漏洞信息详情
Linux Kernel NFS和EXT3组合远程拒绝服务漏洞
漏洞简介
Linux kernel 2.6.x同时使用NFS和EXT3时,远程攻击者可以借助包含指定错误文件句柄(inode编号)的V2查找程序的特制UDP包,触发错误并造成导出的目录被重新安装为只读,从而引起拒绝服务(文件系统恐慌)。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Linux kernel 2.6.10
Ubuntu ide-modules-2.6.12-10-amd64-generic-di_2.6.12-10.32_amd64.udeb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/l/linux-source-2.6.12/ide- modules-2.6.12-10-amd64-generic-di_2.6.12-10.32_amd64.udeb
Linux kernel 2.6.3
Mandriva kernel-2.6.12.25mdk-1-1mdk.i586.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-2.6.12.25mdk-1-1mdk.x86_64.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-2.6.3.35mdk-1-1mdk.i586.rpm
Corporate 3.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-2.6.3.35mdk-1-1mdk.x86_64.rpm
Corporate 3.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-BOOT-2.6.12.25mdk-1-1mdk.i586.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-BOOT-2.6.12.25mdk-1-1mdk.x86_64.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-BOOT-2.6.3.35mdk-1-1mdk.i586.rpm
Corporate 3.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-BOOT-2.6.3.35mdk-1-1mdk.x86_64.rpm
Corporate 3.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-enterprise-2.6.3.35mdk-1-1mdk.i586.rpm
Corporate 3.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-i586-up-1GB-2.6.12.25mdk-1-1mdk.i586.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-i686-up-4GB-2.6.12.25mdk-1-1mdk.i586.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-i686-up-4GB-2.6.3.35mdk-1-1mdk.i586.rpm
Corporate 3.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-p3-smp-64GB-2.6.3.35mdk-1-1mdk.i586.rpm
Corporate 3.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-secure-2.6.3.35mdk-1-1mdk.i586.rpm
Corporate 3.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-secure-2.6.3.35mdk-1-1mdk.x86_64.rpm
Corporate 3.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-smp-2.6.12.25mdk-1-1mdk.i586.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-smp-2.6.12.25mdk-1-1mdk.x86_64.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-smp-2.6.3.35mdk-1-1mdk.i586.rpm
Corporate 3.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-smp-2.6.3.35mdk-1-1mdk.x86_64.rpm
Corporate 3.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-source-2.6.12.25mdk-1-1mdk.i586.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-source-2.6.12.25mdk-1-1mdk.x86_64.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-source-stripped-2.6.12.25mdk-1-1mdk.i586.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-source-stripped-2.6.12.25mdk-1-1mdk.x86_64.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-xbox-2.6.12.25mdk-1-1mdk.i586.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-xen0-2.6.12.25mdk-1-1mdk.i586.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-xen0-2.6.12.25mdk-1-1mdk.x86_64.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-xenU-2.6.12.25mdk-1-1mdk.i586.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads
Mandriva kernel-xenU-2.6.12.25mdk-1-1mdk.x86_64.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads
参考网址
来源: MISC
链接:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=199172
来源: MISC
链接:http://lkml.org/lkml/2006/7/17/41
来源: UBUNTU
名称: USN-346-1
链接:http://www.ubuntu.com/usn/usn-346-1
来源: TRUSTIX
名称: 2006-0046
链接:http://www.trustix.org/errata/2006/0046/
来源: BID
名称: 19396
链接:http://www.securityfocus.com/bid/19396
来源: REDHAT
名称: RHSA-2006:0617
链接:http://www.redhat.com/support/errata/RHSA-2006-0617.html
来源: SUSE
名称: SUSE-SA:2006:064
链接:http://www.novell.com/linux/security/advisories/2006_64_kernel.html
来源: SUSE
名称: SUSE-SA:2006:057
链接:http://www.novell.com/linux/security/advisories/2006_57_kernel.html
来源: SUSE
名称: SUSE-SR:2006:022
链接:http://www.novell.com/linux/security/advisories/2006_22_sr.html
来源: SUSE
名称: SUSE-SR:2006:021
链接:http://www.novell.com/linux/security/advisories/2006_21_sr.html
来源: MANDRIVA
名称: MDKSA-2006:151
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:151
来源: MANDRIVA
名称: MDKSA-2006:150
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:150
来源: DEBIAN
名称: DSA-1184
链接:http://www.debian.org/security/2006/dsa-1184
来源: support.avaya.com
链接:http://support.avaya.com/elmodocs2/security/ASA-2006-203.htm
来源: SECUNIA
名称: 22822
链接:http://secunia.com/advisories/22822
来源: SECUNIA
名称: 22174
链接:http://secunia.com/advisories/22174
来源: SECUNIA
名称: 22148
链接:http://secunia.com/advisories/22148
来源: SECUNIA
名称: 22093
链接:http://secunia.com/advisories/22093
来源: SECUNIA
名称: 21934
链接:http://secunia.com/advisories/21934
来源: SECUNIA
名称: 21847
链接:http://secunia.com/advisories/21847
来源: SECUNIA
名称: 21614
链接:http://secunia.com/advisories/21614
来源: SECUNIA
名称: 21605
链接:http://secunia.com/advisories/21605
来源: SECUNIA
名称: 21369
链接:http://secunia.com/advisories/21369
来源: MANDRIVA
名称: MDKSA-2006:151
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:151
来源: MANDRIVA
名称: MDKSA-2006:150
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:150
受影响实体
- Linux Linux_kernel:2.6.17:Rc6<!--2000-1-1-->
- Linux Linux_kernel:2.6.17.1<!--2000-1-1-->
- Linux Linux_kernel:2.6.17.2<!--2000-1-1-->
- Linux Linux_kernel:2.6.17.3<!--2000-1-1-->
- Linux Linux_kernel:2.6.17.4<!--2000-1-1-->
补丁
暂无
还没有评论,来说两句吧...