Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> SuSE Local Security Checks >> SUSE-SA:2005:003: kernel


Vulnerability Assessment Details

SUSE-SA:2005:003: kernel

Vulnerability Assessment Summary
Check for the version of the kernel package

Detailed Explanation for this Vulnerability Assessment

The remote host is missing the patch for the advisory SUSE-SA:2005:003 (kernel).



Several exploitable security problems were identified and fixed in
the Linux kernel, the core of every SUSE Linux product.


- Due to missing locking in the sys_uselib system call a local attacker
can gain root access. This was found by Paul Starzetz and is tracked
by the Mitre CVE ID CVE-2004-1235.


- Paul Starzetz also found a race condition in SMP page table handling
which could lead to a local attacker gaining root access on SMP
machines. This is tracked by the Mitre CVE ID CVE-2005-0001.


- A local denial of service was found in the auditing subsystem which
have lead a local attacker crashing the machine. This was reported
and fixed by Redhat.


- The sendmsg / cmsg fix from the previous kernel update was faulty
on 64bit systems with 32bit compatibility layer and could lead to
32bit applications not working correctly on those 64bit systems.


- The smbfs security fixes from a before-previous kernel update were
faulty for some file write cases.


- A local denial of service with Direct I/O access to NFS file systems
could lead a local attacker to crash a machine with NFS mounts.


- grsecurity reported a signed integer problem in the SCSI ioctl
handling which had a missing boundary check.
Due to C language specifics, this evaluation was not correct and
there actually is no problem in this code.
The signed / unsigned mismatch was fixed nevertheless.


- Several more small non security problems were fixed.


NOTE: Two days ago we released the Service Pack 1 for the SUSE Linux
Enterprise Server 9. This kernel update contains fixes for the SUSE
Linux Enterprise Server 9 GA version kernel line.

A fix for the Service Pack 1 version line will be available shortly.



Solution : http://www.suse.de/security/advisories/2005_03_kernel.html
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Tenable Network Security

Cables, Connectors


 Intel Core i7-14700F DESKTOP processor TURBO Boost 5.40Ghz SRN3Z CM807150482 picture

Intel Core i7-14700F DESKTOP processor TURBO Boost 5.40Ghz SRN3Z CM807150482

$216.75



Intel Core i5-12600K Processor (12th Gen) 10-Core 4.9 GHz LGA1700 BX8071512600K picture

Intel Core i5-12600K Processor (12th Gen) 10-Core 4.9 GHz LGA1700 BX8071512600K

$153.99



Intel Core i9-14900KF Unlocked Desktop Processor picture

Intel Core i9-14900KF Unlocked Desktop Processor

$419.99



Intel Core i7-12700KF Unlocked Desktop Processor - 12 Cores And 20 Threads picture

Intel Core i7-12700KF Unlocked Desktop Processor - 12 Cores And 20 Threads

$179.99



AMD RYZEN 5 PRO 3400GE 4-Core 3.7 GHz (4.2 GHz Max Boost) Socket AM4 35W CPU picture

AMD RYZEN 5 PRO 3400GE 4-Core 3.7 GHz (4.2 GHz Max Boost) Socket AM4 35W CPU

$33.99



(New) AMD Ryzen 7 5700X 8-Core 16-Thread Socket AM4 CPU Processor OEM Tray picture

(New) AMD Ryzen 7 5700X 8-Core 16-Thread Socket AM4 CPU Processor OEM Tray

$124.99



Intel® Core™ i7-9700 Processor 12M Cache, up to 4.70 GHz picture

Intel® Core™ i7-9700 Processor 12M Cache, up to 4.70 GHz

$109.95



Intel Core i9-14900KF Desktop Processor picture

Intel Core i9-14900KF Desktop Processor

$250.00



Intel Xeon Gold 5218 2.30GHz 16 Core 22MB 125W FCLGA3647 CPU SRF8T picture

Intel Xeon Gold 5218 2.30GHz 16 Core 22MB 125W FCLGA3647 CPU SRF8T

$54.99



Intel Xeon X5690 / SLBVX 3.46GHz 12MB 6-Core Processor LGA1366 picture

Intel Xeon X5690 / SLBVX 3.46GHz 12MB 6-Core Processor LGA1366

$44.99



Discussions

No Discussions have been posted on this vulnerability.