Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2013.1474.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2013:1474-1)
Summary:The remote host is missing an update for the 'Linux kernel' package(s) announced via the SUSE-SU-2013:1474-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux kernel' package(s) announced via the SUSE-SU-2013:1474-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 11 Service Pack 2 kernel has been updated to version 3.0.93 and includes various bug and security fixes.

The following security bugs have been fixed:

*

CVE-2013-2148: The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor.

*

CVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.

*

CVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel allowed local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface.

*

CVE-2013-2234: The (1) key_notify_sa_flush and (2)
key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel did not initialize certain structure members, which allowed local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket.

*

CVE-2013-4162: The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel made an incorrect function call for pending data, which allowed local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.

*

CVE-2013-1059: net/ceph/auth_none.c in the Linux kernel allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an auth_reply message that triggers an attempted build_request operation.

*

CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive.

*

CVE-2013-2851: Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging root access and writing format string specifiers to
/sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name.

*

CVE-2013-4163: The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel did not properly maintain information about whether the IPV6_MTU setsockopt option had been specified,
which allowed local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.

*

CVE-2013-1929: Heap-ba... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux kernel' package(s) on SUSE Linux Enterprise Server 11 SP2, SUSE Linux Enterprise High Availability Extension 11 SP2, SUSE Linux Enterprise Desktop 11 SP2, SLE 11

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-1059
http://hkpco.kr/advisory/CVE-2013-1059.txt
http://www.openwall.com/lists/oss-security/2013/07/09/7
SuSE Security Announcement: SUSE-SU-2013:1161 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00012.html
SuSE Security Announcement: SUSE-SU-2013:1473 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html
SuSE Security Announcement: SUSE-SU-2013:1474 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html
SuSE Security Announcement: openSUSE-SU-2013:1971 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html
http://www.ubuntu.com/usn/USN-1941-1
http://www.ubuntu.com/usn/USN-1942-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1774
http://xorl.wordpress.com/2013/05/18/cve-2013-1774-linux-kernel-edgeport-usb-serial-converter-null-pointer-dereference/
http://www.openwall.com/lists/oss-security/2013/02/27/29
RedHat Security Advisories: RHSA-2013:0744
http://rhn.redhat.com/errata/RHSA-2013-0744.html
SuSE Security Announcement: SUSE-SU-2013:1182 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html
SuSE Security Announcement: openSUSE-SU-2013:0847 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html
SuSE Security Announcement: openSUSE-SU-2013:0925 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
http://www.ubuntu.com/usn/USN-1805-1
http://www.ubuntu.com/usn/USN-1808-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1819
http://www.openwall.com/lists/oss-security/2013/03/05/10
http://www.ubuntu.com/usn/USN-1968-1
http://www.ubuntu.com/usn/USN-1969-1
http://www.ubuntu.com/usn/USN-1970-1
http://www.ubuntu.com/usn/USN-1972-1
http://www.ubuntu.com/usn/USN-1973-1
http://www.ubuntu.com/usn/USN-1975-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1929
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101836.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
http://cansecwest.com/slides/2013/PrivateCore%20CSW%202013.pdf
http://www.openwall.com/lists/oss-security/2013/04/06/3
RedHat Security Advisories: RHSA-2013:1645
http://rhn.redhat.com/errata/RHSA-2013-1645.html
http://www.ubuntu.com/usn/USN-1834-1
http://www.ubuntu.com/usn/USN-1835-1
http://www.ubuntu.com/usn/USN-1836-1
http://www.ubuntu.com/usn/USN-1838-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2148
http://lkml.org/lkml/2013/6/3/128
http://www.openwall.com/lists/oss-security/2013/06/05/26
http://www.ubuntu.com/usn/USN-1929-1
http://www.ubuntu.com/usn/USN-1930-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2164
Debian Security Information: DSA-2766 (Google Search)
http://www.debian.org/security/2013/dsa-2766
http://www.openwall.com/lists/oss-security/2013/06/10/9
RedHat Security Advisories: RHSA-2013:1166
http://rhn.redhat.com/errata/RHSA-2013-1166.html
http://www.ubuntu.com/usn/USN-1912-1
http://www.ubuntu.com/usn/USN-1913-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2232
http://www.openwall.com/lists/oss-security/2013/07/02/5
RedHat Security Advisories: RHSA-2013:1173
http://rhn.redhat.com/errata/RHSA-2013-1173.html
http://www.ubuntu.com/usn/USN-1938-1
http://www.ubuntu.com/usn/USN-1943-1
http://www.ubuntu.com/usn/USN-1944-1
http://www.ubuntu.com/usn/USN-1945-1
http://www.ubuntu.com/usn/USN-1946-1
http://www.ubuntu.com/usn/USN-1947-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2234
http://www.openwall.com/lists/oss-security/2013/07/02/7
Common Vulnerability Exposure (CVE) ID: CVE-2013-2237
http://www.openwall.com/lists/oss-security/2013/07/04/3
http://www.ubuntu.com/usn/USN-1992-1
http://www.ubuntu.com/usn/USN-1993-1
http://www.ubuntu.com/usn/USN-1995-1
http://www.ubuntu.com/usn/USN-1998-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-2851
http://marc.info/?l=linux-kernel&m=137055204522556&w=2
http://www.openwall.com/lists/oss-security/2013/06/06/13
RedHat Security Advisories: RHSA-2013:1783
http://rhn.redhat.com/errata/RHSA-2013-1783.html
RedHat Security Advisories: RHSA-2014:0284
http://rhn.redhat.com/errata/RHSA-2014-0284.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-4162
BugTraq ID: 61411
http://www.securityfocus.com/bid/61411
http://www.openwall.com/lists/oss-security/2013/07/23/9
RedHat Security Advisories: RHSA-2013:1436
http://rhn.redhat.com/errata/RHSA-2013-1436.html
RedHat Security Advisories: RHSA-2013:1460
http://rhn.redhat.com/errata/RHSA-2013-1460.html
RedHat Security Advisories: RHSA-2013:1520
http://rhn.redhat.com/errata/RHSA-2013-1520.html
http://secunia.com/advisories/54148
http://secunia.com/advisories/55055
http://www.ubuntu.com/usn/USN-1939-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-4163
BugTraq ID: 61412
http://www.securityfocus.com/bid/61412
http://www.openwall.com/lists/oss-security/2013/07/23/10
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.