Family: SuSE Local Security Checks --> Category: infos
SUSE-SA:2003:021: kernel Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the kernel package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory SUSE-SA:2003:021 (kernel).
The Linux kernel has a security flaw in all versions used on SUSE
products excluding the upcoming SUSE LINUX 8.2 distribution. The flaw
is known as ptrace/modprobe bug: The local attacker can use ptrace and
attach to a modprobe process that is spawned if the user triggers the
loading of a kernel module using the kmod kernel module subsystem.
This can be done by asking for network protocols that are supplied by
kernel modules which are not loaded (yet). The vulnerability allows
the attacker to execute arbitrary commands as root.
Solution : http://www.suse.de/security/2003_21_kernel.html
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.