Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в ядре Linux
Опубликовано:9 июня 2008 г.
Источник:
SecurityVulns ID:9065
Тип:удаленная
Уровень опасности:
8/10
Описание:Переполнение буфера при разборе ASN.1 в SNMP и CIFS, переполнение буфера в DCCP.
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2008-2358 (Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature length, which leads to a heap-based buffer overflow.)
 CVE-2008-1673 (The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1592-1] New Linux 2.6.18 packages fix overflow conditions (09.06.2008)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород