English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75096 CVE descriptions
and 39644 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58123
Category:SuSE Local Security Checks
Title:SuSE Security Advisory SUSE-SA:2007:021 (kernel)
Summary:SuSE Security Advisory SUSE-SA:2007:021 (kernel)
Description:
The remote host is missing updates announced in
advisory SUSE-SA:2007:021.

The Linux kernel was updated to fix the security problems listed below.

This advisory is for the bugs already announced for SUSE Linux
Enterprise 10 and SUSE Linux 10.1 in SUSE-SA:2007:018.

The packages associated with this update were already released 1
week ago.

Please note that bootloader handling in openSUSE 10.2 has changed and
now creates new entries for updated kernels and make those the default.

We also had reports of the update breaking the bootloader
configuration, and apologize for the inconveniences caused. We are
investigating those problems and hope to release an update to fix
the bootloader handling code.

If you are manually adapting /boot/grub/menu.lst, please review this
file after the update.

- CVE-2006-2936: The ftdi_sio driver allowed local users to cause a
denial of service (memory consumption) by writing more data to the
serial port than the hardware can handle, which causes the data
to be queued. This requires this driver to be loaded, which only
happens if such a device is plugged in.

- CVE-2006-5751: An integer overflow in the networking bridge ioctl
starting with Kernel 2.6.7 could be used by local attackers to
overflow kernel memory buffers and potentially escalate privileges.

- CVE-2006-6106: Multiple buffer overflows in the cmtp_recv_interopmsg
function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the
Linux kernel allowed remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via CAPI messages with
a large value for the length of the (1) manu (manufacturer) or (2)
serial (serial number) field.

- CVE-2006-5749: The isdn_ppp_ccp_reset_alloc_state function in
drivers/isdn/isdn_ppp.c in the Linux kernel does not call the
init_timer function for the ISDN PPP CCP reset state timer, which
has unknown attack vectors and results in a system crash.

- CVE-2006-5753: Unspecified vulnerability in the listxattr system
call in Linux kernel, when a bad inode is present, allows local
users to cause a denial of service (data corruption) and possibly
gain privileges.

- CVE-2007-0006: The key serial number collision avoidance code in
the key_alloc_serial function allows local users to cause a denial
of service (crash) via vectors that trigger a null dereference.

- CVE-2007-0772: A remote denial of service problem on NFSv2 mounts
with ACL enabled was fixed.

Furthermore, openSUSE 10.2 catches up to the mainline kernel, version
2.6.18.8, and contains a large number of additional fixes for non
security bugs.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=SUSE-SA:2007:021

