漏洞信息详情
Linux Kernel Driver Fault Handler 'mmap.c' 本地拒绝服务漏洞
- CNNVD编号:CNNVD-200802-103
- 危害等级: 低危
- CVE编号: CVE-2008-0007
- 漏洞类型: 资源管理错误
- 发布时间: 2008-02-07
- 威胁类型: 本地
- 更新时间: 2009-02-18
- 厂 商: linux
- 漏洞来源: The vendor disclos...
漏洞简介
Linux kernel 2.6.22.17之前的版本,某些驱动注册了故障处理程序,而这故障处理程序并没有执行范围检查,此时就会允许本地用户借助一个超出范围偏移访问内核存储器。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: http://www.kernel.org/pub/linux/kernel/v2.6/patch-2.6.24.1.bz2
参考网址
来源: UBUNTU 名称: USN-618-1 链接:http://www.ubuntu.com/usn/usn-618-1 来源: REDHAT 名称: RHSA-2008:0787 链接:http://www.redhat.com/support/errata/RHSA-2008-0787.HTML 来源: MANDRIVA 名称: MDVSA-2008:174 链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:174 来源: MANDRIVA 名称: MDVSA-2008:112 链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:112 来源: www.kernel.org 链接:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.17 来源: VUPEN 名称: ADV-2008-2222 链接:http://www.frsirt.com/english/advisories/2008/2222/references 来源: VUPEN 名称: ADV-2008-0445 链接:http://www.frsirt.com/english/advisories/2008/0445/references 来源: DEBIAN 名称: DSA-1565 链接:http://www.debian.org/security/2008/dsa-1565 来源: SECUNIA 名称: 33280 链接:http://secunia.com/advisories/33280 来源: SECUNIA 名称: 31246 链接:http://secunia.com/advisories/31246 来源: SECUNIA 名称: 30769 链接:http://secunia.com/advisories/30769 来源: SECUNIA 名称: 30116 链接:http://secunia.com/advisories/30116 来源: SECUNIA 名称: 30112 链接:http://secunia.com/advisories/30112 来源: SECUNIA 名称: 30110 链接:http://secunia.com/advisories/30110 来源: SECUNIA 名称: 30018 链接:http://secunia.com/advisories/30018 来源: MLIST 名称: [linux-kernel] 20080206 [patch 60/73] vm audit: add VM_DONTEXPAND to mmap for drivers that need it (CVE-2008-0007) 链接:http://lkml.org/lkml/2008/2/6/457 来源: MLIST 名称: [Security-announce] 20080728 VMSA-2008-00011 Updated ESX service console packages for Samba and vmnix 链接:http://lists.vmware.com/pipermail/security-announce/2008/000023.HTML 来源: SUSE 名称: SUSE-SA:2008:006 链接:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00002.HTML 来源: BID 名称: 27705 链接:http://www.securityfocus.com/bid/27705 来源: BID 名称: 27686 链接:http://www.securityfocus.com/bid/27686 来源: BUGTRAQ 名称: 20080208 rPSA-2008-0048-1 kernel 链接:http://www.securityfocus.com/archive/1/archive/1/487808/100/0/threaded 来源: REDHAT 名称: RHSA-2008:0237 链接:http://www.redhat.com/support/errata/RHSA-2008-0237.HTML 来源: REDHAT 名称: RHSA-2008:0233 链接:http://www.redhat.com/support/errata/RHSA-2008-0233.HTML 来源: REDHAT 名称: RHSA-2008:0211 链接:http://www.redhat.com/support/errata/RHSA-2008-0211.HTML 来源: MANDRIVA 名称: MDVSA-2008:072 链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:072 来源: MANDRIVA 名称: MDVSA-2008:044 链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:044 来源: www.kernel.org 链接:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.1 来源: DEBIAN 名称: DSA-1504 链接:http://www.debian.org/security/2008/dsa-1504 来源: DEBIAN 名称: DSA-1503 链接:http://www.debian.org/security/2008/dsa-1503 来源: wiki.rpath.com 链接:http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0048 来源: SECTRACK 名称: 1019357 链接:http://securitytracker.com/id?1019357 来源: SECUNIA 名称: 29570 链接:http://secunia.com/advisories/29570 来源: SECUNIA 名称: 29058 链接:http://secunia.com/advisories/29058 来源: SECUNIA 名称: 28826 链接:http://secunia.com/advisories/28826 来源: SECUNIA 名称: 28806 链接:http://secunia.com/advisories/28806 来源: SUSE 名称: SUSE-SA:2008:017 链接:http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00007.HTML
受影响实体
- Linux Linux_kernel:2.6.22.16
补丁
暂无
评论