Boletines de Vulnerabilidades |
Denegación de servicio en el Kernel de Linux |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Denegación de Servicio |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado | Linux kernel 2.6.13 < 2.6.20.1 |
Descripción |
|
Se ha descubierto una vulnerabilidad en el kernel de Linux 2.6.13 y en otras versiones hasta la 2.6.20.1. La vulnerabilidad reside en un error cuando maneja ciertas peticiones de acceso NFSACL ACCESS. Un atacante remoto podría causar una denegación de servicio mediante una petición de acceso NFSACL 2 ACCESS especialmente construida que provocase la liberación incorrecta de un puntero. |
|
Solución |
|
Actualización de software Mandriva (MDKSA-2007:060) Mandriva Linux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/kernel-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/kernel-BOOT-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/kernel-doc-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/kernel-i586-up-1GB-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/kernel-i686-up-4GB-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/kernel-smp-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/kernel-source-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/kernel-source-stripped-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/kernel-xbox-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/kernel-xen0-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/i586/kernel-xenU-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/kernel-2.6.12.31mdk-1-1mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/kernel-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/kernel-BOOT-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/kernel-doc-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/kernel-smp-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/kernel-source-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/kernel-source-stripped-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/kernel-xen0-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/x86_64/kernel-xenU-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/kernel-2.6.12.31mdk-1-1mdk.src.rpm Corporate Server 4.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/kernel-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/kernel-BOOT-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/kernel-doc-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/kernel-i586-up-1GB-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/kernel-i686-up-4GB-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/kernel-smp-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/kernel-source-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/kernel-source-stripped-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/kernel-xbox-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/kernel-xen0-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/i586/kernel-xenU-2.6.12.31mdk-1-1mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/kernel-2.6.12.31mdk-1-1mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/kernel-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/kernel-BOOT-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/kernel-doc-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/kernel-smp-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/kernel-source-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/kernel-source-stripped-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/kernel-xen0-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/x86_64/kernel-xenU-2.6.12.31mdk-1-1mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/4.0/SRPMS/kernel-2.6.12.31mdk-1-1mdk.src.rpm Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux Mandriva (MDKSA-2007:078) Mandriva Linux 2007 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-2.6.17.13mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-doc-2.6.17.13mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-enterprise-2.6.17.13mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-legacy-2.6.17.13mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-source-2.6.17.13mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-source-stripped-2.6.17.13mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-xen0-2.6.17.13mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/i586/kernel-xenU-2.6.17.13mdv-1-1mdv2007.0.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/kernel-2.6.17.13mdv-1-1mdv2007.0.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-2.6.17.13mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-doc-2.6.17.13mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-source-2.6.17.13mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-source-stripped-2.6.17.13mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-xen0-2.6.17.13mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/x86_64/kernel-xenU-2.6.17.13mdv-1-1mdv2007.0.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2007.0/SRPMS/kernel-2.6.17.13mdv-1-1mdv2007.0.src.rpm |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CVE-2007-0772 |
BID | 22625 |
Recursos adicionales |
|
SUSE Security Advisory (SUSE-SA:2007:018) http://www.novell.com/linux/security/advisories/2007_18_kernel.html Mandriva Security Advisory (MDKSA-2007:060) http://www.mandriva.com/security/advisories?name=MDKSA-2007:060 SUSE Security Advisory (SUSE-SA:2007:021) http://www.novell.com/linux/security/advisories/2007_21_kernel.html Mandriva Security Advisory (MDKSA-2007:078) http://www.mandriva.com/security/advisories?name=MDKSA-2007:078 |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2007-03-05 |
1.1 | Aviso emitido por Mandriva (MDKSA-2007:060) | 2007-03-13 |
1.2 | Aviso emitido por Suse (SUSE-SA:2007:021) | 2007-03-20 |
1.3 | Aviso actualizado por Mandriva (MDKSA-2007:078) | 2007-04-16 |