The openSUSE 11.0 kernel was updated to 2.6.25.9.
It fixes two security problems: CVE-2008-2372: A resource starvation issue within mmap was fixed, which could have been used by local attackers to hang the machine.
CVE-2008-2826: A integer overflow in SCTP was fixed, which might have been used by remote attackers to crash the machine or potentially execute code.
The update also has lots of other bugfixes that are listed in the RPM changelog.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update kernel-67.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(40007);
script_version("1.12");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2008-2372", "CVE-2008-2826");
script_name(english:"openSUSE Security Update : kernel (kernel-67)");
script_summary(english:"Check for the kernel-67 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"The openSUSE 11.0 kernel was updated to 2.6.25.9.
It fixes two security problems: CVE-2008-2372: A resource starvation
issue within mmap was fixed, which could have been used by local
attackers to hang the machine.
CVE-2008-2826: A integer overflow in SCTP was fixed, which might have
been used by remote attackers to crash the machine or potentially
execute code.
The update also has lots of other bugfixes that are listed in the RPM
changelog."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=300001"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=333043"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=351119"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=369558"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=374637"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=389656"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=390384"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=394566"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=396129"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=396311"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=397097"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=398270"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=398370"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=398573"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=400728"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=400729"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=400730"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=402607"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=402608"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=402612"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected kernel packages."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
script_cwe_id(20, 189);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-rt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0");
script_set_attribute(attribute:"patch_publication_date", value:"2008/06/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE11.0", reference:"kernel-debug-2.6.25.9-0.2") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"kernel-default-2.6.25.9-0.2") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"kernel-pae-2.6.25.9-0.2") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"kernel-rt-2.6.25.9-0.2") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"kernel-source-2.6.25.9-0.2") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"kernel-syms-2.6.25.9-0.2") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"kernel-vanilla-2.6.25.9-0.2") ) flag++;
if ( rpm_check(release:"SUSE11.0", reference:"kernel-xen-2.6.25.9-0.2") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-debug / kernel-default / kernel-pae / kernel-rt / etc");
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | opensuse | kernel-debug | p-cpe:/a:novell:opensuse:kernel-debug |
novell | opensuse | kernel-default | p-cpe:/a:novell:opensuse:kernel-default |
novell | opensuse | kernel-pae | p-cpe:/a:novell:opensuse:kernel-pae |
novell | opensuse | kernel-rt | p-cpe:/a:novell:opensuse:kernel-rt |
novell | opensuse | kernel-source | p-cpe:/a:novell:opensuse:kernel-source |
novell | opensuse | kernel-syms | p-cpe:/a:novell:opensuse:kernel-syms |
novell | opensuse | kernel-vanilla | p-cpe:/a:novell:opensuse:kernel-vanilla |
novell | opensuse | kernel-xen | p-cpe:/a:novell:opensuse:kernel-xen |
novell | opensuse | 11.0 | cpe:/o:novell:opensuse:11.0 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2372
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2826
bugzilla.novell.com/show_bug.cgi?id=300001
bugzilla.novell.com/show_bug.cgi?id=333043
bugzilla.novell.com/show_bug.cgi?id=351119
bugzilla.novell.com/show_bug.cgi?id=369558
bugzilla.novell.com/show_bug.cgi?id=374637
bugzilla.novell.com/show_bug.cgi?id=389656
bugzilla.novell.com/show_bug.cgi?id=390384
bugzilla.novell.com/show_bug.cgi?id=394566
bugzilla.novell.com/show_bug.cgi?id=396129
bugzilla.novell.com/show_bug.cgi?id=396311
bugzilla.novell.com/show_bug.cgi?id=397097
bugzilla.novell.com/show_bug.cgi?id=398270
bugzilla.novell.com/show_bug.cgi?id=398370
bugzilla.novell.com/show_bug.cgi?id=398573
bugzilla.novell.com/show_bug.cgi?id=400728
bugzilla.novell.com/show_bug.cgi?id=400729
bugzilla.novell.com/show_bug.cgi?id=400730
bugzilla.novell.com/show_bug.cgi?id=402607
bugzilla.novell.com/show_bug.cgi?id=402608
bugzilla.novell.com/show_bug.cgi?id=402612