Информационная безопасность
[RU] switch to English

Многочисленные уязвимости безопасности в ядре Linux
дополнено с 5 мая 2015 г.
Опубликовано:10 мая 2015 г.
SecurityVulns ID:14436
Уровень опасности:
Описание:DoS, повышение привилегий, обход защиты.
Затронутые продукты:XEN : xen 3.3
 LINUX : kernel 3.19
CVE:CVE-2015-3339 (Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped.)
 CVE-2015-3332 (A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.)
 CVE-2015-3331 (The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.)
 CVE-2015-2922 (The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.)
 CVE-2015-2830 (arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16.)
 CVE-2015-2666 (Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.)
 CVE-2015-2150 (Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.)
 CVE-2014-9715 (include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that triggers extension loading, as demonstrated by configuring a PPTP tunnel in a NAT environment.)
 CVE-2014-9710 (The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit.)
Оригинальный текстdocumentUBUNTU, [USN-2597-2] Linux kernel (Trusty HWE) regression (10.05.2015)
 documentDEBIAN, [SECURITY] [DSA 3237-1] linux security update (05.05.2015)
 documentHector Marco, AMD Bulldozer Linux ASLR weakness: Reducing entropy by 87.5% (05.05.2015)
 documentHector Marco, Linux ASLR mmap weakness: Reducing entropy by half (05.05.2015)
 documentUBUNTU, [USN-2583-1] Linux kernel vulnerability (05.05.2015)
 documentUBUNTU, [USN-2590-1] Linux kernel vulnerabilities (05.05.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород