SB2012102402 - SUSE Linux update for Linux kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2012102402

SB2012102402 - SUSE Linux update for Linux kernel

Published: October 24, 2012

Security Bulletin ID SB2012102402
Severity
High
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 33% Medium 33% Low 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2010-4649)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Integer overflow in the ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large value of a certain structure member.


2) Buffer overflow (CVE-ID: CVE-2011-1044)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vectors that cause this buffer to be only partially filled, a different vulnerability than CVE-2010-4649.


3) Information disclosure (CVE-ID: CVE-2011-2494)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

kernel/taskstats.c in the Linux kernel before 3.1 allows local users to obtain sensitive I/O statistics by sending taskstats commands to a netlink socket, as demonstrated by discovering the length of another user's password.


4) NULL pointer dereference (CVE-ID: CVE-2011-4110)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via vectors related to a user-defined key and "updating a negative key into a fully instantiated key."


5) Input validation error (CVE-ID: CVE-2012-2136)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device.


6) Input validation error (CVE-ID: CVE-2012-2663)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant.


7) Input validation error (CVE-ID: CVE-2012-2744)

The vulnerability allows remote attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (NULL pointer dereference and system crash) via certain types of fragmented IPv6 packets.


8) Heap-based buffer overflow (CVE-ID: CVE-2012-3400)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5. A remote attacker can use a crafted UDF filesystem. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


9) Use-after-free (CVE-ID: CVE-2012-3510)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing a taskstats TASKSTATS_CMD_ATTR_PID command. A local users can obtain potentially sensitive information from kernel memory or cause a denial of service (system crash).

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.


Remediation

Install update from vendor's website.

References