This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.SUSE_11_1_KERNEL-100107.NASLopenSUSE Security Update : kernel (kernel-1749)
The openSUSE 11.1 Kernel was updated to 2.6.27.42 fixing various bugs and security issues.
Following security issues were fixed: CVE-2009-4536: A underflow in the e1000 jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine.
CVE-2009-4538: A underflow in the e1000e jumbo ethernet frame handling could be use by link-local remote attackers to crash the machine or potentially execute code in kernel context. This requires the attacker to be able to send Jumbo Frames to the target machine.
CVE-2009-4138: drivers/firewire/ohci.c in the Linux kernel, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field.
CVE-2009-4307: The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value).
CVE-2009-4308: The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal.
CVE-2009-3939: The poll_mode_io file for the megaraid_sas driver in the Linux kernel has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
CVE-2009-4005: The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read.
CVE-2009-3080: A negative offset in a ioctl in the GDTH RAID driver was fixed.
CVE-2009-4020: Stack-based buffer overflow in the hfs subsystem in the Linux kernel allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.
For a complete list of changes, please look at the RPM changelog.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update kernel-1749.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(44034);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2009-3080", "CVE-2009-3939", "CVE-2009-4005", "CVE-2009-4020", "CVE-2009-4138", "CVE-2009-4307", "CVE-2009-4308", "CVE-2009-4536", "CVE-2009-4538");
script_name(english:"openSUSE Security Update : kernel (kernel-1749)");
script_summary(english:"Check for the kernel-1749 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"The openSUSE 11.1 Kernel was updated to 2.6.27.42 fixing various bugs
and security issues.
Following security issues were fixed: CVE-2009-4536: A underflow in
the e1000 jumbo ethernet frame handling could be use by link-local
remote attackers to crash the machine or potentially execute code in
kernel context. This requires the attacker to be able to send Jumbo
Frames to the target machine.
CVE-2009-4538: A underflow in the e1000e jumbo ethernet frame handling
could be use by link-local remote attackers to crash the machine or
potentially execute code in kernel context. This requires the attacker
to be able to send Jumbo Frames to the target machine.
CVE-2009-4138: drivers/firewire/ohci.c in the Linux kernel, when
packet-per-buffer mode is used, allows local users to cause a denial
of service (NULL pointer dereference and system crash) or possibly
have unknown other impact via an unspecified ioctl associated with
receiving an ISO packet that contains zero in the payload-length
field.
CVE-2009-4307: The ext4_fill_flex_info function in fs/ext4/super.c in
the Linux kernel allows user-assisted remote attackers to cause a
denial of service (divide-by-zero error and panic) via a malformed
ext4 filesystem containing a super block with a large FLEX_BG group
size (aka s_log_groups_per_flex value).
CVE-2009-4308: The ext4_decode_error function in fs/ext4/super.c in
the ext4 filesystem in the Linux kernel before 2.6.32 allows
user-assisted remote attackers to cause a denial of service (NULL
pointer dereference), and possibly have unspecified other impact, via
a crafted read-only filesystem that lacks a journal.
CVE-2009-3939: The poll_mode_io file for the megaraid_sas driver in
the Linux kernel has world-writable permissions, which allows local
users to change the I/O mode of the driver by modifying this file.
CVE-2009-4005: The collect_rx_frame function in
drivers/isdn/hisax/hfc_usb.c in the Linux kernel allows attackers to
have an unspecified impact via a crafted HDLC packet that arrives over
ISDN and triggers a buffer under-read.
CVE-2009-3080: A negative offset in a ioctl in the GDTH RAID driver
was fixed.
CVE-2009-4020: Stack-based buffer overflow in the hfs subsystem in the
Linux kernel allows remote attackers to have an unspecified impact via
a crafted Hierarchical File System (HFS) filesystem, related to the
hfs_readdir function in fs/hfs/dir.c.
