Beschreibung: | Description:
The remote host is missing updates announced in advisory SUSE-SA:2007:051.
The Linux kernel in SLE 10 and SUSE Linux 10.1 was updated to fix various security issues and lots of bugs spotted after the Service Pack 1 release.
This again aligns the SUSE Linux 10.1 kernel with the SLE 10 release and for 10.1 contains kABI incompatible changes, requiring updated kernel module packages. Our KMPs shipped with SUSE Linux 10.1 were released at the same time, the NVIDIA, ATI and madwifi module owners have been advised to update their repositories too.
Following security issues were fixed: - CVE-2007-2242: The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers.
The default is that RH0 is disabled now. To adjust this, write to the file /proc/net/accept_source_route6.
- CVE-2007-2453: The random number feature in the Linux kernel 2.6 (1) did not properly seed pools when there is no entropy, or (2) used an incorrect cast when extracting entropy, which might have caused the random number generator to provide the same values after reboots on systems without an entropy source.
- CVE-2007-2876: A NULL pointer dereference in SCTP connection tracking could be caused by a remote attacker by sending specially crafted packets. Note that this requires SCTP set-up and active to be exploitable.
- CVE-2007-3105: Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wake-up threshold to a value greater than the output pool size, which triggers writing random numbers to the stack by the pool transfer function involving bound check ordering.
Since this value can only be changed by a root user, exploitability is low.
- CVE-2007-3107: The signal handling in the Linux kernel, when run on PowerPC systems using HTX, allows local users to cause a denial of service via unspecified vectors involving floating point corruption and concurrency.
- CVE-2007-2525: Memory leak in the PPP over Ethernet (PPPoE) socket implementation in the Linux kernel allowed local users to cause a denial of service (memory consumption) by creating a socket using connect, and releasing it before the PPPIOCGCHAN ioctl is initialized.
- CVE-2007-3513: The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kernel did not limit the amount of memory used by a caller, which allowed local users to cause a denial of service (memory consumption).
- CVE-2007-3851: On machines with a Intel i965 based graphics card local users with access to the direct rendering device node could overwrite memory on the machine and so gain root privileges.
Additionally a huge number of bugs were fixed. These are listed in the maintenance information links.
Solution: Update your system with the packages as indicated in the referenced security advisory.
http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2007:051
Risk factor : High
CVSS Score: 7.8
|