Beschreibung: | Description:
The remote host is missing updates announced in advisory SUSE-SA:2008:030.
The Linux kernel update was updated on openSUSE 10.2 and 10.3 to fix the following security problems:
CVE-2008-2136: A problem in SIT IPv6 tunnel handling could be used by remote attackers to immediately crash the machine.
CVE-2007-6282: A remote attacker could crash the IPSec/IPv6 stack by sending a bad ESP packet. This requires the host to be able to receive such packets (default filtered by the firewall).
CVE-2007-5904: A remote buffer overflow in CIFS was fixed which could potentially be used by remote attackers to crash the machine or potentially execute code.
CVE-2008-1615: On x86_64 a denial of service attack could be used by local attackers to immediately panic / crash the machine.
CVE-2008-2358: A security problem in DCCP was fixed, which could be used by remote attackers to crash the machine. Only a fix for openSUSE 10.2 was necessary.
CVE-2008-2148: The permission checking in sys_utimensat was incorrect and local attackers could change the file times of files they do not own to the current time.
CVE-2007-6206: An information leakage during core dumping of root processes was fixed. This problem was already fixed for openSUSE 10.3 previously and was now fixed for openSUSE 10.2.
CVE-2007-6712: A integer overflow in the hrtimer_forward function (hrtimer.c) in Linux kernel, when running on 64-bit systems, allows local users to cause a denial of service (infinite loop) via a timer with a large expiry value, which causes the timer to always be expired.
CVE-2008-1669: Fixed a SMP ordering problem in fcntl_setlk could potentially allow local attackers to execute code by timing file locking.
CVE-2008-1367: Clear the direction flag before calling signal handlers. For specific not yet identified programs under specific timing conditions this could potentially have caused memory corruption or code execution.
CVE-2008-1375: Fixed a dnotify race condition, which could be used by local attackers to potentially execute code.
CVE-2007-5500: A ptrace bug could be used by local attackers to hang their own processes indefinitely.
Also various non security bugs were fixed, please see the RPM changelogs. Solution: Update your system with the packages as indicated in the referenced security advisory.
http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2008:030
Risk factor : High
CVSS Score: 7.8
|