Информационная безопасность
[RU] switch to English


Переполнения буфера в eCryptfs под Linux
Опубликовано:29 июля 2009 г.
Источник:
SecurityVulns ID:10108
Тип:локальная
Уровень опасности:
6/10
Описание:Переполнения буфера при обработке вызовов parse_tag_11_packet и parse_tag_3_packet.
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2009-2407 (Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to a large encrypted key size in a Tag 3 packet.)
 CVE-2009-2406 (Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving a crafted eCryptfs file, related to not ensuring that the key signature length in a Tag 11 packet is compatible with the key signature buffer size.)
Оригинальный текстdocumentRISE Security, [RISE-2009003] Linux eCryptfs parse_tag_3_packet Encrypted Key Buffer Overflow Vulnerability (29.07.2009)
 documentRISE Security, [RISE-2009002] Linux eCryptfs parse_tag_11_packet Literal Data Buffer Overflow Vulnerability (29.07.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород