Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в ядре Linux (multiple bugs)
Опубликовано:11 июня 2007 г.
Источник:
SecurityVulns ID:7792
Тип:библиотека
Уровень опасности:
6/10
Описание:Утечка содержимого памяти ядра через cpuset и setsockopt. Слабый генератор псевдо-случайных чисел. Генерация слабого ключа шифрования в GEODE-AES.
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2007-2875 (Integer underflow in the cpuset_tasks_read function in the Linux kernel before 2.6.20.13, and 2.6.21.x before 2.6.21.4, when the cpuset filesystem is mounted, allows local users to obtain kernel memory contents by using a large offset when reading the /dev/cpuset/tasks file.)
 CVE-2007-2453 (The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source.)
 CVE-2007-2451 (Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES in the Linux kernel before 2.6.21.3 allows attackers to obtain sensitive information via unspecified vectors.)
 CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support in the Linux kernel before 2.4.34.3 allows context-dependent attackers to read kernel memory and obtain sensitive information via unspecified vectors involving the copy_from_user function accessing an uninitialized stack buffer.)
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 06.07.07: Linux Kernel cpuset tasks Information Disclosure Vulnerability (11.06.2007)
 documentUBUNTU, [USN-470-1] Linux kernel vulnerabilities (11.06.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород