SuSE Security Advisory SUSE-SA:2009:020 (udev) Network Vulnerability

Summary

The remote host is missing updates announced in advisory SUSE-SA:2009:020.

Solution

Update your system with the packages as indicated in the referenced security advisory. https://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:020

Insight

Sebastian Krahmer of SUSE Security identified a problem in udevd with handling of netlink messages. Local attackers could inject netlink messages due to a missing origin check where only the kernel should have been able to and so are able to escalate privileges. (CVE-2009-1185) Fixed packages have been released to address this issue for openSUSE 10.3-11.1, SUSE Linux Enterprise 10 SP2 and SUSE Linux Enterprise 11. SUSE Linux Enterprise Server 9 and Novell Linux Desktop 9 are not affected by this problem.

Severity

Classification

CVE CVE-2009-1185, CVE-2009-1186
CVSS Base Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SLES10: Security update for CUPS
SLES10: Security update for libxslt
SLES10: Security update for Linux kernel
SLES10: Security update for ethereal
SLES10: Security update for KDE PIM packages

Take action and discover your vulnerabilities