SuSE Update for kernel SUSE-SA:2007:043

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_suse_2007_043.nasl 8050 2017-12-08 09:34:29Z santu $
#
# SuSE Update for kernel SUSE-SA:2007:043
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

include("revisions-lib.inc");
tag_insight = "The SUSE Linux 10.0 and openSUSE 10.2 have been updated to fix various
  security problems.

  Please note that the SUSE Linux 10.0 has been released some weeks ago.

  The SUSE Linux 10.1 is affected by some of those problems but will
  be updated in some weeks to merge back with the SLE10 Service Pack
  1 kernel.

  - CVE-2007-1357: A denial of service problem against the AppleTalk
  protocol was fixed.  A remote attacker in the same AppleTalk
  network segment could cause the machine to crash if it has AppleTalk
  protocol loaded.

  - CVE-2007-1861: The nl_fib_lookup function in net/ipv4/fib_frontend.c
  allows attackers to cause a denial of service (kernel panic) via
  NETLINK_FIB_LOOKUP replies, which trigger infinite recursion and
  a stack overflow.

  - CVE-2007-1496: nfnetlink_log in netfilter allows attackers to cause
  a denial of service (crash) via unspecified vectors involving the
  (1) nfulnl_recv_config function, (2) using "multiple packets per
  netlink message", and (3) bridged packets, which trigger a NULL
  pointer dereference.

  - CVE-2007-1497: nf_conntrack in netfilter does not set nfctinfo
  during reassembly of fragmented packets, which leaves the default
  value as IP_CT_ESTABLISHED and might allow remote attackers to
  bypass certain rulesets using IPv6 fragments.

  Please note that the connection tracking option for IPv6 is not
  enabled in any currently shipping SUSE Linux kernel, so it does
  not affect SUSE Linux default kernels.

  - CVE-2007-1592: A local user could affect a double-free of a ipv6
  structure potentially causing a local denial of service attack.

  - CVE-2006-7203: The compat_sys_mount function in fs/compat.c allows
  local users to cause a denial of service (NULL pointer dereference
  and oops) by mounting a smbfs file system in compatibility mode
  ("mount -t smbfs").

  - CVE-2007-2453: Seeding of the kernel random generator on boot did
  not work correctly due to a programming mistake and so the kernel
  might have more predictable random numbers than assured.

  - CVE-2007-2876: A NULL pointer dereference in SCTP connection
  tracking could be caused by a remote attacker by sending specially
  crafted packets.

  Note that this requires SCTP set-up and active to be exploitable.

  Also some non-security bugs were fixed.";

tag_impact = "remote denial of service";
tag_affected = "kernel on openSUSE 10.2, SUSE SLES 9, Novell Linux Desktop 9, Open Enterprise Server, Novell Linux POS 9";
tag_solution = "Please Install the Updated Packages.";



if(description)
{
  script_id(850085);
  script_version("$Revision: 8050 $");
  script_tag(name:"last_modification", value:"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $");
  script_tag(name:"creation_date", value:"2009-01-28 13:40:10 +0100 (Wed, 28 Jan 2009)");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_xref(name: "SUSE-SA", value: "2007-043");
  script_cve_id("CVE-2006-7203", "CVE-2007-1357", "CVE-2007-1496", "CVE-2007-1497", "CVE-2007-1592", "CVE-2007-1861", "CVE-2007-2453", "CVE-2007-2876");
  script_name( "SuSE Update for kernel SUSE-SA:2007:043");

  script_summary("Check for the Version of kernel");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse", "ssh/login/rpms");
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}


include("pkg-lib-rpm.inc");

release = get_kb_item("ssh/login/release");


res = "";
if(release == NULL){
  exit(0);
}

if(release == "openSUSE10.2")
{

  if ((res = isrpmvuln(pkg:"kernel-bigsmp", rpm:"kernel-bigsmp~2.6.18.8~0.5", rls:"openSUSE10.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"kernel-default", rpm:"kernel-default~2.6.18.8~0.5", rls:"openSUSE10.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"kernel-source", rpm:"kernel-source~2.6.18.8~0.5", rls:"openSUSE10.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"kernel-syms", rpm:"kernel-syms~2.6.18.8~0.5", rls:"openSUSE10.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~2.6.18.8~0.5", rls:"openSUSE10.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"kernel-xenpae", rpm:"kernel-xenpae~2.6.18.8~0.5", rls:"openSUSE10.2")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99); # Not vulnerable.
  exit(0);
}