|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Debian Local Security Checks >> [DSA1184] DSA-1184-2 kernel-source-2.6.8 Vulnerability Assessment Details
|
[DSA1184] DSA-1184-2 kernel-source-2.6.8 |
||
DSA-1184-2 kernel-source-2.6.8 Detailed Explanation for this Vulnerability Assessment This advisory covers the S/390 components of the recent security update for the Linux 2.6.8 kernel that were missing due to technical problems. For reference, please see the text of the original advisory. Several security related problems have been discovered in the Linux kernel which may lead to a denial of service or even the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Toshihiro Iwamoto discovered a memory leak in the handling of direct I/O writes that permits local users to cause a denial of service. A buffer overflow in NFS readlink handling permits a malicious remote server to cause a denial of service. Stephen Smalley discovered a bug in the SELinux ptrace handling that permits local users with ptrace permissions to change the tracer SID to the SID of another process. Pavel Kankovsky discovered an information leak in the getsockopt system call which can be exploited by a local program to leak potentially sensitive memory to userspace. Douglas Gilbert reported a bug in the sg driver that permits local users to cause a denial of service by performing direct I/O transfers from the sg driver to memory mapped I/O space. Mattia Belletti noticed that certain debugging code left in the process management code could be exploited by a local attacker to cause a denial of service. Kostik Belousov discovered a missing LSM file_permission check in the readv and writev functions which might permit attackers to bypass intended access restrictions. Patrick McHardy discovered a bug in the SNMP NAT helper that permits remote attackers to cause a denial of service. A race condition in the socket buffer handling permits remote attackers to cause a denial of service. Diego Calleja Garcia discovered a buffer overflow in the DVD handling code that could be exploited by a specially crafted DVD USB storage device to execute arbitrary code. A bug in the serial USB driver has been discovered that could be exploited by a custom made USB serial adapter to consume arbitrary amounts of memory. James McKenzie discovered a denial of service vulnerability in the NFS driver. When exporting an ext3 file system over NFS, a remote attacker could exploit this to trigger a file system panic by sending a specially crafted UDP packet. Wei Wang discovered a bug in the SCTP implementation that permits local users to cause a denial of service and possibly gain root rights. Olof Johansson discovered that the kernel does not disable the HID0 bit on PowerPC 970 processors which could be exploited by a local attacker to cause a denial of service. A bug in the Universal Disk Format (UDF) filesystem driver could be exploited by a local user to cause a denial of service. David Miller reported a problem with the fix for CVE-2006-3745 that permits local users to crash the system via an SCTP socket with a certain SO_LINGER value. The following matrix [...] Solution : http://www.debian.org/security/2006/dsa-1184 Network Security Threat Level: High Networks Security ID: 17203, 17830, 18081, 18099, 18101, 18105, 18847 Vulnerability Assessment Copyright: This script is (C) 2007 Michel Arboi |
||
Cables, Connectors |
LSI 9305-16i SATA SAS 12Gbs RAID Controller PCIe 3.0 x8 IT-Mode 4* 8643 SATA
$229.99
HPE 869102-001 Smart Array E208i-a SR Gen10 Storage Controller RAID SP: 871039
$116.99
Lot of 4 - Genuine Dell (62P9H) PERC H710 512MB Mini Blade 6Gbps SAS Raid
$44.99
Inspur LSI 9300-8i Raid Card 12Gbps HBA HDD Controller High Profile IT MODE
$15.98
LSI MegaRAID 9361-8i 12Gb PCIe 8-Port SAS/SATA RAID 1Gb w/BBU/CacheVault/License
$39.95
ORICO Multi Bay RAID Hard Drive Enclosure USB 3.0/ Type-C For 2.5/3.5'' HDD SSDs
$87.99
Dell PowerEdge RAID Controller HBA330 12Gbs PCIe 3.0 SAS SATA J7TNV Low Profile
$29.00
4 Bay RAID External Hard Drive Enclosure for 2.5/3.5" SATA HDD/SSD
$79.99
G TECHNOLOGY G RAID 0G04228 2-Bay Thunderbolt 2 RAID Array W/Power Supply
$99.99
|
||
No Discussions have been posted on this vulnerability. |