Vulnerability Bulletins

int(2183)

Vulnerability Bulletins

Múltiples vulnerabilidades en el kernel de Linux
Vulnerability classification
Property	Value
Confidence level	Oficial
Impact	Denegación de Servicio
Dificulty	Experto
Required attacker level	Acceso remoto sin cuenta a un servicio estandar
System information
Property	Value
Affected manufacturer	GNU/Linux
Affected software	Linux Kernel 2.6
Description
Se han descubierto múltiples vulnerabilidades en la rama 2.6 del kernel de Linux. Las vulnerabilidades son descritas a continuación: - CVE-2005-3623: Usuarios remotos podrían configurar ACLs en sistemas de ficheros NFS exportados como solo lectura. - CVE-2005-3808: Desbordamiento de entero en plataformas de 32 bits en llamadas mmap de 64 bits podrían permitir a un atacante local provocar una situación de denegación de servicio. - CVE-2005-4635: Error de validación de entrada en las cabeceras y payloads de mensajes netlink podrían permitir a un atacante remoto provocar una situación de denegación de servicio del sistema. - CVE-2006-0454: Error en la creación de determinados paquetes ICMP podrían permitir a un atacante remoto provocar una situación de denegación de servicio del sistema.
Solution
Actualización de software SUSE LINUX SUSE LINUX 10.0 x86 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/Intel-536ep-4.69-14.3.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-bigsmp-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-bigsmp-nongpl-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-default-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-default-nongpl-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-smp-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-smp-nongpl-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-source-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-syms-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-um-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-um-nongpl-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-xen-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-xen-nongpl-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/um-host-kernel-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-3.0_8259-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-devel-3.0_8259-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-doc-html-3.0_8259-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-doc-pdf-3.0_8259-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-doc-ps-3.0_8259-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-tools-3.0_8259-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-tools-ioemu-3.0_8259-0.1.i586.rpm Power PC ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-default-2.6.13-15.8.ppc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-iseries64-2.6.13-15.8.ppc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-ppc64-2.6.13-15.8.ppc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-source-2.6.13-15.8.ppc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-syms-2.6.13-15.8.ppc.rpm x86-64 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-default-2.6.13-15.8.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-default-nongpl-2.6.13-15.8.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-smp-2.6.13-15.8.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-smp-nongpl-2.6.13-15.8.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-source-2.6.13-15.8.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-syms-2.6.13-15.8.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-xen-2.6.13-15.8.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-xen-nongpl-2.6.13-15.8.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-3.0_8259-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-devel-3.0_8259-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-doc-html-3.0_8259-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-doc-pdf-3.0_8259-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-doc-ps-3.0_8259-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-tools-3.0_8259-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-tools-ioemu-3.0_8259-0.1.x86_64.rpm Sources ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/Intel-536ep-4.69-14.3.src.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-bigsmp-2.6.13-15.8.nosrc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-default-2.6.13-15.8.nosrc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-iseries64-2.6.13-15.8.nosrc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-ppc64-2.6.13-15.8.nosrc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-smp-2.6.13-15.8.nosrc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-source-2.6.13-15.8.nosrc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-source-2.6.13-15.8.src.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-syms-2.6.13-15.8.src.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-um-2.6.13-15.8.nosrc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-xen-2.6.13-15.8.nosrc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/xen-3.0_8259-0.1.src.rpm Mandriva Mandrivalinux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/kernel-2.6.12.17mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/kernel-i586-up-1GB-2.6.12.17mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/kernel-i686-up-4GB-2.6.12.17mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/kernel-smp-2.6.12.17mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/kernel-source-2.6-2.6.12-17mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/kernel-source-stripped-2.6-2.6.12-17mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/kernel-xbox-2.6.12.17mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/kernel-xen0-2.6.12.17mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/kernel-xenU-2.6.12.17mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/kernel-2.6.12.17mdk-1-1mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/kernel-2.6.12.17mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/kernel-smp-2.6.12.17mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/kernel-source-2.6-2.6.12-17mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/kernel-source-stripped-2.6-2.6.12-17mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/kernel-2.6.12.17mdk-1-1mdk.src.rpm
Standar resources
Property	Value
CVE	CVE-2005-3623 CVE-2005-3808 CVE-2005-4635 CVE-2006-0454
BID
Other resources
SUSE Security Announcement SUSE-SA:2006:006 http://www.novell.com/linux/security/advisories/2006_06_kernel.html Mandriva Security Advisory (MDKSA-2006:040) http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:040

Version history
Version	Comments	Date
1.0	Aviso emitido	2006-02-10
1.1	Aviso emitido por Mandriva (MDKSA-2006:040)	2006-02-20

Vulnerability Bulletins

Múltiples vulnerabilidades en el kernel de Linux

Vulnerability classification

System information

Description

Solution

Standar resources

Other resources

Version history