Linux Kernel 'SCTP'模块存在漏洞

BUGTRAQ ID: 31121 CVE ID：CVE-2008-3792 CNCVE ID：CNCVE-20083792 Linux是一款开放源代码的操作系统。 Linux内核'SCTP'模块存在多个安全问题，本地攻击者可以利用漏洞获得敏感信息或使内核崩溃。 问题代码如下： file: net/sctp/socket.c ... SCTPSTATIC int sctpgetsockoptstruct sock sk, int level, int optname, char user optval, int user optlen int retval = 0; int len;...

CVE-2008-2358

Integer overflow in the dccpfeatchange function in net/dccp/feat.c in the Datagram Congestion Control Protocol DCCP subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature length, which leads to a heap-based buffer overflow...

Linux Kernel 2.6.17 - Sys_Tee Local Privilege Escalation

Linux Kernel 2.6.17 - SysTee Local Privilege Escalation source: https://www.securityfocus.com/bid/22823/info The Linux kernel is prone to a local privilege-escalation vulnerability. Exploiting this issue allows local attackers to gain superuser privileges, facilitating the complete compromise of...

Linux Kernel 2.6.17 - 'Sys_Tee' Local Privilege Escalation

source: https://www.securityfocus.com/bid/22823/info The Linux kernel is prone to a local privilege-escalation vulnerability. Exploiting this issue allows local attackers to gain superuser privileges, facilitating the complete compromise of affected computers. Linux 2.6.16 - 2.6.17.6 local root...

Fedora Core 4 : kernel-2.6.17-1.2141_FC4 (2006-769)

An update to the latest upstream stable release 2.6.17.3, which fixes a security issue with SCTP. Further details: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.3 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.2 Note that Tenable Network Security has extracted the...

Fedora Core 5 : kernel-2.6.17-1.2145_FC5 (2006-772)

An update to the latest upstream stable release 2.6.17.3, which fixes a security issue with SCTP. Further details: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.3 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.2 Note that Tenable Network Security has extracted the...

Fedora Core 5 : kernel-2.6.17-1.2157_FC5 (2006-806)

Rebase to latest upstream 2.6.17.4 -stable release, which fixes a security issue which could result in local priveledge escalation. More details at: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.4 In addition, an optimisation was performed to use significantly less memory for sever...

Fedora Core 4 : kernel-2.6.17-1.2142_FC4 (2006-801)

Rebase to latest upstream 2.6.17.4 -stable release, which fixes a security issue which could result in local priveledge escalation. More details at: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.4 In addition, an optimisation was performed to use significantly less memory for sever...

Linux Kernel ATM SkBuff Dereference Remote Denial of Service Vulnerability

这个问题是在Kernel处理输入ATM（异步传输模式）数据时被触发。 利用这个漏洞，攻击者可以目标Kernel死机，导致拒绝服务的发生。 本问题只影响那些具有ATM硬件并且配置成支持ATM的Kernel的系统。 Kernel版本从2.6.0到2.6.17（包括2.6.17）都受到该漏洞影响。 PHP 5 受此漏洞影响。 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Operating System Enterprise Server 2.0 RedHat Enterprise Linux WS 4 RedHat...

CVE-2006-1522

The sysaddkey function in the keyring code in Linux kernel 2.6.16.1 and 2.6.17-rc1, and possibly earlier versions, allows local users to cause a denial of service OOPS via keyctl requests that add a key to a user key instead of a keyring key, which causes an invalid dereference in the...