CVE编号
CVE-2007-3105利用情况
暂无补丁情况
没有补丁披露时间
2007-07-28漏洞描述
在Linux内核2.6中的sysfs_readdir函数,如在Red Hat EnterpriseLinux(RHEL)4.5和其他发行版中使用的那样,允许用户通过去引用一个指向dentry中的inode的空指针来导致拒绝服务(内核OOPS)。解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| http://secunia.com/advisories/26500 | |
| http://secunia.com/advisories/26643 | |
| http://secunia.com/advisories/26647 | |
| http://secunia.com/advisories/26651 | |
| http://secunia.com/advisories/26664 | |
| http://secunia.com/advisories/27212 | |
| http://secunia.com/advisories/27227 | |
| http://secunia.com/advisories/27322 | |
| http://secunia.com/advisories/27436 | |
| http://secunia.com/advisories/27747 | |
| http://secunia.com/advisories/29058 | |
| http://support.avaya.com/elmodocs2/security/ASA-2007-474.htm | |
| http://www.debian.org/security/2007/dsa-1363 | |
| http://www.debian.org/security/2008/dsa-1504 | |
| http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.22-git14.log | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:195 | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:196 | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:216 | |
| http://www.novell.com/linux/security/advisories/2007_51_kernel.html | |
| http://www.novell.com/linux/security/advisories/2007_53_kernel.html | |
| http://www.redhat.com/support/errata/RHSA-2007-0939.html | |
| http://www.redhat.com/support/errata/RHSA-2007-0940.html | |
| http://www.securityfocus.com/bid/25348 | |
| http://www.ubuntu.com/usn/usn-508-1 | |
| http://www.ubuntu.com/usn/usn-509-1 | |
| http://www.ubuntu.com/usn/usn-510-1 | |
| https://issues.rpath.com/browse/RPL-1650 | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | centos_5 | kernel | * |
Up to (excluding) 2.6.18-8.1.15.el5 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | linux | linux_kernel | * |
Up to (including) 2.6.22 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | oracle linux_5 | kernel | * |
Up to (excluding) 2.6.18-8.1.14.0.2.el5 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_5 | kernel | * |
Up to (excluding) 2.6.18-8.1.15.0.1.el5 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_5 | kernel | * |
Up to (excluding) 0:2.6.18-8.1.15.el5 |
|||||
- 攻击路径 本地
- 攻击复杂度 容易
- 权限要求 无需权限
- 影响范围 全局影响
- EXP成熟度 未验证
- 补丁情况 没有补丁
- 数据保密性 数据泄露
- 数据完整性 无影响
- 服务器危害 DoS
- 全网数量 N/A
还没有评论,来说两句吧...