SUSE Linux update for Linux kernel

Published: 2013-04-13

Risk	High
Patch available	YES
Number of vulnerabilities	6
CVE-ID	CVE-2012-4530 CVE-2013-0160 CVE-2013-0216 CVE-2013-0231 CVE-2013-0268 CVE-2013-0871
CWE-ID	CWE-200 CWE-20 CWE-119 CWE-264 CWE-362
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #5 is available.
Vulnerable software Subscribe	SUSE Linux Operating systems & Components / Operating system
Vendor	SUSE

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Information disclosure

EUVDB-ID: #VU43085

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2012-4530

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 10

CPE2.3

cpe:2.3:o:suse:suse_linux:10:*:*:*:*:*:*:

External links

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Information disclosure

EUVDB-ID: #VU43086

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2013-0160

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 10

CPE2.3

cpe:2.3:o:suse:suse_linux:10:*:*:*:*:*:*:

External links

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Input validation error

EUVDB-ID: #VU43087

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:A/AC:L/PR:/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2013-0216

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote #AU# to perform a denial of service (DoS) attack.

The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 10

CPE2.3

cpe:2.3:o:suse:suse_linux:10:*:*:*:*:*:*:

External links

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU32957

Risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2013-0231

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 10

CPE2.3

cpe:2.3:o:suse:suse_linux:10:*:*:*:*:*:*:

External links

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU43089

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2013-0268

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 10

CPE2.3

cpe:2.3:o:suse:suse_linux:10:*:*:*:*:*:*:

External links

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

6) Race condition

EUVDB-ID: #VU43090

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2013-0871

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 10

CPE2.3

cpe:2.3:o:suse:suse_linux:10:*:*:*:*:*:*:

External links

http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00018.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.