Boletines de Vulnerabilidades |
Múltiples vulnerabilidades en el kernel de Linux |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Denegación de Servicio |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado | Linux Kernel 2.6 |
Descripción |
|
Se han descubierto múltiples vulnerabilidades en la rama 2.6 del kernel de Linux. Las vulnerabilidades son descritas a continuación: - CVE-2005-3623: Usuarios remotos podrían configurar ACLs en sistemas de ficheros NFS exportados como solo lectura. - CVE-2005-3808: Desbordamiento de entero en plataformas de 32 bits en llamadas mmap de 64 bits podrían permitir a un atacante local provocar una situación de denegación de servicio. - CVE-2005-4635: Error de validación de entrada en las cabeceras y payloads de mensajes netlink podrían permitir a un atacante remoto provocar una situación de denegación de servicio del sistema. - CVE-2006-0454: Error en la creación de determinados paquetes ICMP podrían permitir a un atacante remoto provocar una situación de denegación de servicio del sistema. |
|
Solución |
|
Actualización de software SUSE LINUX SUSE LINUX 10.0 x86 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/Intel-536ep-4.69-14.3.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-bigsmp-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-bigsmp-nongpl-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-default-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-default-nongpl-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-smp-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-smp-nongpl-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-source-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-syms-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-um-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-um-nongpl-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-xen-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/kernel-xen-nongpl-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/um-host-kernel-2.6.13-15.8.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-3.0_8259-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-devel-3.0_8259-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-doc-html-3.0_8259-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-doc-pdf-3.0_8259-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-doc-ps-3.0_8259-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-tools-3.0_8259-0.1.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/xen-tools-ioemu-3.0_8259-0.1.i586.rpm Power PC ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-default-2.6.13-15.8.ppc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-iseries64-2.6.13-15.8.ppc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-ppc64-2.6.13-15.8.ppc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-source-2.6.13-15.8.ppc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/kernel-syms-2.6.13-15.8.ppc.rpm x86-64 ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-default-2.6.13-15.8.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-default-nongpl-2.6.13-15.8.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-smp-2.6.13-15.8.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-smp-nongpl-2.6.13-15.8.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-source-2.6.13-15.8.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-syms-2.6.13-15.8.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-xen-2.6.13-15.8.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/kernel-xen-nongpl-2.6.13-15.8.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-3.0_8259-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-devel-3.0_8259-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-doc-html-3.0_8259-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-doc-pdf-3.0_8259-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-doc-ps-3.0_8259-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-tools-3.0_8259-0.1.x86_64.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/xen-tools-ioemu-3.0_8259-0.1.x86_64.rpm Sources ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/Intel-536ep-4.69-14.3.src.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-bigsmp-2.6.13-15.8.nosrc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-default-2.6.13-15.8.nosrc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-iseries64-2.6.13-15.8.nosrc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-ppc64-2.6.13-15.8.nosrc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-smp-2.6.13-15.8.nosrc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-source-2.6.13-15.8.nosrc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-source-2.6.13-15.8.src.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-syms-2.6.13-15.8.src.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-um-2.6.13-15.8.nosrc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/kernel-xen-2.6.13-15.8.nosrc.rpm ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/src/xen-3.0_8259-0.1.src.rpm Mandriva Mandrivalinux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/kernel-2.6.12.17mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/kernel-i586-up-1GB-2.6.12.17mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/kernel-i686-up-4GB-2.6.12.17mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/kernel-smp-2.6.12.17mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/kernel-source-2.6-2.6.12-17mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/kernel-source-stripped-2.6-2.6.12-17mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/kernel-xbox-2.6.12.17mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/kernel-xen0-2.6.12.17mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/kernel-xenU-2.6.12.17mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/kernel-2.6.12.17mdk-1-1mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/kernel-2.6.12.17mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/kernel-smp-2.6.12.17mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/kernel-source-2.6-2.6.12-17mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/kernel-source-stripped-2.6-2.6.12-17mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/kernel-2.6.12.17mdk-1-1mdk.src.rpm |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE |
CVE-2005-3623 CVE-2005-3808 CVE-2005-4635 CVE-2006-0454 |
BID | |
Recursos adicionales |
|
SUSE Security Announcement SUSE-SA:2006:006 http://www.novell.com/linux/security/advisories/2006_06_kernel.html Mandriva Security Advisory (MDKSA-2006:040) http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:040 |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2006-02-10 |
1.1 | Aviso emitido por Mandriva (MDKSA-2006:040) | 2006-02-20 |