Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в radvd
Опубликовано:1 ноября 2011 г.
Источник:
SecurityVulns ID:12013
Тип:удаленная
Уровень опасности:
5/10
Описание:Повышение привилегий, переполнение буфера, DoS.
Затронутые продукты:RADVD : radvd 1.8
CVE:CVE-2011-3605 (The process_rs function in the router advertisement daemon (radvd) before 1.8.2, when UnicastOnly is enabled, allows remote attackers to cause a denial of service (temporary service hang) via a large number of ND_ROUTER_SOLICIT requests.)
 CVE-2011-3604 (The process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to cause a denial of service (stack-based buffer over-read and crash) via unspecified vectors.)
 CVE-2011-3602 (Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. (dot dot) in an interface name. NOTE: this can be leveraged with a symlink to overwrite arbitrary files.)
 CVE-2011-3601 (Buffer overflow in the process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative value in a label_len value.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2323-1] radvd security update (01.11.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород