Vendor Status Note JVNCIAC-R-117

Linux のカーネルに複数の脆弱性

Red Hat Enterprise Linux にて標準で提供されている Linux のカーネルには、複数の脆弱性があります。

ローカルユーザが任意のコードを実行したり、サービス運用妨害 (DoS) 攻撃を行ったりする可能性があります。

ベンダ	リンク	更新日
Debian	Debian Security Advisory DSA-1233 kernel-source-2.6.8 -- several vulnerabilities
	Debian Security Advisory DSA-1237 kernel-source-2.4.27 -- several vulnerabilities
Red Hat	Red Hat Security Advisory RHSA-2007:0014 Important: kernel security update

1. ISS X-Force Database: kernel-ia64-sparc-elf-dos(29007)
   Linux kernel IA64 and SPARC ELF denial of service
2. ISS X-Force Database: linux-mincore-dos(30999)
   Linux kernel mincore() function denial of service
3. ISS X-Force Database: kernel-copyfromuser-information-disclosure(29378)
   Linux kernel copy_from_User information disclosure
4. ISS X-Force Database: kernel-seqfile-ipv6-dos(29970)
   Linux Kernel seqfile IPv6 flowlabel denial of service
5. ISS X-Force Database: linux-getfdbentries-integer-overflow(30588)
   Linux kernel get_fdb_entries() function integer overflow
6. ISS X-Force Database: kernel-listxattr-dos(32008)
   Linux kernel listxattr denial of service
7. ISS X-Force Database: kernel-iso9660-dos(30029)
   Linux kernel ISO9660 denial of service
8. ISS X-Force Database: linux-zlibinflate-dos(30154)
   Linux kernel zlib_inflate() denial of service
9. ISS X-Force Database: kernel-ext3fsdirhash-dos(30217)
   Linux kernel ext3fs_dirhash() denial of service
10. ISS X-Force Database: kernel-ext2-filesystem-dos(30201)
    Linux kernel ext2 filesystem denial of service
11. ISS X-Force Database: linux-superblockdoinit-dos(30278)
    Linux kernel superblock_doinit denial of service
12. ISS X-Force Database: kernel-cmtprecvinteropmsg-bo(30912)
    Linux kernel cmtp_recv_interopmsg() buffer overflow