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-2936
Bugtraq: 20060717 rPSA-2006-0130-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/archive/1/440300/100/0/threaded
Debian Security Information: DSA-1184 (Google Search)
http://www.debian.org/security/2006/dsa-1184
http://www.mandriva.com/security/advisories?name=MDKSA-2006:150
http://www.mandriva.com/security/advisories?name=MDKSA-2006:151
http://www.redhat.com/support/errata/RHSA-2006-0617.html
SuSE Security Announcement: SUSE-SA:2007:018 (Google Search)
http://www.novell.com/linux/security/advisories/2007_18_kernel.html
SuSE Security Announcement: SUSE-SA:2007:021 (Google Search)
http://www.novell.com/linux/security/advisories/2007_21_kernel.html
SuSE Security Announcement: SUSE-SA:2007:030 (Google Search)
http://www.novell.com/linux/security/advisories/2007_30_kernel.html
SuSE Security Announcement: SUSE-SA:2007:035 (Google Search)
http://www.novell.com/linux/security/advisories/2007_35_kernel.html
http://www.ubuntu.com/usn/usn-331-1
http://www.ubuntu.com/usn/usn-346-1
BugTraq ID: 19033
http://www.securityfocus.com/bid/19033
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10265
http://www.vupen.com/english/advisories/2006/2841
http://www.osvdb.org/27119
http://secunia.com/advisories/20703
http://secunia.com/advisories/21057
http://secunia.com/advisories/21298
http://secunia.com/advisories/21605
http://secunia.com/advisories/21614
http://secunia.com/advisories/22093
http://secunia.com/advisories/22174
http://secunia.com/advisories/21934
http://secunia.com/advisories/24547
http://secunia.com/advisories/25683
http://secunia.com/advisories/25226
XForce ISS Database: linux-ftdi-sio-dos(27807)
http://xforce.iss.net/xforce/xfdb/27807
Common Vulnerability Exposure (CVE) ID: CVE-2006-5749
Bugtraq: 20070615 rPSA-2007-0124-1 kernel xen (Google Search)
http://www.securityfocus.com/archive/1/471457
http://www.mandriva.com/security/advisories?name=MDKSA-2007:012
http://www.mandriva.com/security/advisories?name=MDKSA-2007:025
http://www.mandriva.com/security/advisories?name=MDKSA-2007:040
http://www.trustix.org/errata/2007/0002/
http://www.ubuntu.com/usn/usn-416-1
BugTraq ID: 21835
http://www.securityfocus.com/bid/21835
BugTraq ID: 21883
http://www.securityfocus.com/bid/21883
http://secunia.com/advisories/23529
http://secunia.com/advisories/23609
http://secunia.com/advisories/23752
http://secunia.com/advisories/24100
http://secunia.com/advisories/24098
http://secunia.com/advisories/25691
Common Vulnerability Exposure (CVE) ID: CVE-2006-5751
Bugtraq: 20061206 rPSA-2006-0226-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/archive/1/453681/100/0/threaded
http://projects.info-pull.com/mokb/MOKB-29-11-2006.html
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blobdiff;h=4c61a7e0a86e1ae9e16867f9f8e4b0412b8edbaf;hp=4e4119a1213925568b8a1acdef9bf52b98b19da3;hb=ba8379b220509e9448c00a77cf6c15ac2a559cc7;f=net/bridge/br_ioctl.c
Debian Security Information: DSA-1233 (Google Search)
http://www.us.debian.org/security/2006/dsa-1233
http://www.mandriva.com/security/advisories?name=MDKSA-2007:002
RedHat Security Advisories: RHSA-2007:0014
http://rhn.redhat.com/errata/RHSA-2007-0014.html
SuSE Security Announcement: SUSE-SA:2006:079 (Google Search)
http://www.novell.com/linux/security/advisories/2006_79_kernel.html
http://www.ubuntu.com/usn/usn-395-1
BugTraq ID: 21353
http://www.securityfocus.com/bid/21353
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10151
http://www.vupen.com/english/advisories/2006/4781
http://secunia.com/advisories/23252
http://secunia.com/advisories/23370
http://secunia.com/advisories/23384
http://secunia.com/advisories/23593
http://secunia.com/advisories/23997
http://secunia.com/advisories/24206
http://secunia.com/advisories/23474
XForce ISS Database: linux-getfdbentries-integer-overflow(30588)
http://xforce.iss.net/xforce/xfdb/30588
Common Vulnerability Exposure (CVE) ID: CVE-2006-5753
http://lkml.org/lkml/2007/1/3/150
Debian Security Information: DSA-1304 (Google Search)
http://www.debian.org/security/2007/dsa-1304
Debian Security Information: DSA-1503 (Google Search)
http://www.debian.org/security/2008/dsa-1503
http://fedoranews.org/cms/node/2739
http://fedoranews.org/cms/node/2740
http://www.mandriva.com/security/advisories?name=MDKSA-2007:060
BugTraq ID: 22316
http://www.securityfocus.com/bid/22316
http://osvdb.org/33020
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9371
http://secunia.com/advisories/23955
http://secunia.com/advisories/24400
http://secunia.com/advisories/24429
http://secunia.com/advisories/24482
http://secunia.com/advisories/25714
http://secunia.com/advisories/29058
Common Vulnerability Exposure (CVE) ID: CVE-2006-6106
Bugtraq: 20070209 rPSA-2007-0031-1 kernel (Google Search)
http://www.securityfocus.com/archive/1/archive/1/459615/100/0/threaded
http://marc.theaimsgroup.com/?l=linux-kernel&m=116614741607528&w=2
http://marc.theaimsgroup.com/?l=linux-kernel&m=116648929829440&w=2
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218602
SuSE Security Announcement: SUSE-SA:2007:053 (Google Search)
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
BugTraq ID: 21604
http://www.securityfocus.com/bid/21604
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10891
http://www.vupen.com/english/advisories/2006/5037
http://secunia.com/advisories/23408
http://secunia.com/advisories/23427
http://secunia.com/advisories/24105
http://secunia.com/advisories/27227
XForce ISS Database: kernel-cmtprecvinteropmsg-bo(30912)
http://xforce.iss.net/xforce/xfdb/30912
Common Vulnerability Exposure (CVE) ID: CVE-2007-0006
http://www.mandriva.com/security/advisories?name=MDKSA-2007:047
http://www.redhat.com/support/errata/RHSA-2007-0085.html
http://www.redhat.com/support/errata/RHSA-2007-0099.html
http://www.ubuntu.com/usn/usn-451-1
BugTraq ID: 22539
http://www.securityfocus.com/bid/22539
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9829
http://secunia.com/advisories/24109
http://secunia.com/advisories/24259
http://secunia.com/advisories/24300
http://secunia.com/advisories/24752
Common Vulnerability Exposure (CVE) ID: CVE-2007-0772
http://www.mandriva.com/security/advisories?name=MDKSA-2007:078
BugTraq ID: 22625
http://www.securityfocus.com/bid/22625
http://www.vupen.com/english/advisories/2007/0660
http://osvdb.org/33022
http://secunia.com/advisories/24215
http://secunia.com/advisories/24201
http://secunia.com/advisories/24777
XForce ISS Database: kernel-nfsaclsvc-dos(32578)
http://xforce.iss.net/xforce/xfdb/32578
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 39644 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.