Contact | Site en Français               

 


 

Vulnerabilities & Threats
 
  VUPEN Security Advisories
  Linux Security Advisories

  Malware Advisories
  Security Research
  Threat Watch Blog
  Zero-Day Monitor
  Search Engine
  Mailing List & RSS
 
   

>> SuSE Security Update Fixes Multiple Linux Kernel Vulnerabilities

Title : SuSE Security Update Fixes Multiple Linux Kernel Vulnerabilities
VUPEN ID : VUPEN/ADV-2005-2774
CVE ID : CVE-2005-2973 - CVE-2005-3044 - CVE-2005-3055 - CVE-2005-3180 - CVE-2005-3181 - CVE-2005-3271 - CVE-2005-3527 - CVE-2005-3783 - CVE-2005-3784 - CVE-2005-3805 - CVE-2005-3806 - CVE-2005-3807
Rated as : Low Risk 
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2005-12-06

Technical Description    Receive VUPEN Security alerts in a Text format  Receive VUPEN Security alerts in a PDF format  Receive VUPEN Security alerts in an XML format  Receive VUPEN Security notifications by SMS 

SuSE has released updated packages to address multiple security vulnerabilities identified in Kernel. These flaws cuold be exploited by attackers to cause a denial of service.

A check in "ptrace" handling that finds out if a process is attaching to itself was incorrect and could be used by a local attacker to crash the machine.

A check in reaping of terminating child processes did not consider "ptrace" attached processes and would leave a ptrace reference dangling, which could lead to a local user being able to crash the machine.

A task leak problem when releasing POSIX timers could lead to local users causing a denial of service by exhausting system memory.

A locking problem in POSIX timer handling could be used by a local attacker on a SMP system to deadlock the machine.

A problem in the Linux auditing code could lead to a memory leak which finally could exhaust system memory of a machine.

An infinite loop in the IPv6 UDP loopback handling can be easily triggered by a local user and lead to a denial of service.

A bug in IPv6 flow label handling code could be used by a local attacker to free non-allocated memory and in turn corrupt kernel memory and likely crash the machine.

A memory kernel leak in VFS lease handling can exhaust the machine memory and so cause a local denial of service.

Unplugging an user space controlled USB device with an URB pending in user space could crash the kernel, which can be triggered by local attacker.

An incorrect padding in Orinoco wireless driver could expose kernel data to the air.

Missing "sockfd_put()" calls in "routing_ioctl()" can leak file handles which in turn could exhaust system memory.

A race condition in "do_coredump" [signal.c] could allow local users to cause a denial of service by triggering a core dump in one thread while another thread has a pending SIGSTOP.

Affected Products

SuSE Linux 10.0

Solution

Upgrade the affected packages :
ftp://ftp.suse.com/pub/

References

http://www.vupen.com/english/advisories/2005/2774
http://www.frsirt.com/english/reference/1983

ChangeLog

2005-12-06 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.
 

Vulnerability Alerting

Free 14-Day Trial
 
  Latest News

 

  >> 2009-06-10

     

  VUPEN Security Research
  Discovered Critical Flaws
  in Adobe Acrobat and MS
  Office Word


  >> 2009-06-02

     

  VUPEN Security Research
  Discovered Critical Flaws
  in ACDSee Products


  >> 2009-05-22

     

  VUPEN Discovered Two
  Critical Vulnerabilities in
  Novell GroupWise 8 / 7


  >> 2009-05-12

     

  Microsoft Patched 14
  Office PowerPoint Flaws

 

  >> 2009-04-28

     

  Adobe Reader / Acrobat
  Vulnerabilities Disclosed

 

 

More Informations    
    








Copyright 2003-2009 © VUPEN.COM - Privacy Policy