Computer Security
[EN] securityvulns.ru no-pyccku


Linux kernel multiple security vulnerabilities
updated since 14.10.2008
Published:18.10.2008
Source:
SecurityVulns ID:9357
Type:local
Threat Level:
6/10
Описание:Многочисленные DoS-условия, повышение привилегий группы через файловую систему и через системные вызовы
Affected:LINUX : kernel 2.6
CVE:CVE-2008-4445 (The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function, a different vulnerability than CVE-2008-4113.)
 CVE-2008-4302 (fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool.)
 CVE-2008-4210 (fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O.)
 CVE-2008-4113 (The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function.)
 CVE-2008-3833 (The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210.)
 CVE-2008-3831 (The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration.)
 CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions.)
 CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem in the Linux kernel 2.6.26.3 does not check for the CAP_NET_ADMIN capability before processing a (1) SIOCDEVRESINSTATS, (2) SIOCDEVSHWSTATE, (3) SIOCDEVENSLAVE, or (4) SIOCDEVEMANSIPATE ioctl request, which allows local users to bypass intended capability restrictions.)
 CVE-2008-1514 (ptrace in Linux kernel 2.6.9 on Fedora 7 and 8 allows local users to cause a denial of service (kernel panic) via the user-area-padding test from the ptrace testsuite, which triggers an invalid dereference.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1655-1] New Linux 2.6.24 packages fix several vulnerabilities (18.10.2008)
 documentDEBIAN, [SECURITY] [DSA 1653-1] New Linux 2.6.18 packages fix several vulnerabilities (14.10.2008)

Adobe Flash CS3 Professional / Adobe Flash MX 2004 multiple buffer overflows
Published:18.10.2008
Source:
SecurityVulns ID:9375
Type:local
Threat Level:
5/10
Description:Multiple heap buffer overflows on .SWF files parsing.
Affected:ADOBE : Flash MX 2004
 ADOBE : Flash Professional CS3
Original documentdocumentPaul Craig, Multiple Flash Authoring Heap Overflows - Malformed SWF Files (18.10.2008)

GNU tar buffer overflow
updated since 18.10.2007
Published:18.10.2008
Source:
SecurityVulns ID:8267
Type:client
Threat Level:
5/10
CVE:CVE-2007-4476 (Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack.")

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod