Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в ядре Linux
Опубликовано:2 июня 2009 г.
Источник:
SecurityVulns ID:9955
Тип:клиент
Уровень опасности:
6/10
Описание:Переполнения буфера в клиенте CIFS, выполнение файлов на nfs4, DoS в Xen.
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2009-1758 (The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges.")
 CVE-2009-1633 (Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.)
 CVE-2009-1630 (The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1809-1] New Linux 2.6.26 packages fix several vulnerabilities (02.06.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород