Impact
local privilege escalation
Solution
Please Install the Updated Packages.
Insight
The Linux kernel in the SUSE Linux Enterprise Realtime 10 SP1 product was updated to fix the following security problems. Our other products have already received those fixes.
- CVE-2008-0001: Incorrect access mode checks could be used by local attackers to corrupt directory contents and so cause denial of service attacks or potentially execute code.
- CVE-2008-0600: A local privilege escalation was found in the vmsplice_pipe system call, which could be used by local attackers to gain root access.
- CVE-2007-5500: A buggy condition in the ptrace attach logic can be used by local attackers to hang the machine.
- CVE-2007-5501: The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer dereference.
- CVE-2007-5904: Multiple buffer overflows in CIFS VFS allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SMB responses that trigger the overflows in the SendReceive function.
This problem requires the attacker to set up a malicious Samba/CIFS server and getting the client to connect to it.
No other bugs were fixed.
Affected
kernel-rt on SUSE Linux Enterprise Server RT Solution 10
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-5500, CVE-2007-5501, CVE-2007-5904, CVE-2008-0001, CVE-2008-0600 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities