Secunia Security Advisory 30818

Secunia Security Advisory 30818: Posted Jun 24, 2008; Authored by Secunia | Site secunia.com; Secunia Security Advisory - SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and gain escalated privileges, and malicious people to cause a DoS and potentially compromise a vulnerable system.; tags | advisory, denial of service, kernel, local, vulnerability; systems | linux, suse; SHA-256 | 22228f6988ac26c8435db67ddb9cd3d81a7a56860e43438f1ba5cfa5914ad17b; Download | Favorite | View

Secunia Security Advisory 30818

----------------------------------------------------------------------

Want a new job?

http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/

International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/

----------------------------------------------------------------------

TITLE:
SUSE update for kernel

SECUNIA ADVISORY ID:
SA30818

VERIFY ADVISORY:
http://secunia.com/advisories/30818/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass, Exposure of sensitive information, Privilege
escalation, DoS, System access

WHERE:
>From remote

OPERATING SYSTEM:
openSUSE 10.2
http://secunia.com/product/13375/
openSUSE 10.3
http://secunia.com/product/16124/

DESCRIPTION:
SUSE has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
disclose potentially sensitive information, bypass certain security
restrictions, cause a DoS (Denial of Service), and gain escalated
privileges, and malicious people to cause a DoS and potentially
compromise a vulnerable system.

For more information:
SA27666
SA27908
SA28835
SA30044
SA30101
SA30241

A vulnerability is caused due to missing feature length validation
within the "dccp_feat_change()" function in net/dccp/feat.c, which
can be exploited to cause an overflow and execute arbitrary code with
kernel privileges.

SOLUTION:
Apply updated packages.

x86 Platform:

openSUSE 10.3:

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kernel-bigsmp-2.6.22.18-0.2.i586.rpm

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kernel-debug-2.6.22.18-0.2.i586.rpm

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kernel-default-2.6.22.18-0.2.i586.rpm

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kernel-source-2.6.22.18-0.2.i586.rpm

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kernel-syms-2.6.22.18-0.2.i586.rpm

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kernel-xen-2.6.22.18-0.2.i586.rpm

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/i586/kernel-xenpae-2.6.22.18-0.2.i586.rpm

openSUSE 10.2:

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-bigsmp-2.6.18.8-0.10.i586.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-default-2.6.18.8-0.10.i586.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-kdump-2.6.18.8-0.10.i586.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-source-2.6.18.8-0.10.i586.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-syms-2.6.18.8-0.10.i586.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-xen-2.6.18.8-0.10.i586.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/kernel-xenpae-2.6.18.8-0.10.i586.rpm

Power PC Platform:

openSUSE 10.3:

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/kernel-default-2.6.22.18-0.2.ppc.rpm

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/kernel-kdump-2.6.22.18-0.2.ppc.rpm

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/kernel-ppc64-2.6.22.18-0.2.ppc.rpm

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/kernel-source-2.6.22.18-0.2.ppc.rpm

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/ppc/kernel-syms-2.6.22.18-0.2.ppc.rpm

openSUSE 10.2:

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kernel-default-2.6.18.8-0.10.ppc.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kernel-iseries64-2.6.18.8-0.10.ppc.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kernel-kdump-2.6.18.8-0.10.ppc.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kernel-ppc64-2.6.18.8-0.10.ppc.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kernel-source-2.6.18.8-0.10.ppc.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/ppc/kernel-syms-2.6.18.8-0.10.ppc.rpm

x86-64 Platform:

openSUSE 10.3:

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/kernel-debug-2.6.22.18-0.2.x86_64.rpm

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/kernel-default-2.6.22.18-0.2.x86_64.rpm

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/kernel-source-2.6.22.18-0.2.x86_64.rpm

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/kernel-syms-2.6.22.18-0.2.x86_64.rpm

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/x86_64/kernel-xen-2.6.22.18-0.2.x86_64.rpm

openSUSE 10.2:

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/kernel-default-2.6.18.8-0.10.x86_64.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/kernel-kdump-2.6.18.8-0.10.x86_64.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/kernel-source-2.6.18.8-0.10.x86_64.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/kernel-syms-2.6.18.8-0.10.x86_64.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/x86_64/kernel-xen-2.6.18.8-0.10.x86_64.rpm

Sources:

openSUSE 10.3:

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-bigsmp-2.6.22.18-0.2.nosrc.rpm

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-debug-2.6.22.18-0.2.nosrc.rpm

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-default-2.6.22.18-0.2.nosrc.rpm

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-kdump-2.6.22.18-0.2.nosrc.rpm

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-ppc64-2.6.22.18-0.2.nosrc.rpm

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-source-2.6.22.18-0.2.src.rpm

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-syms-2.6.22.18-0.2.src.rpm

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-xen-2.6.22.18-0.2.nosrc.rpm

http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/kernel-xenpae-2.6.22.18-0.2.nosrc.rpm

openSUSE 10.2:

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-bigsmp-2.6.18.8-0.10.nosrc.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-default-2.6.18.8-0.10.nosrc.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-iseries64-2.6.18.8-0.10.nosrc.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-kdump-2.6.18.8-0.10.nosrc.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-ppc64-2.6.18.8-0.10.nosrc.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-source-2.6.18.8-0.10.src.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-syms-2.6.18.8-0.10.src.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-xen-2.6.18.8-0.10.nosrc.rpm

ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/kernel-xenpae-2.6.18.8-0.10.nosrc.rpm

ORIGINAL ADVISORY:
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html

OTHER REFERENCES:
SA27666:
http://secunia.com/advisories/27666/

SA27908:
http://secunia.com/advisories/27908/

SA28835:
http://secunia.com/advisories/28835/

SA30044:
http://secunia.com/advisories/30044/

SA30101:
http://secunia.com/advisories/30101/

SA30241:
http://secunia.com/advisories/30241/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Top Authors In Last 30 Days

Red Hat 232 files
indoushka 159 files
Jay Turla 150 files
Ubuntu 64 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,120)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,142)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,780)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,828)
UNIX (9,454)
UnixWare (188)
Windows (6,766)
Other

Secunia Security Advisory 30818

Secunia Security Advisory 30818

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Secunia Security Advisory 30818

Share This

Secunia Security Advisory 30818

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems