LinuxХР Поддержка Клуб Линукс-ХР

Лицензионное ПО доступно каждому!



 
29.01.2010

Обнаруженные уязвимости с 21 по 29 января 2009 года

    Оглавление


    2010-01-29
  1. GNU gzip Integer Underflow and Input Validation Vulnerabilities
  2. Проблема символьных линков в GNU coreutils
  3. MIT krb5 KDC denial of service in cross-realm referral processing
  4. Linux kernel ipv6_hop_jumbo function allows remote attackers to cause a denial of service
  5. Linux kernel print_fatal_signal function local Vulnerability






    Возврат к списку


  1. GNU gzip Integer Underflow and Input Validation Vulnerabilities


    2. Description: Two vulnerabilities have been identified in GNU gzip, which could be exploited by attackers to compromise a vulnerable system.

    The first issue is caused by an integer underflow error when processing malformed files compressed with the Lempel-Ziv-Welch (LZW) compression algorithm, which could be exploited to crash an affected application or execute arbitrary code by tricking a user into decompressing a specially crafted file.

    The second vulnerability is caused by an input validation error when decompressing data blocks for dynamic Huffman codes, which could be exploited to crash an affected application or execute arbitrary code by tricking a user into decompressing a specially crafted archive.

    CVE:CVE-2009-2624 CVE-2010-0001
    URL: http://www.vupen.com/english/advisories/2010/0185
    Date: 2010-01-21


    Возврат к списку


  2. Проблема символьных линков в GNU coreutils


    3. Description: Проблема символьных линков при работе с временными файлами в dist-check.mk

    CVE:CVE-2009-4135
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4135
    Date: 2010-01-26


    Возврат к списку


  3. MIT krb5 KDC denial of service in cross-realm referral processing

    4. Замечание: в описании сразу патч приведен
    Description: An unauthenticated remote attacker could cause the KDC to crash due to a null pointer dereference. Legitimate requests can also cause this crash to occur.

    CVE:--
    URL: http://www.securiteam.com/unixfocus/5MP2W0K0AK.html
    Date: 2010-01-01


    Возврат к списку


  4. Linux kernel ipv6_hop_jumbo function allows remote attackers to cause a denial of service

    5. --
    Description: The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram, a related issue to CVE-2007-4567.

    CVE:CVE-2010-0006
    URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0006
    Date: 2010-01-27


    Возврат к списку


  5. Linux kernel print_fatal_signal function local Vulnerability


    6. Description: The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address.

    CVE:CVE-2010-0003
    URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0003
    Date: 2010-01-27





    Возврат к списку

© «Linux ХР», 2008-2009. Тел. (495) 980-23-45   Контакты   Карта сайта   RSS   Разработка сайта: «Ксан-презентации», «Ума»