 |
|
|
|
| Многочисленные уязвимости безопасности в ядре Linux | | Опубликовано: |  | 2 июня 2009 г. | | Источник: |  | BUGTRAQ | | SecurityVulns ID: |  | 9955 | | Тип: |  | клиент | | Опасность: |  | 6/10 | | Описание: |  | Переполнения буфера в клиенте CIFS, выполнение файлов на nfs4, DoS в Xen. |
| Затронутые продукты: |  | LINUX : kernel 2.6 | | CVE: |  | CVE-2009-1758 (The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges.") | | | | CVE-2009-1633 (Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c.) | | | | CVE-2009-1630 (The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.) |
|
|
|
|
|
|
|
|
