Vulnerability Bulletins

int(3031)

Vulnerability Bulletins

Denegación de servicio en el Kernel de Linux
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Denegación de Servicio
Dificulty	Experto
Required attacker level	Acceso remoto sin cuenta a un servicio exotico
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	Linux kernel 2.6.13 < 2.6.20.1
Description
Se ha descubierto una vulnerabilidad en el kernel de Linux 2.6.13 y en otras versiones hasta la 2.6.20.1. La vulnerabilidad reside en un error cuando maneja ciertas peticiones de acceso NFSACL ACCESS. Un atacante remoto podría causar una denegación de servicio mediante una petición de acceso NFSACL 2 ACCESS especialmente construida que provocase la liberación incorrecta de un puntero.
Solution
Actualización de software Mandriva (MDKSA-2007:060) Mandriva Linux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/kernel-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/kernel-BOOT-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/kernel-doc-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/kernel-i586-up-1GB-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/kernel-i686-up-4GB-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/kernel-smp-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/kernel-source-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/kernel-source-stripped-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/kernel-xbox-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/kernel-xen0-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/kernel-xenU-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/kernel-2.6.12.31mdk-1-1mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/kernel-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/kernel-BOOT-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/kernel-doc-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/kernel-smp-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/kernel-source-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/kernel-source-stripped-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/kernel-xen0-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/kernel-xenU-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/kernel-2.6.12.31mdk-1-1mdk.src.rpm Corporate Server 4.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/kernel-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/kernel-BOOT-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/kernel-doc-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/kernel-i586-up-1GB-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/kernel-i686-up-4GB-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/kernel-smp-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/kernel-source-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/kernel-source-stripped-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/kernel-xbox-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/kernel-xen0-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/kernel-xenU-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/kernel-2.6.12.31mdk-1-1mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/kernel-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/kernel-BOOT-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/kernel-doc-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/kernel-smp-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/kernel-source-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/kernel-source-stripped-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/kernel-xen0-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/kernel-xenU-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/kernel-2.6.12.31mdk-1-1mdk.src.rpm Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux Mandriva (MDKSA-2007:078) Mandriva Linux 2007 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-2.6.17.13mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-doc-2.6.17.13mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-enterprise-2.6.17.13mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-legacy-2.6.17.13mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-source-2.6.17.13mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-source-stripped-2.6.17.13mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-xen0-2.6.17.13mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-xenU-2.6.17.13mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/kernel-2.6.17.13mdv-1-1mdv2007.0.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-2.6.17.13mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-doc-2.6.17.13mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-source-2.6.17.13mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-source-stripped-2.6.17.13mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-xen0-2.6.17.13mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-xenU-2.6.17.13mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/kernel-2.6.17.13mdv-1-1mdv2007.0.src.rpm
Standar resources
Property	Value
CVE	CVE-2007-0772
BID	22625
Other resources
SUSE Security Advisory (SUSE-SA:2007:018) http://www.novell.com/linux/security/advisories/2007_18_kernel.html Mandriva Security Advisory (MDKSA-2007:060) http://www.mandriva.com/security/advisories?name=MDKSA-2007:060 SUSE Security Advisory (SUSE-SA:2007:021) http://www.novell.com/linux/security/advisories/2007_21_kernel.html Mandriva Security Advisory (MDKSA-2007:078) http://www.mandriva.com/security/advisories?name=MDKSA-2007:078

Version history
Version	Comments	Date
1.0	Aviso emitido	2007-03-05
1.1	Aviso emitido por Mandriva (MDKSA-2007:060)	2007-03-13
1.2	Aviso emitido por Suse (SUSE-SA:2007:021)	2007-03-20
1.3	Aviso actualizado por Mandriva (MDKSA-2007:078)	2007-04-16

Vulnerability Bulletins

Denegación de servicio en el Kernel de Linux

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history