Anfälligkeitssuche        Suche in 172616 CVE Beschreibungen
und 81291 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:
Kategorie:SuSE Local Security Checks
Titel:SuSE Security Advisory SUSE-SA:2008:037 (kernel)

The remote host is missing updates announced in
advisory SUSE-SA:2008:037.

The openSUSE 11.0 kernel was updated to

It fixes following security problems:
CVE-2008-2812: Various tty / serial devices did not check
function pointers for NULL before calling them, leading to potential
crashes or code execution. The devices affected are usually only
accessible by the root user though.

CVE-2008-2750: The pppol2tp_recvmsg function in drivers/net/pppol2tp.c
in the Linux kernel allows remote attackers to cause a denial of
service (kernel heap memory corruption and system crash) and possibly
have unspecified other impact via a crafted PPPOL2TP packet that
results in a large value for a certain length variable.

CVE-2008-3247: On x86_64 systems, a incorrect buffer size in LDT
handling might lead to local untrusted attackers causing a crash
of the machine or potentially execute code with kernel privileges.
This problem only affects the openSUSE 11.0 kernel, since the problem
was introduced in the 2.6.25 kernel.

The update also has lots of other bugfixes that are listed in the
RPM changelog.

We previously also released a kernel but did not
separately announce it. That update fixed the following security

CVE-2008-2372: A resource starvation issue within mmap was fixed,
which could have been used by local attackers to hang the machine.

CVE-2008-2826: A integer overflow in SCTP was fixed, which might have
been used by remote attackers to crash the machine or potentially
execute code.

Update your system with the packages as indicated in
the referenced security advisory.

Risk factor : High

CVSS Score:

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2008-2372
SuSE Security Announcement: SUSE-SA:2008:035 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:037 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:038 (Google Search)
XForce ISS Database: linux-kernel-getuserpages-dos(43550)
Common Vulnerability Exposure (CVE) ID: CVE-2008-2750
BugTraq ID: 29747
XForce ISS Database: linux-kernel-pppol2tprecvmsg-dos(43111)
Common Vulnerability Exposure (CVE) ID: CVE-2008-2812
BugTraq ID: 30076
Debian Security Information: DSA-1630 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:047 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:049 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:052 (Google Search)
SuSE Security Announcement: SUSE-SR:2008:025 (Google Search)
XForce ISS Database: kernel-tty-dos(43687)
Common Vulnerability Exposure (CVE) ID: CVE-2008-2826
BugTraq ID: 29990
XForce ISS Database: linux-kernel-sctpgetsockopt-dos(43559)
Common Vulnerability Exposure (CVE) ID: CVE-2008-3247
BugTraq ID: 30351
XForce ISS Database: linux-kernel-ldt-dos(43979)
CopyrightCopyright (c) 2008 E-Soft Inc.

Dies ist nur einer von 81291 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.