| Beschreibung: | Description:
The remote host is missing updates announced in
advisory SUSE-SA:2007:043.
The SUSE Linux 10.0 and openSUSE 10.2 have been updated to fix various
security problems.
Please note that the SUSE Linux 10.0 has been released some weeks ago.
The SUSE Linux 10.1 is affected by some of those problems but will
be updated in some weeks to merge back with the SLE10 Service Pack
1 kernel.
- CVE-2007-1357: A denial of service problem against the AppleTalk
protocol was fixed. A remote attacker in the same AppleTalk
network segment could cause the machine to crash if it has AppleTalk
protocol loaded.
- CVE-2007-1861: The nl_fib_lookup function in net/ipv4/fib_frontend.c
allows attackers to cause a denial of service (kernel panic) via
NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and
a stack overflow.
- CVE-2007-1496: nfnetlink_log in netfilter allows attackers to cause
a denial of service (crash) via unspecified vectors involving the
(1) nfulnl_recv_config function, (2) using multiple packets per
netlink message, and (3) bridged packets, which trigger a NULL
pointer dereference.
- CVE-2007-1497: nf_conntrack in netfilter does not set nfctinfo
during reassembly of fragmented packets, which leaves the default
value as IP_CT_ESTABLISHED and might allow remote attackers to
bypass certain rulesets using IPv6 fragments.
Please note that the connection tracking option for IPv6 is not
enabled in any currently shipping SUSE Linux kernel, so it does
not affect SUSE Linux default kernels.
- CVE-2007-1592: A local user could affect a double-free of a ipv6
structure potentially causing a local denial of service attack.
- CVE-2006-7203: The compat_sys_mount function in fs/compat.c allows
local users to cause a denial of service (NULL pointer dereference
and oops) by mounting a smbfs file system in compatibility mode
(mount -t smbfs).
- CVE-2007-2453: Seeding of the kernel random generator on boot did
not work correctly due to a programming mistake and so the kernel
might have more predictable random numbers than assured.
- CVE-2007-2876: A NULL pointer dereference in SCTP connection
tracking could be caused by a remote attacker by sending specially
crafted packets.
Note that this requires SCTP set-up and active to be exploitable.
Also some non-security bugs were fixed.
Solution:
Update your system with the packages as indicated in
the referenced security advisory.
http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2007:043
Risk factor : High
CVSS Score:
7.8
|
