Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в ядре Linux
дополнено с 14 октября 2008 г.
Опубликовано:18 октября 2008 г.
Источник:
SecurityVulns ID:9357
Тип:локальная
Уровень опасности:
6/10
Описание:Многочисленные DoS-условия, повышение привилегий группы через файловую систему и через системные вызовы
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2008-4445 (The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function, a different vulnerability than CVE-2008-4113.)
 CVE-2008-4302 (fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.)
 CVE-2008-4210 (fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.)
 CVE-2008-4113 (The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function.)
 CVE-2008-3833 (The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210.)
 CVE-2008-3831 (The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration.)
 CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions.)
 CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions.)
 CVE-2008-1514 (ptrace in Linux kernel 2.6.9 on Fedora 7 and 8 allows local users to cause a denial of service (kernel panic) via the user-area-padding test from the ptrace testsuite, which triggers an invalid dereference.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1655-1] New Linux 2.6.24 packages fix several vulnerabilities (18.10.2008)
 documentDEBIAN, [SECURITY] [DSA 1653-1] New Linux 2.6.18 packages fix several vulnerabilities (14.10.2008)

Многочисленные переполнения буфера в Adobe Flash CS3 Professional / Adobe Flash MX 2004
Опубликовано:18 октября 2008 г.
Источник:
SecurityVulns ID:9375
Тип:локальная
Уровень опасности:
5/10
Описание:Многочисленные переполнения динамических буферов при разборе файлов .SWF.
Затронутые продукты:ADOBE : Flash MX 2004
 ADOBE : Flash Professional CS3
Оригинальный текстdocumentPaul Craig, Multiple Flash Authoring Heap Overflows - Malformed SWF Files (18.10.2008)

Переполнение буфера в GNU tar (buffer overflow)
дополнено с 18 октября 2007 г.
Опубликовано:18 октября 2008 г.
Источник:
SecurityVulns ID:8267
Тип:клиент
Уровень опасности:
5/10
CVE:CVE-2007-4476 (Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack.")

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород