Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Linux
Опубликовано:29 мая 2008 г.
Источник:
SecurityVulns ID:9029
Тип:удаленная
Уровень опасности:
5/10
Описание:Утечка памяти в туннелях IPv6 поверх IPv4, DoS через mmap на SPARC-архитектурах, DoS на amd64, DoS через целочисленное переполнение в hrtimer на 64-битных системах.
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2008-2137 (The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and the (2) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3, omit some virtual-address range (aka span) checks when the mmap MAP_FIXED bit is not set, which allows local users to cause a denial of service (panic) via unspecified mmap calls.)
 CVE-2008-2136 (Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux kernel before 2.6.25.3 allows remote attackers to cause a denial of service (memory consumption) via network traffic to a Simple Internet Transition (SIT) tunnel interface, related to the pskb_may_pull and kfree_skb functions, and management of an skb reference count.)
 CVE-2008-1615 (Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls.)
 CVE-2007-6712 (Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux kernel 2.6.21-rc4, when running on 64-bit systems, allows local users to cause a denial of service (infinite loop) via a timer with a large expiry value, which causes the timer to always be expired.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1588-1] New Linux 2.6.18 packages fix several vulnerabilities (29.05.2008)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород