This kernel update for SUSE Linux Enterprise 10 Service Pack 2 fixes various bugs and some security problems :

  - When creating a file, open()/creat() allowed the setgid     bit to be set via the mode argument even when, due to     the bsdgroups mount option or the file being created in     a setgid directory, the new file's group is one which     the user is not a member of. The local attacker could     then use ftruncate() and memory-mapped I/O to turn the     new file into an arbitrary binary and thus gain the     privileges of this group, since these operations do not     clear the setgid bit.'. (CVE-2008-4210)

  - The ext[234] filesystem code fails to properly handle     corrupted data structures. With a mounted filesystem     image or partition that have corrupted dir->i_size and     dir->i_blocks, a user performing either a read or write     operation on the mounted image or partition can lead to     a possible denial of service by spamming the logfile.
    (CVE-2008-3528)

  - The S/390 ptrace code allowed local users to cause a     denial of service (kernel panic) via the     user-area-padding test from the ptrace testsuite in     31-bit mode, which triggers an invalid dereference.
    (CVE-2008-1514)

  - fs/direct-io.c in the dio subsystem in the Linux kernel     did not properly zero out the dio struct, which allows     local users to cause a denial of service (OOPS), as     demonstrated by a certain fio test. (CVE-2007-6716)

  - Added missing capability checks in sbni_ioctl().
    (CVE-2008-3525)

Also OCFS2 was updated to version v1.4.1-1.

The full amount of changes can be reviewed in the RPM changelog.

- a flaw was found in the Linux kernel's Direct-IO     implementation. This could have allowed a local     unprivileged user to cause a denial of service.
    (CVE-2007-6716, Important)

  - when running ptrace in 31-bit mode on an IBM S/390 or     IBM System z kernel, a local unprivileged user could     cause a denial of service by reading from or writing     into a padding area in the user_regs_struct32 structure.
    (CVE-2008-1514, Important)

  - the do_truncate() and generic_file_splice_write()     functions did not clear the setuid and setgid bits. This     could have allowed a local unprivileged user to obtain     access to privileged information. (CVE-2008-4210,     Important)

  - Tobias Klein reported a missing check in the Linux     kernel's Open Sound System (OSS) implementation. This     deficiency could have led to an information leak.
    (CVE-2008-3272, Moderate)

  - a potential denial of service attack was discovered in     the Linux kernel's PWC USB video driver. A local     unprivileged user could have used this flaw to bring the     kernel USB subsystem into the busy-waiting state.
    (CVE-2007-5093, Low)

  - the ext2 and ext3 file systems code failed to properly     handle corrupted data structures, leading to a possible     local denial of service issue when read or write     operations were performed. (CVE-2008-3528, Low)

In addition, these updated packages fix the following bugs :

  - when using the CIFS 'forcedirectio' option, appending to     an open file on a CIFS share resulted in that file being     overwritten with the data to be appended.

  - a kernel panic occurred when a device with PCI ID     8086:10c8 was present on a system with a loaded ixgbe     driver.

  - due to an aacraid driver regression, the kernel failed     to boot when trying to load the aacraid driver and     printed the following error message: 'aac_srb:
    aac_fib_send failed with status: 8195'.

  - due to an mpt driver regression, when RAID 1 was     configured on Primergy systems with an LSI SCSI IME     53C1020/1030 controller, the kernel panicked during     boot.

  - the mpt driver produced a large number of extraneous     debugging messages when performing a 'Host reset'     operation.

  - due to a regression in the sym driver, the kernel     panicked when a SCSI hot swap was performed using MCP18     hardware.

  - all cores on a multi-core system now scale their     frequencies in accordance with the policy set by the     system's CPU frequency governor.

  - the netdump subsystem suffered from several stability     issues. These are addressed in this updated kernel.

  - under certain conditions, the ext3 file system reported     a negative count of used blocks.

  - reading /proc/self/mem incorrectly returned 'Invalid     argument' instead of 'input/output error' due to a     regression.

  - under certain conditions, the kernel panicked when a USB     device was removed while the system was busy accessing     the device.

  - a race condition in the kernel could have led to a     kernel crash during the creation of a new process.

Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

* a flaw was found in the Linux kernel's Direct-IO implementation.
This could have allowed a local unprivileged user to cause a denial of service. (CVE-2007-6716, Important)

* when running ptrace in 31-bit mode on an IBM S/390 or IBM System z kernel, a local unprivileged user could cause a denial of service by reading from or writing into a padding area in the user_regs_struct32 structure. (CVE-2008-1514, Important)

* the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could have allowed a local unprivileged user to obtain access to privileged information.
(CVE-2008-4210, Important)

* Tobias Klein reported a missing check in the Linux kernel's Open Sound System (OSS) implementation. This deficiency could have led to an information leak. (CVE-2008-3272, Moderate)

* a potential denial of service attack was discovered in the Linux kernel's PWC USB video driver. A local unprivileged user could have used this flaw to bring the kernel USB subsystem into the busy-waiting state. (CVE-2007-5093, Low)

* the ext2 and ext3 file systems code failed to properly handle corrupted data structures, leading to a possible local denial of service issue when read or write operations were performed.
(CVE-2008-3528, Low)

In addition, these updated packages fix the following bugs :

* when using the CIFS 'forcedirectio' option, appending to an open file on a CIFS share resulted in that file being overwritten with the data to be appended.

* a kernel panic occurred when a device with PCI ID 8086:10c8 was present on a system with a loaded ixgbe driver.

* due to an aacraid driver regression, the kernel failed to boot when trying to load the aacraid driver and printed the following error message: 'aac_srb: aac_fib_send failed with status: 8195'.

* due to an mpt driver regression, when RAID 1 was configured on Primergy systems with an LSI SCSI IME 53C1020/1030 controller, the kernel panicked during boot.

* the mpt driver produced a large number of extraneous debugging messages when performing a 'Host reset' operation.

* due to a regression in the sym driver, the kernel panicked when a SCSI hot swap was performed using MCP18 hardware.

* all cores on a multi-core system now scale their frequencies in accordance with the policy set by the system's CPU frequency governor.

* the netdump subsystem suffered from several stability issues. These are addressed in this updated kernel.

* under certain conditions, the ext3 file system reported a negative count of used blocks.

* reading /proc/self/mem incorrectly returned 'Invalid argument' instead of 'input/output error' due to a regression.

* under certain conditions, the kernel panicked when a USB device was removed while the system was busy accessing the device.

* a race condition in the kernel could have led to a kernel crash during the creation of a new process.

All Red Hat Enterprise Linux 4 Users should upgrade to these updated packages, which contain backported patches to correct these issues.

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2008:0972 advisory.

  - kernel PWC driver DoS (CVE-2007-5093)

  - kernel: dio: zero struct dio with kzalloc instead of manually (CVE-2007-6716)

  - kernel: ptrace: Padding area write - unprivileged kernel crash (CVE-2008-1514)

  - kernel snd_seq_oss_synth_make_info leak (CVE-2008-3272)

  - Linux kernel ext[234] directory corruption denial of service (CVE-2008-3528)

  - kernel: open() call allows setgid bit when user is not in new file's group (CVE-2008-4210)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, privilege escalation or a leak of sensitive data. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2008-1514     Jan Kratochvil reported a local denial of service     vulnerability in the ptrace interface for the s390     architecture. Local users can trigger an invalid pointer     dereference, leading to a system panic.

  - CVE-2008-3525     Eugene Teo reported a lack of capability checks in the     kernel driver for Granch SBNI12 leased line adapters     (sbni), allowing local users to perform privileged     operations.

  - CVE-2008-3831     Olaf Kirch discovered an issue with the i915 driver that     may allow local users to cause memory corruption by use     of an ioctl with insufficient privilege restrictions.

  - CVE-2008-4113/ CVE-2008-4445     Eugene Teo discovered two issues in the SCTP subsystem     which allow local users to obtain access to sensitive     memory when the SCTP-AUTH extension is enabled.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2007-6716     Joe Jin reported a local denial of service vulnerability     that allows system users to trigger an oops due to an     improperly initialized data structure.

  - CVE-2008-1514     Jan Kratochvil reported a local denial of service     vulnerability in the ptrace interface for the s390     architecture. Local users can trigger an invalid pointer     dereference, leading to a system panic.

  - CVE-2008-3276     Eugene Teo reported an integer overflow in the DCCP     subsystem that may allow remote attackers to cause a     denial of service in the form of a kernel panic.

  - CVE-2008-3525     Eugene Teo reported a lack of capability checks in the     kernel driver for Granch SBNI12 leased line adapters     (sbni), allowing local users to perform privileged     operations.

  - CVE-2008-3833     The S_ISUID/S_ISGID bits were not being cleared during     an inode splice, which, under certain conditions, can be     exploited by local users to obtain the privileges of a     group for which they are not a member. Mark Fasheh     reported this issue.