For a complete list of changes, please look at the RPM changelog."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=479304"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=480524"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=490030"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=509066"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=515645"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=523487"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=526819"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=528811"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=535939"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=544763"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=545367"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=546449"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=547357"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=547370"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=547474"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=549567"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=552033"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=554197"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=557180"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=557668"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=557683"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=560055"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=561621"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=564374"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=564381"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=564382"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=564712"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=565267"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=566480"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=567376"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=567684"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected kernel packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_cwe_id(119, 189, 264, 399);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-debug-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-default-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-pae-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-syms");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-trace-extra");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-vanilla");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kernel-xen-extra");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1");
script_set_attribute(attribute:"patch_publication_date", value:"2010/01/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/15");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE11.1", reference:"kernel-debug-2.6.27.42-0.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kernel-debug-base-2.6.27.42-0.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kernel-debug-extra-2.6.27.42-0.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kernel-default-2.6.27.42-0.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kernel-default-base-2.6.27.42-0.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kernel-default-extra-2.6.27.42-0.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kernel-pae-2.6.27.42-0.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kernel-pae-base-2.6.27.42-0.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kernel-pae-extra-2.6.27.42-0.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kernel-source-2.6.27.42-0.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kernel-syms-2.6.27.42-0.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kernel-trace-2.6.27.42-0.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kernel-trace-base-2.6.27.42-0.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kernel-trace-extra-2.6.27.42-0.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kernel-vanilla-2.6.27.42-0.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kernel-xen-2.6.27.42-0.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kernel-xen-base-2.6.27.42-0.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.1", reference:"kernel-xen-extra-2.6.27.42-0.1.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel-debug / kernel-debug-base / kernel-debug-extra / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | 11.1 | cpe:/o:novell:opensuse:11.1 |
| novell | opensuse | kernel-debug | p-cpe:/a:novell:opensuse:kernel-debug |
| novell | opensuse | kernel-default | p-cpe:/a:novell:opensuse:kernel-default |
| novell | opensuse | kernel-pae | p-cpe:/a:novell:opensuse:kernel-pae |
| novell | opensuse | kernel-source | p-cpe:/a:novell:opensuse:kernel-source |
| novell | opensuse | kernel-syms | p-cpe:/a:novell:opensuse:kernel-syms |
| novell | opensuse | kernel-vanilla | p-cpe:/a:novell:opensuse:kernel-vanilla |
| novell | opensuse | kernel-xen | p-cpe:/a:novell:opensuse:kernel-xen |
| novell | opensuse | kernel-debug-base | p-cpe:/a:novell:opensuse:kernel-debug-base |
| novell | opensuse | kernel-debug-extra | p-cpe:/a:novell:opensuse:kernel-debug-extra |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3080
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3939
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4005
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4020
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4138
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4307
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4308
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4536
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4538
bugzilla.novell.com/show_bug.cgi?id=479304
bugzilla.novell.com/show_bug.cgi?id=480524
bugzilla.novell.com/show_bug.cgi?id=490030
bugzilla.novell.com/show_bug.cgi?id=509066
bugzilla.novell.com/show_bug.cgi?id=515645
bugzilla.novell.com/show_bug.cgi?id=523487
bugzilla.novell.com/show_bug.cgi?id=526819
bugzilla.novell.com/show_bug.cgi?id=528811
bugzilla.novell.com/show_bug.cgi?id=535939
bugzilla.novell.com/show_bug.cgi?id=544763
bugzilla.novell.com/show_bug.cgi?id=545367
bugzilla.novell.com/show_bug.cgi?id=546449
bugzilla.novell.com/show_bug.cgi?id=547357
bugzilla.novell.com/show_bug.cgi?id=547370
bugzilla.novell.com/show_bug.cgi?id=547474
bugzilla.novell.com/show_bug.cgi?id=549567
bugzilla.novell.com/show_bug.cgi?id=552033
bugzilla.novell.com/show_bug.cgi?id=554197
bugzilla.novell.com/show_bug.cgi?id=557180
bugzilla.novell.com/show_bug.cgi?id=557668
bugzilla.novell.com/show_bug.cgi?id=557683
bugzilla.novell.com/show_bug.cgi?id=560055
bugzilla.novell.com/show_bug.cgi?id=561621
bugzilla.novell.com/show_bug.cgi?id=564374
bugzilla.novell.com/show_bug.cgi?id=564381
bugzilla.novell.com/show_bug.cgi?id=564382
bugzilla.novell.com/show_bug.cgi?id=564712
bugzilla.novell.com/show_bug.cgi?id=565267
bugzilla.novell.com/show_bug.cgi?id=566480
bugzilla.novell.com/show_bug.cgi?id=567376
bugzilla.novell.com/show_bug.cgi?id=567684
Related
