://bugzilla.novell.com/show_bug.cgi?id=669937

https://bugzilla.novell.com/show_bug.cgi?id=670860

https://bugzilla.novell.com/show_bug.cgi?id=670868

https://bugzilla.novell.com/show_bug.cgi?id=673934

https://bugzilla.novell.com/show_bug.cgi?id=674648

https://bugzilla.novell.com/show_bug.cgi?id=674691

https://bugzilla.novell.com/show_bug.cgi?id=674693

https://bugzilla.novell.com/show_bug.cgi?id=674982

https://bugzilla.novell.com/show_bug.cgi?id=676419

https://bugzilla.novell.com/show_bug.cgi?id=677827

https://bugzilla.novell.com/show_bug.cgi?id=679898

https://bugzilla.novell.com/show_bug.cgi?id=680040

https://bugzilla.novell.com/show_bug.cgi?id=681497

https://bugzilla.novell.com/show_bug.cgi?id=683282

https://bugzilla.novell.com/show_bug.cgi?id=687113

https://bugzilla.novell.com/show_bug.cgi?id=688432

https://bugzilla.novell.com/show_bug.cgi?id=689414

https://bugzilla.novell.com/show_bug.cgi?id=692459

https://bugzilla.novell.com/show_bug.cgi?id=692502

https://bugzilla.novell.com/show_bug.cgi?id=693374

https://bugzilla.novell.com/show_bug.cgi?id=693382

https://bugzilla.novell.com/show_bug.cgi?id=698221

https://bugzilla.novell.com/show_bug.cgi?id=698247

https://bugzilla.novell.com/show_bug.cgi?id=702013

https://bugzilla.novell.com/show_bug.cgi?id=702285

https://bugzilla.novell.com/show_bug.cgi?id=703153

https://bugzilla.novell.com/show_bug.cgi?id=703155

https://lists.opensuse.org/opensuse-updates/2011-08/msg00003.html

Plugin Details

Severity: High

ID: 75555

File Name: suse_11_3_kernel-110726.nasl

Version: 1.5

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-vmi, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:preload-kmp-desktop, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vmi-base, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-default-devel, cpe:/o:novell:opensuse:11.3, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-ec2-extra, p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:preload-kmp-default, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-vmi-devel, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-source

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 7/26/2011

Reference Information

CVE: CVE-2011-1013, CVE-2011-1016, CVE-2011-1017, CVE-2011-1020, CVE-2011-1160, CVE-2011-1180, CVE-2011-1479, CVE-2011-1577, CVE-2011-1585, CVE-2011-1593, CVE-2011-2182, CVE-2011-2484, CVE-2011-2491, CVE-2011-2495, CVE-2011-2496