Summary
The remote host is missing updates announced in
advisory SUSE-SA:2009:020.
Solution
Update your system with the packages as indicated in the referenced security advisory.
https://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:020
Insight
Sebastian Krahmer of SUSE Security identified a problem in udevd with handling of netlink messages.
Local attackers could inject netlink messages due to a missing origin check where only the kernel should have been able to and so are able to escalate privileges. (CVE-2009-1185)
Fixed packages have been released to address this issue for openSUSE 10.3-11.1, SUSE Linux Enterprise 10 SP2 and SUSE Linux Enterprise 11.
SUSE Linux Enterprise Server 9 and Novell Linux Desktop 9 are not affected by this problem.
Severity
Classification
-
CVE CVE-2009-1185, CVE-2009-1186 -
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities