Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2014.0773.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2014:0773-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2014:0773-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2014:0773-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise Server 10 Service Pack 4 LTSS kernel has been updated to fix various security issues and several bugs.

The following security issues have been addressed:

*

CVE-2013-6382: Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified
other impact by leveraging the CAP_SYS_ADMIN capability for a (1)
XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. (bnc#852553)

*

CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,
net/ipv6/raw.c, and net/ipv6/udp.c. (bnc#857643)

*

CVE-2013-7264: The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
(bnc#857643)

*

CVE-2013-7265: The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.
(bnc#857643)

*

CVE-2014-1737: The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. (bnc#875798)

*

CVE-2014-1738: The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a
/dev/fd device. (bnc#875798)

Additionally, the following non-security bugs have been fixed:

* tcp: syncookies: reduce cookie lifetime to 128 seconds (bnc#833968).
* tcp: syncookies: reduce mss table to four values (bnc#833968).
* ia64: Change default PSR.ac from '1' to '0' (Fix erratum #237)
(bnc#874108).
* tty: fix up atime/mtime mess, take three (bnc#797175).

Security Issues references:

* CVE-2013-6382
* CVE... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Server 10 SP4

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-6382
BugTraq ID: 63889
http://www.securityfocus.com/bid/63889
http://www.openwall.com/lists/oss-security/2013/11/22/5
http://www.spinics.net/lists/xfs/msg23343.html
http://www.ubuntu.com/usn/USN-2109-1
http://www.ubuntu.com/usn/USN-2110-1
http://www.ubuntu.com/usn/USN-2113-1
http://www.ubuntu.com/usn/USN-2117-1
http://www.ubuntu.com/usn/USN-2128-1
http://www.ubuntu.com/usn/USN-2129-1
http://www.ubuntu.com/usn/USN-2135-1
http://www.ubuntu.com/usn/USN-2138-1
http://www.ubuntu.com/usn/USN-2139-1
http://www.ubuntu.com/usn/USN-2141-1
http://www.ubuntu.com/usn/USN-2158-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-7263
http://www.openwall.com/lists/oss-security/2013/11/28/13
http://seclists.org/oss-sec/2014/q1/29
RedHat Security Advisories: RHSA-2014:0159
http://rhn.redhat.com/errata/RHSA-2014-0159.html
RedHat Security Advisories: RHSA-2014:0285
http://rhn.redhat.com/errata/RHSA-2014-0285.html
http://secunia.com/advisories/55882
http://secunia.com/advisories/56036
SuSE Security Announcement: SUSE-SU-2014:0459 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00026.html
SuSE Security Announcement: SUSE-SU-2015:0481 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html
SuSE Security Announcement: SUSE-SU-2015:0652 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html
SuSE Security Announcement: SUSE-SU-2015:0736 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html
SuSE Security Announcement: openSUSE-SU-2015:0566 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html
http://www.ubuntu.com/usn/USN-2107-1
http://www.ubuntu.com/usn/USN-2108-1
http://www.ubuntu.com/usn/USN-2136-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-7264
Common Vulnerability Exposure (CVE) ID: CVE-2013-7265
Common Vulnerability Exposure (CVE) ID: CVE-2014-1737
BugTraq ID: 67300
http://www.securityfocus.com/bid/67300
Debian Security Information: DSA-2926 (Google Search)
http://www.debian.org/security/2014/dsa-2926
Debian Security Information: DSA-2928 (Google Search)
http://www.debian.org/security/2014/dsa-2928
http://www.openwall.com/lists/oss-security/2014/05/09/2
RedHat Security Advisories: RHSA-2014:0800
http://rhn.redhat.com/errata/RHSA-2014-0800.html
RedHat Security Advisories: RHSA-2014:0801
http://rhn.redhat.com/errata/RHSA-2014-0801.html
http://www.securitytracker.com/id/1030474
http://secunia.com/advisories/59262
http://secunia.com/advisories/59309
http://secunia.com/advisories/59406
http://secunia.com/advisories/59599
SuSE Security Announcement: SUSE-SU-2014:0667 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html
SuSE Security Announcement: SUSE-SU-2014:0683 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-1738
BugTraq ID: 67302
http://www.securityfocus.com/bid/67302
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.