Информационная безопасность
[RU] switch to English


Уязвимости безопасности в ядре Linux
дополнено с 14 февраля 2013 г.
Опубликовано:2 марта 2013 г.
Источник:
SecurityVulns ID:12888
Тип:локальная
Уровень опасности:
5/10
Описание:Повышение привилегий, утечка информации.
Затронутые продукты:LINUX : kernel 2.6
 LINUX : kernel 3.4
CVE:CVE-2013-1763 (Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.)
 CVE-2013-0871 (Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.)
 CVE-2013-0231 (The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third party information.)
 CVE-2013-0190 (The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service (guest crash) by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption.)
 CVE-2012-4508 (Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized.)
 CVE-2012-2669 (The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message.)
Оригинальный текстdocumentUBUNTU, [USN-1750-1] Linux kernel vulnerabilities (02.03.2013)
 documentUBUNTU, [USN-1739-1] Linux kernel vulnerability (24.02.2013)
 documentUBUNTU, [USN-1720-1] Linux kernel vulnerabilities (14.02.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород