int(3409)

Boletines de Vulnerabilidades


Desbordamiento de búfer en el kernel de Linux

Clasificación de la vulnerabilidad

Propiedad Valor
Nivel de Confianza Oficial
Impacto Aumento de privilegios
Dificultad Experto
Requerimientos del atacante Acceso remoto con cuenta

Información sobre el sistema

Propiedad Valor
Fabricante afectado GNU/Linux
Software afectado Linux kernel < 2.6.22

Descripción

Se ha encontrado una vulnerabilidad del tipo desbordamiento en el kernel de Linux en las versiones anteriores a la 2.6.22. La vulnerabilidad reside en un error en la implementación del generador de números aleatorios.

Un atacante local con privilegios de root podría causar una denegación de servicio y aumentar sus privilegios mediante insertar el valor por defecto wakeup threshold a un valor mayor al tamaño de la output pool.

Solución



Actualización de software

Suse Linux
Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux.

Red Hat (RHSA-2007:0940-7)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
https://rhn.redhat.com/

Red Hat (RHSA-2007:0939-10)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
https://rhn.redhat.com/

Mandriva (MDKSA-2007:216)

Corporate Server 3.0
X86
corporate/3.0/i586/kernel-2.6.3.37mdk-1-1mdk.i586.rpm
corporate/3.0/i586/kernel-BOOT-2.6.3.37mdk-1-1mdk.i586.rpm
corporate/3.0/i586/kernel-doc-2.6.3-37mdk.i586.rpm
corporate/3.0/i586/kernel-enterprise-2.6.3.37mdk-1-1mdk.i586.rpm
corporate/3.0/i586/kernel-i686-up-4GB-2.6.3.37mdk-1-1mdk.i586.rpm
corporate/3.0/i586/kernel-p3-smp-64GB-2.6.3.37mdk-1-1mdk.i586.rpm
corporate/3.0/i586/kernel-secure-2.6.3.37mdk-1-1mdk.i586.rpm
corporate/3.0/i586/kernel-smp-2.6.3.37mdk-1-1mdk.i586.rpm
corporate/3.0/i586/kernel-source-2.6.3-37mdk.i586.rpm
corporate/3.0/i586/kernel-source-stripped-2.6.3-37mdk.i586.rpm
corporate/3.0/SRPMS/kernel-2.6.3.37mdk-1-1mdk.src.rpm
X86_64
corporate/3.0/x86_64/kernel-2.6.3.37mdk-1-1mdk.x86_64.rpm
corporate/3.0/x86_64/kernel-BOOT-2.6.3.37mdk-1-1mdk.x86_64.rpm
corporate/3.0/x86_64/kernel-doc-2.6.3-37mdk.x86_64.rpm
corporate/3.0/x86_64/kernel-secure-2.6.3.37mdk-1-1mdk.x86_64.rpm
corporate/3.0/x86_64/kernel-smp-2.6.3.37mdk-1-1mdk.x86_64.rpm
corporate/3.0/x86_64/kernel-source-2.6.3-37mdk.x86_64.rpm
corporate/3.0/x86_64/kernel-source-stripped-2.6.3-37mdk.x86_64.rpm
corporate/3.0/SRPMS/kernel-2.6.3.37mdk-1-1mdk.src.rpm

Multi Network Firewall 2.0
X86
mnf/2.0/i586/kernel-2.6.3.37mdk-1-1mdk.i586.rpm
mnf/2.0/i586/kernel-i686-up-4GB-2.6.3.37mdk-1-1mdk.i586.rpm
mnf/2.0/i586/kernel-p3-smp-64GB-2.6.3.37mdk-1-1mdk.i586.rpm
mnf/2.0/i586/kernel-secure-2.6.3.37mdk-1-1mdk.i586.rpm
mnf/2.0/i586/kernel-smp-2.6.3.37mdk-1-1mdk.i586.rpm
mnf/2.0/SRPMS/kernel-2.6.3.37mdk-1-1mdk.src.rpm

Debian (DSA-1504-1)

Debian Linux 3.1
Source
updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-6sarge1.dsc
updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-ia64_2.6.8-15sarge1.dsc
updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-17sarge1.diff.gz
updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-s390_2.6.8-6sarge1.tar.gz
updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-hppa_2.6.8-7sarge1.tar.gz
updates/main/f/fai-kernels/fai-kernels_1.9.1sarge8.dsc
updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-amd64_2.6.8-17sarge1.dsc
updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-alpha_2.6.8-17sarge1.tar.gz
updates/main/k/kernel-patch-powerpc-2.6.8/kernel-patch-powerpc-2.6.8_2.6.8-13sarge1.tar.gz
updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-hppa_2.6.8-7sarge1.dsc
updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-ia64_2.6.8-15sarge1.tar.gz
updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-amd64_2.6.8-17sarge1.tar.gz
updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-5sarge1.tar.gz
updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-sparc_2.6.8-16sarge1.tar.gz
updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-sparc_2.6.8-16sarge1.dsc
updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-alpha_2.6.8-17sarge1.dsc
updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-i386_2.6.8-17sarge1.tar.gz
updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-i386_2.6.8-17sarge1.dsc
updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-17sarge1.dsc
updates/main/k/kernel-patch-powerpc-2.6.8/kernel-patch-powerpc-2.6.8_2.6.8-13sarge1.dsc
updates/main/f/fai-kernels/fai-kernels_1.9.1sarge8.tar.gz
updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-m68k_2.6.8-5sarge1.dsc
updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8.orig.tar.gz
Arquitectura independiente
updates/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-17sarge1_all.deb
updates/main/k/kernel-image-2.6.8-s390/kernel-patch-2.6.8-s390_2.6.8-6sarge1_all.deb
updates/main/k/kernel-source-2.6.8/kernel-tree-2.6.8_2.6.8-17sarge1_all.deb
updates/main/k/kernel-source-2.6.8/kernel-doc-2.6.8_2.6.8-17sarge1_all.deb
updates/main/k/kernel-source-2.6.8/kernel-patch-debian-2.6.8_2.6.8-17sarge1_all.deb
alpha (DEC Alpha)
updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-4-generic_2.6.8-17sarge1_alpha.deb
updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-4-smp_2.6.8-17sarge1_alpha.deb
updates/main/k/kernel-image-2.6.8-alpha/kernel-headers-2.6.8-4_2.6.8-17sarge1_alpha.deb
updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-4-smp_2.6.8-17sarge1_alpha.deb
updates/main/k/kernel-image-2.6.8-alpha/kernel-image-2.6.8-4-generic_2.6.8-17sarge1_alpha.deb
amd64 (AMD x86_64 (AMD64))
updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-em64t-p4-smp_2.6.8-17sarge1_amd64.deb
updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-em64t-p4_2.6.8-17sarge1_amd64.deb
updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-amd64-generic_2.6.8-17sarge1_amd64.deb
updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-amd64-generic_2.6.8-17sarge1_amd64.deb
updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-amd64-k8-smp_2.6.8-17sarge1_amd64.deb
updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-em64t-p4-smp_2.6.8-17sarge1_amd64.deb
updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-amd64-k8_2.6.8-17sarge1_amd64.deb
updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13_2.6.8-17sarge1_amd64.deb
updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-amd64-k8-smp_2.6.8-17sarge1_amd64.deb
updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-amd64-k8_2.6.8-17sarge1_amd64.deb
updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-em64t-p4_2.6.8-17sarge1_amd64.deb
hppa (HP PA RISC)
updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-4_2.6.8-7sarge1_hppa.deb
updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-4-64_2.6.8-7sarge1_hppa.deb
updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-4-64-smp_2.6.8-7sarge1_hppa.deb
updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-4-64-smp_2.6.8-7sarge1_hppa.deb
updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-4-32-smp_2.6.8-7sarge1_hppa.deb
updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-4-32-smp_2.6.8-7sarge1_hppa.deb
updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-4-32_2.6.8-7sarge1_hppa.deb
updates/main/k/kernel-image-2.6.8-hppa/kernel-image-2.6.8-4-32_2.6.8-7sarge1_hppa.deb
updates/main/k/kernel-image-2.6.8-hppa/kernel-headers-2.6.8-4-64_2.6.8-7sarge1_hppa.deb
i386 (Intel ia32)
updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-4-k7-smp_2.6.8-17sarge1_i386.deb
updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-4-386_2.6.8-17sarge1_i386.deb
updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-amd64-k8-smp_2.6.8-17sarge1_i386.deb
updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-em64t-p4_2.6.8-17sarge1_i386.deb
updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-amd64-k8-smp_2.6.8-17sarge1_i386.deb
updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-em64t-p4-smp_2.6.8-17sarge1_i386.deb
updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-amd64-generic_2.6.8-17sarge1_i386.deb
updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-4-686_2.6.8-17sarge1_i386.deb
updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-em64t-p4_2.6.8-17sarge1_i386.deb
updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13_2.6.8-17sarge1_i386.deb
updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-4-686-smp_2.6.8-17sarge1_i386.deb
updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-4-k7-smp_2.6.8-17sarge1_i386.deb
updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-4_2.6.8-17sarge1_i386.deb
updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-4-386_2.6.8-17sarge1_i386.deb
updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-em64t-p4-smp_2.6.8-17sarge1_i386.deb
updates/main/k/kernel-image-2.6.8-i386/kernel-image-2.6.8-4-k7_2.6.8-17sarge1_i386.deb
updates/main/k/kernel-image-2.6.8-amd64/kernel-headers-2.6.8-13-amd64-k8_2.6.8-17sarge1_i386.deb
updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-4-686-smp_2.6.8-17sarge1_i386.deb
updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-4-686_2.6.8-17sarge1_i386.deb
updates/main/f/fai-kernels/fai-kernels_1.9.1sarge8_i386.deb
updates/main/k/kernel-image-2.6.8-i386/kernel-headers-2.6.8-4-k7_2.6.8-17sarge1_i386.deb
updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-amd64-generic_2.6.8-17sarge1_i386.deb
updates/main/k/kernel-image-2.6.8-amd64/kernel-image-2.6.8-13-amd64-k8_2.6.8-17sarge1_i386.deb
ia64 (Intel ia64)
updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-4-itanium_2.6.8-15sarge1_ia64.deb
updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-4-itanium-smp_2.6.8-15sarge1_ia64.deb
updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley-smp_2.6.8-15sarge1_ia64.deb
updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-mckinley_2.6.8-15sarge1_ia64.deb
updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-4_2.6.8-15sarge1_ia64.deb
updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley_2.6.8-15sarge1_ia64.deb
updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-mckinley-smp_2.6.8-15sarge1_ia64.deb
updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium_2.6.8-15sarge1_ia64.deb
updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-4-itanium_2.6.8-15sarge1_ia64.deb
updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-4-mckinley_2.6.8-15sarge1_ia64.deb
updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6-itanium-smp_2.6.8-15sarge1_ia64.deb
updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-4-mckinley_2.6.8-15sarge1_ia64.deb
updates/main/k/kernel-image-2.6.8-ia64/kernel-headers-2.6.8-4-mckinley-smp_2.6.8-15sarge1_ia64.deb
updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-4-itanium-smp_2.6.8-15sarge1_ia64.deb
updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium_2.6.8-15sarge1_ia64.deb
updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6.8-4-mckinley-smp_2.6.8-15sarge1_ia64.deb
updates/main/k/kernel-image-2.6.8-ia64/kernel-image-2.6-itanium-smp_2.6.8-15sarge1_ia64.deb
m68k (Motorola Mc680x0)
updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-sun3_2.6.8-5sarge1_m68k.deb
updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme16x_2.6.8-5sarge1_m68k.deb
updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-q40_2.6.8-5sarge1_m68k.deb
updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-amiga_2.6.8-5sarge1_m68k.deb
updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-hp_2.6.8-5sarge1_m68k.deb
updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mac_2.6.8-5sarge1_m68k.deb
updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-mvme147_2.6.8-5sarge1_m68k.deb
updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-bvme6000_2.6.8-5sarge1_m68k.deb
updates/main/k/kernel-image-2.6.8-m68k/kernel-image-2.6.8-atari_2.6.8-5sarge1_m68k.deb
powerpc (PowerPC)
updates/main/k/kernel-patch-powerpc-2.6.8/kernel-headers-2.6.8-4_2.6.8-13sarge1_powerpc.deb
updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-4-power3-smp_2.6.8-13sarge1_powerpc.deb
updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-4-power3_2.6.8-13sarge1_powerpc.deb
updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-4-powerpc-smp_2.6.8-13sarge1_powerpc.deb
updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-4-power4-smp_2.6.8-13sarge1_powerpc.deb
updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-4-power3_2.6.8-13sarge1_powerpc.deb
updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-4-powerpc_2.6.8-13sarge1_powerpc.deb
updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-4-power4-smp_2.6.8-13sarge1_powerpc.deb
updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-4-powerpc_2.6.8-13sarge1_powerpc.deb
updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-4-power4_2.6.8-13sarge1_powerpc.deb
updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-4-powerpc-smp_2.6.8-13sarge1_powerpc.deb
updates/main/k/kernel-patch-powerpc-2.6.8/kernel-build-2.6.8-4-power3-smp_2.6.8-13sarge1_powerpc.deb
updates/main/k/kernel-patch-powerpc-2.6.8/kernel-image-2.6.8-4-power4_2.6.8-13sarge1_powerpc.deb
s390 (IBM S/390)
updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-4-s390x_2.6.8-6sarge1_s390.deb
updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-4-s390_2.6.8-6sarge1_s390.deb
updates/main/k/kernel-image-2.6.8-s390/kernel-headers-2.6.8-4_2.6.8-6sarge1_s390.deb
updates/main/k/kernel-image-2.6.8-s390/kernel-image-2.6.8-4-s390-tape_2.6.8-6sarge1_s390.deb
sparc (Sun SPARC/UltraSPARC)
updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-4-sparc64-smp_2.6.8-16sarge1_sparc.deb
updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-4_2.6.8-16sarge1_sparc.deb
updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-4-sparc32_2.6.8-16sarge1_sparc.deb
updates/main/k/kernel-image-2.6.8-sparc/kernel-image-2.6.8-4-sparc64_2.6.8-16sarge1_sparc.deb
updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-4-sparc32_2.6.8-16sarge1_sparc.deb
updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-4-sparc64-smp_2.6.8-16sarge1_sparc.deb
updates/main/k/kernel-image-2.6.8-sparc/kernel-build-2.6.8-4_2.6.8-16sarge1_sparc.deb
updates/main/k/kernel-image-2.6.8-sparc/kernel-headers-2.6.8-4-sparc64_2.6.8-16sarge1_sparc.deb

