Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:2426
HistoryNov 17, 2007 - 12:00 a.m.

Linux Kernel CIFS transport.c文件远程缓冲区溢出漏洞

2007-11-1700:00:00
Root
www.seebug.org
67

0.027 Low

EPSS

Percentile

89.4%

JSON

BUGTRAQ ID: 26438
CVE(CAN) ID: CVE-2007-5904

Linux Kernel是开放源码操作系统Linux所使用的内核。

Linux Kernel的CIFS VFS代码存在缓冲器溢出漏洞,远程攻击者可能利用此漏洞控制系统。

transport.c文件的SendReceive()函数将消息的有效负载memcpy到通过out_buf参数所传送的缓冲区中,该函数假设所有缓冲区的大小为(CIFSMaxBufSize + MAX_CIFS_HDR_SIZE),但调用时所使用的缓冲区为较小的MAX_CIFS_SMALL_BUFFER_SIZE。如果远程攻击者向有漏洞的系统发送了特制响应的话,就可以触发缓冲区溢出。

Linux kernel 2.6.23.1
Linux

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://czajnick.sitenet.pl/cifs-buffer-overflow-fix.patch.gz” target=“_blank”>http://czajnick.sitenet.pl/cifs-buffer-overflow-fix.patch.gz</a>

Related

prion 1
openvas 20
centos 2
nessus 15
veracode 1
cve 1
redhat 2
ubuntucve 1
oraclelinux 3
suse 5
osv 1
debian 1
ubuntu 1
prion
prion
Buffer overflow
2007-11-09 18:46:00
openvas
openvas
RedHat Update for kernel RHSA-2008:0167-01
2009-03-06 00:00:00
CentOS Update for kernel CESA-2008:0167 centos4 i386
2009-02-27 00:00:00
RedHat Update for kernel RHSA-2008:0167-01
2009-03-06 00:00:00
centos
centos
kernel security update
2008-03-16 01:40:23
kernel security update
2008-01-24 00:20:48
nessus
nessus
CentOS 4 : kernel (CESA-2008:0167)
2008-03-17 00:00:00
Oracle Linux 4 : kernel (ELSA-2008-0167)
2013-07-12 00:00:00
RHEL 4 : kernel (RHSA-2008:0167)
2008-03-17 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:24:23
cve
cve
CVE-2007-5904
2007-11-09 18:46:00
redhat
redhat
(RHSA-2008:0167) Moderate: kernel security and bug fix update
2008-03-14 00:00:00
(RHSA-2008:0089) Important: kernel security and bug fix update
2008-01-23 00:00:00
ubuntucve
ubuntucve
CVE-2007-5904
2007-11-09 00:00:00
oraclelinux
oraclelinux
Moderate: kernel security and bug fix update
2008-03-14 00:00:00
Important: kernel security and bug fix update
2008-01-24 00:00:00
Updated kernel packages for Oracle Enterprise Linux 4.7
2008-08-01 00:00:00
suse
suse
remote denial of service in kernel
2007-12-03 17:05:19
remote denial of service in kernel
2008-03-28 14:11:32
local privilege escalation in kernel-rt
2008-03-06 17:51:13
osv
osv
fai-kernels linux-2.6 user-mode-linux - several vulnerabilities
2007-12-11 00:00:00
debian
debian
[SECURITY] [DSA 1428-2] New Linux 2.6.18 packages fix several vulnerabilities
2007-12-12 04:11:50
ubuntu
ubuntu
Linux kernel vulnerabilities
2008-06-19 00:00:00

0.027 Low

EPSS

Percentile

89.4%

JSON
Related for SSV:2426
prion1openvas20centos2nessus15veracode1cve1redhat2ubuntucve1oraclelinux3suse5osv1debian1ubuntu1