| Beschreibung: | Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the referenced advisory.
Vulnerability Insight:
This update of the openSUSE 11.2 kernel fixes various bugs
and lots of security issues.
The following security issues have been fixed:
CVE-2010-4258: A local attacker could use a Oops (kernel crash) caused
by other flaws to write a 0 byte to an attacker controlled address in the
kernel. This could lead to privilege escalation together with other issues.
CVE-2010-4160: A overflow in sendto() and recvfrom() routines was fixed
that could be used by local attackers to potentially crash the kernel
using some socket families like L2TP.
CVE-2010-4157: A 32bit vs 64bit integer mismatch in gdth_ioctl_alloc
could lead to memory corruption in the GDTH driver.
CVE-2010-4165: The do_tcp_setsockopt function in net/ipv4/tcp.c in the
Linux kernel did not properly restrict TCP_MAXSEG (aka MSS) values, which
allows local users to cause a denial of service (OOPS) via a setsockopt
call that specifies a small value, leading to a divide-by-zero error or
incorrect use of a signed integer.
CVE-2010-4164: A remote (or local) attacker communicating over X.25
could cause a kernel panic by attempting to negotiate malformed
facilities.
CVE-2010-4175: A local attacker could cause memory overruns in the RDS
protocol stack, potentially crashing the kernel. So far it is considered
not to be exploitable.
CVE-2010-3874: A minor heap overflow in the CAN network module was fixed.
Due to nature of the memory allocator it is likely not exploitable.
CVE-2010-3874: A minor heap overflow in the CAN network module was fixed.
Due to nature of the memory allocator it is likely not exploitable.
CVE-2010-4158: A memory information leak in Berkeley packet filter rules
allowed local attackers to read uninitialized memory of the kernel stack.
CVE-2010-4162: A local denial of service in the blockdevice layer was fixed.
CVE-2010-4163: By submitting certain I/O requests with 0 length, a local
user could have caused a kernel panic.
CVE-2010-3861: The ethtool_get_rxnfc function in net/core/ethtool.c
in the Linux kernel did not initialize a certain block of heap memory,
which allowed local users to obtain potentially sensitive information via
an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value.
CVE-2010-3442: Multiple integer overflows in the snd_ctl_new function
in sound/core/control.c in the Linux kernel allowed local users to
cause a denial of service (heap memory corruption) or possibly have
unspecified other impact via a crafted (1) SNDRV_CTL_IOCTL_ELEM_ADD or
(2) SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl ca ...
Description truncated, please see the referenced URL(s) for more information.
Vulnerability Impact:
potential local privilege escalation
Affected Software/OS:
kernel on openSUSE 11.2
Solution:
Please install the updated packages.
CVSS Score:
7.8
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
