SB2011102801 - SUSE Linux update for Linux kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2011102801

SB2011102801 - SUSE Linux update for Linux kernel

Published: October 28, 2011

Security Bulletin ID SB2011102801
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

High 20% Medium 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2009-4067)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system.


2) Heap-based buffer overflow (CVE-ID: CVE-2011-1577)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier. A remote attacker can use a crafted size of the EFI GUID partition-table header on removable media. to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Buffer overflow (CVE-ID: CVE-2011-1776)

The vulnerability allows a local non-authenticated attacker to #BASIC_IMPACT#.

The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel before 2.6.39 does not check the size of an Extensible Firmware Interface (EFI) GUID Partition Table (GPT) entry, which allows physically proximate attackers to cause a denial of service (heap-based buffer overflow and OOPS) or obtain sensitive information from kernel heap memory by connecting a crafted GPT storage device, a different vulnerability than CVE-2011-1577.


4) Buffer overflow (CVE-ID: CVE-2011-3191)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory.


5) Input validation error (CVE-ID: CVE-2011-3363)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.


Remediation

Install update from vendor's website.

References