正文

Linux kernel 代码问题漏洞

admin
admin V管理员 /0 评论 /6 阅读
0105
此篇文章发布距今已超过1223天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Linux kernel 代码问题漏洞

  • CNNVD编号:CNNVD-200908-439
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-2009-2698
  • 漏洞类型: 其他
  • 发布时间: 2009-08-27
  • 威胁类型: 本地
  • 更新时间: 2009-08-28
  • 厂        商: linux
  • 漏洞来源: Tavis Ormandy tav...

漏洞简介

Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。NFSv4 implementation是其中的一个分布式文件系统协议。 Linux Kernel 2.6.19之前版本的net/ipv4/udp.c和net/ipv6/udp.c中的UDP实现的udp_sendmsg函数中存在权限提升漏洞。本地非特权用户可借助与MSG_MORE标记和UDP套接字有关的向量获得特权或导致拒绝服务(空指针解引用和系统崩溃)。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

Ubuntu Ubuntu Linux 8.10 powerpc

Ubuntu linux-doc-2.6.27_2.6.27-15.43_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc-2.6.27_2 .6.27-15.43_all.deb

Ubuntu linux-headers-2.6.27-15_2.6.27-15.43_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6. 27-15_2.6.27-15.43_all.deb

Ubuntu linux-source-2.6.27_2.6.27-15.43_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.2 7_2.6.27-15.43_all.deb

Ubuntu Ubuntu Linux 9.04 sparc

Ubuntu linux-doc-2.6.28_2.6.28-16.55_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc-2.6.28_2 .6.28-16.55_all.deb

Ubuntu linux-headers-2.6.28-16_2.6.28-16.55_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6. 28-16_2.6.28-16.55_all.deb

Ubuntu linux-source-2.6.28_2.6.28-16.55_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.2 8_2.6.28-16.55_all.deb

Ubuntu Ubuntu Linux 8.10 sparc

Ubuntu linux-doc-2.6.27_2.6.27-15.43_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc-2.6.27_2 .6.27-15.43_all.deb

Ubuntu linux-headers-2.6.27-15_2.6.27-15.43_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6. 27-15_2.6.27-15.43_all.deb

Ubuntu linux-source-2.6.27_2.6.27-15.43_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.2 7_2.6.27-15.43_all.deb

Ubuntu Ubuntu Linux 9.04 lpia

Ubuntu block-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb

http://ports.ubuntu.com/pool/main/l/linux/block-modules-2.6.28-16-lpia -di_2.6.28-16.55_lpia.udeb

Ubuntu crypto-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb

http://ports.ubuntu.com/pool/main/l/linux/crypto-modules-2.6.28-16-lpi a-di_2.6.28-16.55_lpia.udeb

Ubuntu fat-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb

http://ports.ubuntu.com/pool/main/l/linux/fat-modules-2.6.28-16-lpia-d i_2.6.28-16.55_lpia.udeb

Ubuntu fb-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb

http://ports.ubuntu.com/pool/main/l/linux/fb-modules-2.6.28-16-lpia-di _2.6.28-16.55_lpia.udeb

Ubuntu firewire-core-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb

http://ports.ubuntu.com/pool/main/l/linux/firewire-core-modules-2.6.28 -16-lpia-di_2.6.28-16.55_lpia.udeb

Ubuntu floppy-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb

http://ports.ubuntu.com/pool/main/l/linux/floppy-modules-2.6.28-16-lpi a-di_2.6.28-16.55_lpia.udeb

Ubuntu fs-core-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb

http://ports.ubuntu.com/pool/main/l/linux/fs-core-modules-2.6.28-16-lp ia-di_2.6.28-16.55_lpia.udeb

Ubuntu fs-secondary-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb

http://ports.ubuntu.com/pool/main/l/linux/fs-secondary-modules-2.6.28- 16-lpia-di_2.6.28-16.55_lpia.udeb

Ubuntu input-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb

http://ports.ubuntu.com/pool/main/l/linux/input-modules-2.6.28-16-lpia -di_2.6.28-16.55_lpia.udeb

Ubuntu irda-modules-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb

http://ports.ubuntu.com/pool/main/l/linux/irda-modules-2.6.28-16-lpia- di_2.6.28-16.55_lpia.udeb

Ubuntu kernel-image-2.6.28-16-lpia-di_2.6.28-16.55_lpia.udeb

http://ports.ubuntu.com/pool/main/l/linux/kernel-image-2.6.28-16-lpia- di_2.6.28-16.55_lpia.udeb

Ubuntu linux-doc-2.6.28_2.6.28-16.55_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-doc-2.6.28_2 .6.28-16.55_all.deb

Ubuntu linux-headers-2.6.28-16-lpia_2.6.28-16.55_lpia.deb

http://ports.ubuntu.com/pool/main/l/linux/linux-headers-2.6.28-16-lpia _2.6.28-16.55_lpia.deb

Ubuntu linux-headers-2.6.28-16_2.6.28-16.55_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-headers-2.6. 28-16_2.6.28-16.55_all.deb

Ubuntu linux-image-2.6.28-16-lpia_2.6.28-16.55_lpia.deb

http://ports.ubuntu.com/pool/main/l/linux/linux-image-2.6.28-16-lpia_2 .6.28-16.55_lpia.deb

Ubuntu linux-libc-dev_2.6.28-16.55_lpia.deb

http://ports.ubuntu.com/pool/main/l/linux/linux-libc-dev_2.6.28-16.55_ lpia.deb

Ubuntu linux-source-2.6.28_2.6.28-16.55_all.deb

http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-

参考网址

来源: BID

名称: 36108

链接:http://www.securityfocus.com/bid/36108

来源: bugzilla.redhat.com

链接:https://bugzilla.redhat.com/show_bug.cgi?id=518034

来源: SECTRACK

名称: 1022761

链接:http://www.securitytracker.com/id?1022761

来源: REDHAT

名称: RHSA-2009:1233

链接:http://www.redhat.com/support/errata/RHSA-2009-1233.html

来源: MLIST

名称: [oss-security] 20090825 CVE-2009-2698 kernel: udp socket NULL ptr dereference

链接:http://www.openwall.com/lists/oss-security/2009/08/25/1

来源: www.kernel.org

链接:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19

来源: SECUNIA

名称: 36510

链接:http://secunia.com/advisories/36510

来源: SECUNIA

名称: 36430

链接:http://secunia.com/advisories/36430

来源: SECUNIA

名称: 23073

链接:http://secunia.com/advisories/23073

来源: REDHAT

名称: RHSA-2009:1223

链接:http://rhn.redhat.com/errata/RHSA-2009-1223.html

来源: REDHAT

名称: RHSA-2009:1222

链接:http://rhn.redhat.com/errata/RHSA-2009-1222.html

来源: SUSE

名称: SUSE-SA:2009:046

链接:http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00008.html

来源: git.kernel.org

链接:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1e0c14f49d6b393179f423abbac47f85618d3d46

受影响实体

  • Linux Linux_kernel:2.6.18.8  
    <!--
    2000-1-1
    -->
  • Linux Linux_kernel:2.6.18.7  
    <!--
    2000-1-1
    -->
  • Linux Linux_kernel:2.6.18.6  
    <!--
    2000-1-1
    -->
  • Linux Linux_kernel:2.6.18.5  
    <!--
    2000-1-1
    -->
  • Linux Linux_kernel:2.6.18.4  
    <!--
    2000-1-1
    -->

补丁

    暂无