Impact
remote denial of service
Solution
Please Install the Updated Packages.
Insight
A kernel update has been released to fix the following security problems:
- CVE-2006-2936: The ftdi_sio driver allowed local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued. This requires this driver to be loaded, which only happens if such a device is plugged in.
- CVE-2006-4814: A deadlock in mincore that could be caused by local attackers was fixed.
- CVE-2006-6106: Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver
(net/bluetooth/cmtp/capi.c) in the Linux kernel allowed remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via CAPI messages with a large value for the length of the (1) manu (manufacturer) or (2) serial (serial number) field.
- CVE-2006-5749: The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux kernel does not call the init_timer function for the ISDN PPP CCP
reset state timer, which has unknown attack vectors and results in a system crash.
- CVE-2006-5753: Unspecified vulnerability in the listxattr system call in Linux kernel, when a "
bad inode"
is present, allows local
users to cause a denial of service (data corruption) and possibly gain privileges.
- CVE-2007-0772: A remote denial of service problem on NFSv2 mounts with ACL enabled was fixed.
and various non security bugs.
This update only covers SUSE Linux Enterprise 10 and SUSE Linux 10.1. The above listed problems also affect other kernels, for which updates will be published.
Affected
kernel-bigsmp on SUSE LINUX 10.1, SUSE SLED 10, SUSE SLE 10 DEBUGINFO, SUSE SLES 10
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2006-2936, CVE-2006-4814, CVE-2006-5749, CVE-2006-5753, CVE-2006-6106, CVE-2007-0772 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities