Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

SuSE Security Advisory SUSE-SA:2009:032 (kernel)

Information

Severity

Severity

High

Family

Family

SuSE Local Security Checks

CVSSv2 Base

CVSSv2 Base

7.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

14 years ago

Modified

Modified

6 years ago

Summary

The remote host is missing updates announced in advisory SUSE-SA:2009:032.

Insight

Insight

This Linux kernel update for SUSE Linux Enterprise 11 and openSUSE 11.1 fixes lots of bugs and some security issues. The kernel was also updated to the 2.6.27.23 stable release. Following security issues have been fixed: CVE-2009-1439: Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service (crash) or potential code execution via a long nativeFileSystem field in a Tree Connect response to an SMB mount request. This requires that kernel can be made to mount a cifs filesystem from a malicious CIFS server. CVE-2009-1337: The exit_notify function in kernel/exit.c in the Linux kernel did not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application. The GCC option -fwrapv has been added to compilation to work around potentially removing integer overflow checks. CVE-2009-1265: Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel might allow attackers to obtain sensitive information via a large length value, which causes garbage memory to be sent. CVE-2009-1242: The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka Long mode enable) bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform. CVE-2009-1360: The __inet6_check_established function in net/ipv6/inet6_hashtables.c in the Linux kernel, when Network Namespace Support (aka NET_NS) is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via vectors involving IPv6 packets. CVE-2009-1192: drivers/char/agp/generic.c in the agp subsystem in the Linux kernel does not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. Additionally a lot of bugs have been fixed and are listed in the RPM changelog.

Solution

Solution

Update your system with the packages as indicated in the referenced security advisory. https://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:032