  - CVE-2008-4210     David Watson reported an issue in the open()/creat()     system calls which, under certain conditions, can be     exploited by local users to obtain the privileges of a     group for which they are not a member.

  - CVE-2008-4302     A coding error in the splice subsystem allows local     users to attempt to unlock a page structure that has not     been locked, resulting in a system crash.

From Red Hat Security Advisory 2008:0972 :

Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

* a flaw was found in the Linux kernel's Direct-IO implementation.
This could have allowed a local unprivileged user to cause a denial of service. (CVE-2007-6716, Important)

* when running ptrace in 31-bit mode on an IBM S/390 or IBM System z kernel, a local unprivileged user could cause a denial of service by reading from or writing into a padding area in the user_regs_struct32 structure. (CVE-2008-1514, Important)

* the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could have allowed a local unprivileged user to obtain access to privileged information.
(CVE-2008-4210, Important)

* Tobias Klein reported a missing check in the Linux kernel's Open Sound System (OSS) implementation. This deficiency could have led to an information leak. (CVE-2008-3272, Moderate)

* a potential denial of service attack was discovered in the Linux kernel's PWC USB video driver. A local unprivileged user could have used this flaw to bring the kernel USB subsystem into the busy-waiting state. (CVE-2007-5093, Low)

* the ext2 and ext3 file systems code failed to properly handle corrupted data structures, leading to a possible local denial of service issue when read or write operations were performed.
(CVE-2008-3528, Low)

In addition, these updated packages fix the following bugs :

* when using the CIFS 'forcedirectio' option, appending to an open file on a CIFS share resulted in that file being overwritten with the data to be appended.

* a kernel panic occurred when a device with PCI ID 8086:10c8 was present on a system with a loaded ixgbe driver.

* due to an aacraid driver regression, the kernel failed to boot when trying to load the aacraid driver and printed the following error message: 'aac_srb: aac_fib_send failed with status: 8195'.

* due to an mpt driver regression, when RAID 1 was configured on Primergy systems with an LSI SCSI IME 53C1020/1030 controller, the kernel panicked during boot.

* the mpt driver produced a large number of extraneous debugging messages when performing a 'Host reset' operation.

* due to a regression in the sym driver, the kernel panicked when a SCSI hot swap was performed using MCP18 hardware.

* all cores on a multi-core system now scale their frequencies in accordance with the policy set by the system's CPU frequency governor.

* the netdump subsystem suffered from several stability issues. These are addressed in this updated kernel.

* under certain conditions, the ext3 file system reported a negative count of used blocks.

* reading /proc/self/mem incorrectly returned 'Invalid argument' instead of 'input/output error' due to a regression.

* under certain conditions, the kernel panicked when a USB device was removed while the system was busy accessing the device.

* a race condition in the kernel could have led to a kernel crash during the creation of a new process.

All Red Hat Enterprise Linux 4 Users should upgrade to these updated packages, which contain backported patches to correct these issues.

The remote CentOS system is missing a security update which has been documented in Red Hat advisory RHSA-2008-0972.

ID	Name	Product	Family	Published	Updated	Severity
59132	SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5667)	Nessus	SuSE Local Security Checks	5/17/2012	1/14/2021	high
60497	Scientific Linux Security Update : kernel on SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	8/1/2012	1/14/2021	medium
37341	CentOS 4 : kernel (CESA-2008:0972)	Nessus	CentOS Local Security Checks	4/23/2009	1/4/2021	medium
34841	RHEL 4 : kernel (RHSA-2008:0972)	Nessus	Red Hat Local Security Checks	11/21/2008	4/21/2024	medium
41535	SuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5668)	Nessus	SuSE Local Security Checks	9/24/2009	1/14/2021	high
34444	Debian DSA-1655-1 : linux-2.6.24 - denial of service/information leak/privilege escalation	Nessus	Debian Local Security Checks	10/20/2008	1/4/2021	high
34392	Debian DSA-1653-1 : linux-2.6 - denial of service/privilege escalation	Nessus	Debian Local Security Checks	10/14/2008	1/4/2021	high
67762	Oracle Linux 4 : kernel (ELSA-2008-0972)	Nessus	Oracle Linux Local Security Checks	7/12/2013	8/24/2021	medium
801459	CentOS RHSA-2008-0972 Security Check	Log Correlation Engine	Generic			high

Detections

Analytics

Plugins Search

high

medium

medium

medium

high

high

high

medium

high