Identificadores estándar

Propiedad Valor
CVE CVE-2007-3105
BID 25348

Recursos adicionales

SUSE Security Advisory (SUSE-SA:2007:051)
http://www.novell.com/linux/security/advisories/2007_51_kernel.html

SUSE Security Advisory (SUSE-SA:2007:053)
http://www.novell.com/linux/security/advisories/2007_53_kernel.html

Red Hat Security Advisory (RHSA-2007:0940-7)
https://rhn.redhat.com/errata/RHSA-2007-0940.html

Red Hat Security Advisory (RHSA-2007:0939-10)
https://rhn.redhat.com/errata/RHSA-2007-0939.html

Mandriva Security Advisory (MDKSA-2007:216)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:216

Debian Security Advisory (DSA-1504-1)
http://lists.debian.org/debian-security-announce/2008/msg00068.html

Histórico de versiones

Versión Comentario Fecha
1.0 Aviso emitido 2007-09-07
1.1 Aviso emitido por Suse (SUSE-SA:2007:053) 2007-10-15
1.2 Aviso emitido por Red Hat (RHSA-2007:0940-7) 2007-10-24
1.3 Aviso emitido por Red Hat (RHSA-2007:0939-10) 2007-11-06
1.4 Aviso emitido por Mandriva (MDKSA-2007:216) 2007-11-15
1.5 Aviso emitido por Debian (DSA-1504-1) 2008-02-26

Miembros de

Ministerio de Defensa
CNI
CCN
CCN-CERT