Beschreibung: | Summary: The remote host is missing an update for the 'kernel' package(s) announced via the referenced advisory.
Vulnerability Insight: This update of the openSUSE 11.2 kernel fixes various bugs and lots of security issues.
The following security issues have been fixed: CVE-2010-4258: A local attacker could use a Oops (kernel crash) caused by other flaws to write a 0 byte to an attacker controlled address in the kernel. This could lead to privilege escalation together with other issues.
CVE-2010-4160: A overflow in sendto() and recvfrom() routines was fixed that could be used by local attackers to potentially crash the kernel using some socket families like L2TP.
CVE-2010-4157: A 32bit vs 64bit integer mismatch in gdth_ioctl_alloc could lead to memory corruption in the GDTH driver.
CVE-2010-4165: The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel did not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small value, leading to a divide-by-zero error or incorrect use of a signed integer.
CVE-2010-4164: A remote (or local) attacker communicating over X.25 could cause a kernel panic by attempting to negotiate malformed facilities.
CVE-2010-4175: A local attacker could cause memory overruns in the RDS protocol stack, potentially crashing the kernel. So far it is considered not to be exploitable.
CVE-2010-3874: A minor heap overflow in the CAN network module was fixed. Due to nature of the memory allocator it is likely not exploitable.
CVE-2010-3874: A minor heap overflow in the CAN network module was fixed. Due to nature of the memory allocator it is likely not exploitable.
CVE-2010-4158: A memory information leak in Berkeley packet filter rules allowed local attackers to read uninitialized memory of the kernel stack.
CVE-2010-4162: A local denial of service in the blockdevice layer was fixed.
CVE-2010-4163: By submitting certain I/O requests with 0 length, a local user could have caused a kernel panic.
CVE-2010-3861: The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel did not initialize a certain block of heap memory, which allowed local users to obtain potentially sensitive information via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value.
CVE-2010-3442: Multiple integer overflows in the snd_ctl_new function in sound/core/control.c in the Linux kernel allowed local users to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or (2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl ca ...
Description truncated, please see the referenced URL(s) for more information.
Vulnerability Impact: potential local privilege escalation
Affected Software/OS: kernel on openSUSE 11.2
Solution: Please install the updated packages.
CVSS Score: 7.8
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
|