openSUSE Security Update : kernel (openSUSE-SU-2011:0860-1)

high Nessus Plugin ID 75880

Synopsis

The remote openSUSE host is missing a security update.

Description

The openSUSE 11.4 kernel was updated to 2.6.37.6 fixing lots of bugs and security issues.

Following security issues have been fixed: CVE-2011-2495: The /proc/PID/io interface could be used by local attackers to gain information on other processes like number of password characters typed or similar.

CVE-2011-2484: The add_del_listener function in kernel/taskstats.c in the Linux kernel did not prevent multiple registrations of exit handlers, which allowed local users to cause a denial of service (memory and CPU consumption), and bypass the OOM Killer, via a crafted application.

CVE-2011-2022: The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 did not validate a certain start parameter, which allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745.

CVE-2011-1745: Integer overflow in the agp_generic_insert_memory function in drivers/char/agp/generic.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_BIND agp_ioctl ioctl call.

CVE-2011-2493: A denial of service on mounting invalid ext4 filesystems was fixed.

CVE-2011-2491: A local unprivileged user able to access a NFS filesystem could use file locking to deadlock parts of an nfs server under some circumstance.

CVE-2011-2498: Also account PTE pages when calculating OOM scoring, which could have lead to a denial of service.

CVE-2011-2496: The normal mmap paths all avoid creating a mapping where the pgoff inside the mapping could wrap around due to overflow.
However, an expanding mremap() can take such a non-wrapping mapping and make it bigger and cause a wrapping condition.

CVE-2011-1017,CVE-2011-2182: The code for evaluating LDM partitions (in fs/partitions/ldm.c) contained bugs that could crash the kernel for certain corrupted LDM partitions.

CVE-2011-1479: A regression in inotify fix for a memory leak could lead to a double free corruption which could crash the system.

CVE-2011-1927: A missing route validation issue in ip_expire() could be used by remote attackers to trigger a NULL ptr dereference, crashing parts of the kernel.

CVE-2011-1593: Multiple integer overflows in the next_pidmap function in kernel/pid.c in the Linux kernel allowed local users to cause a denial of service (system crash) via a crafted (1) getdents or (2) readdir system call.

CVE-2011-1020: The proc filesystem implementation in the Linux kernel did not restrict access to the /proc directory tree of a process after this process performs an exec of a setuid program, which allowed local users to obtain sensitive information or cause a denial of service via open, lseek, read, and write system calls.

Solution

Update the affected kernel packages.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=584493

https://bugzilla.novell.com/show_bug.cgi?id=595586

https://bugzilla.novell.com/show_bug.cgi?id=655693

https://bugzilla.novell.com/show_bug.cgi?id=661979

https://bugzilla.novell.com/show_bug.cgi?id=666423

https://bugzilla.novell.com/show_bug.cgi?id=669889

https://bugzilla.novell.com/show_bug.cgi?id=672008

https://bugzilla.novell.com/show_bug.cgi?id=674648

https://bugzilla.novell.com/show_bug.cgi?id=674982

https://bugzilla.novell.com/show_bug.cgi?id=677827

https://bugzilla.novell.com/show_bug.cgi?id=679545

https://bugzilla.novell.com/show_bug.cgi?id=681826

https://bugzilla.novell.com/show_bug.cgi?id=681840

https://bugzilla.novell.com/show_bug.cgi?id=687368

https://bugzilla.novell.com/show_bug.cgi?id=688432

https://bugzilla.novell.com/show_bug.cgi?id=689583

https://bugzilla.novell.com/show_bug.cgi?id=689797

https://bugzilla.novell.com/show_bug.cgi?id=692497

https://bugzilla.novell.com/show_bug.cgi?id=692502

https://bugzilla.novell.com/show_bug.cgi?id=693013

https://bugzilla.novell.com/show_bug.cgi?id=693043

https://bugzilla.novell.com/show_bug.cgi?id=693374

https://bugzilla.novell.com/show_bug.cgi?id=693382

https://bugzilla.novell.com/show_bug.cgi?id=694498

https://bugzilla.novell.com/show_bug.cgi?id=697859

https://bugzilla.novell.com/show_bug.cgi?id=698221

https://bugzilla.novell.com/show_bug.cgi?id=698247

https://bugzilla.novell.com/show_bug.cgi?id=699123

https://bugzilla.novell.com/show_bug.cgi?id=701998

https://bugzilla.novell.com/show_bug.cgi?id=702013

https://bugzilla.novell.com/show_bug.cgi?id=702285

https://bugzilla.novell.com/show_bug.cgi?id=702579

https://bugzilla.novell.com/show_bug.cgi?id=703155

https://bugzilla.novell.com/show_bug.cgi?id=704788

https://lists.opensuse.org/opensuse-updates/2011-08/msg00002.html

Plugin Details

Severity: High

ID: 75880

File Name: suse_11_4_kernel-110726.nasl

Version: 1.5

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-vmi-base-debuginfo, p-cpe:/a:novell:opensuse:preload-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-devel, cpe:/o:novell:opensuse:11.4, p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-vmi-devel, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:preload-kmp-default, p-cpe:/a:novell:opensuse:kernel-vmi-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-vmi, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:preload-kmp-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:preload-kmp-desktop, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-extra-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vmi-base, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-vmi-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace-debugsource, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-extra, p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-vmi-debugsource, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-desktop-debugsource, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 7/26/2011

Reference Information

CVE: CVE-2011-1017, CVE-2011-1020, CVE-2011-1479, CVE-2011-1593, CVE-2011-1745, CVE-2011-1927, CVE-2011-2022, CVE-2011-2182, CVE-2011-2484, CVE-2011-2491, CVE-2011-2493, CVE-2011-2495, CVE-2011-2496, CVE-2011-2498