openSUSE 安全性更新:核心 (openSUSE-SU-2010:0592-1)
high Nessus Plugin ID 75548
語系:
概要
遠端 openSUSE 主機缺少安全性更新。說明
此 openSUSE 11.3 核心更新可將核心更新至 2.6.34.4 版,其中包含多個錯誤和安全性修正CVE-2010-3110:Novell Client novfs /proc 介面的數個 ioctl 缺少邊界檢查,會允許無權限的本機使用者造成核心損毀,甚至在核心內容中執行程式碼。
CVE-2010-2524:惡意本機使用者可在執行 dns 查閱的 CIFS 所使用的快取中填入選定資料,進而誘騙核心掛載錯誤的 CIFS 伺服器。
CVE-2010-2798:本機使用者可在 gfs2 檔案系統上觸發 NULL 解除參照
CVE-2010-2537:本機使用者可覆寫 btrfs 檔案系統上僅限附加的檔案
CVE-2010-2538:本機使用者可在 btrfs 檔案系統上讀取核心記憶體
解決方案
更新受影響的 Kernel 套件。另請參閱
https://bugzilla.novell.com/show_bug.cgi?id=627310
https://bugzilla.novell.com/show_bug.cgi?id=627386
https://bugzilla.novell.com/show_bug.cgi?id=627447
https://bugzilla.novell.com/show_bug.cgi?id=629908
https://bugzilla.novell.com/show_bug.cgi?id=631066
https://bugzilla.novell.com/show_bug.cgi?id=631185
https://bugzilla.novell.com/show_bug.cgi?id=631319
https://lists.opensuse.org/opensuse-updates/2010-09/msg00009.html
https://bugzilla.novell.com/show_bug.cgi?id=529535
https://bugzilla.novell.com/show_bug.cgi?id=584720
https://bugzilla.novell.com/show_bug.cgi?id=586643
https://bugzilla.novell.com/show_bug.cgi?id=594362
https://bugzilla.novell.com/show_bug.cgi?id=599671
https://bugzilla.novell.com/show_bug.cgi?id=608300
https://bugzilla.novell.com/show_bug.cgi?id=610362
https://bugzilla.novell.com/show_bug.cgi?id=610828
https://bugzilla.novell.com/show_bug.cgi?id=615656
https://bugzilla.novell.com/show_bug.cgi?id=617530
https://bugzilla.novell.com/show_bug.cgi?id=617912
https://bugzilla.novell.com/show_bug.cgi?id=618678
https://bugzilla.novell.com/show_bug.cgi?id=619021
https://bugzilla.novell.com/show_bug.cgi?id=619416
https://bugzilla.novell.com/show_bug.cgi?id=619440
https://bugzilla.novell.com/show_bug.cgi?id=619727
https://bugzilla.novell.com/show_bug.cgi?id=621598
https://bugzilla.novell.com/show_bug.cgi?id=623005
https://bugzilla.novell.com/show_bug.cgi?id=623472
https://bugzilla.novell.com/show_bug.cgi?id=624118
https://bugzilla.novell.com/show_bug.cgi?id=624587
https://bugzilla.novell.com/show_bug.cgi?id=624606
https://bugzilla.novell.com/show_bug.cgi?id=624814
Plugin 詳細資訊
嚴重性: High
ID: 75548
檔案名稱: suse_11_3_Kernel-100824.nasl
版本: 1.5
類型: local
代理程式: unix
已發布: 2014/6/13
已更新: 2021/1/14
支援的感應器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
風險資訊
VPR
風險因素: Medium
分數: 5.9
CVSS v2
風險因素: High
基本分數: 7.2
媒介: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
弱點資訊
CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-trace, p-cpe:/a:novell:opensuse:kernel-trace-base, p-cpe:/a:novell:opensuse:kernel-trace-devel, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vmi-devel, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-devel, p-cpe:/a:novell:opensuse:preload-kmp-default, p-cpe:/a:novell:opensuse:preload-kmp-desktop, cpe:/o:novell:opensuse:11.3
必要的 KB 項目: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
修補程式發佈日期: 2010/8/24
參考資訊
CVE: CVE-2010-2524, CVE-2010-2537, CVE-2010-2538, CVE-2010-2798, CVE-2010-3110