Vulnerabilities > CVE-2008-2812 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH

Summary

The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.

Vulnerable Configurations

Part Description Count
OS
Linux
922
OS
Canonical
4
OS
Novell
1
OS
Opensuse
2
OS
Suse
4
OS
Debian
1
Application
Avaya
17

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1630.NASL
    descriptionSeveral vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-6282 Dirk Nehring discovered a vulnerability in the IPsec code that allows remote users to cause a denial of service by sending a specially crafted ESP packet. - CVE-2008-0598 Tavis Ormandy discovered a vulnerability that allows local users to access uninitialized kernel memory, possibly leaking sensitive data. This issue is specific to the amd64-flavour kernel images. - CVE-2008-2729 Andi Kleen discovered an issue where uninitialized kernel memory was being leaked to userspace during an exception. This issue may allow local users to gain access to sensitive data. Only the amd64-flavour Debian kernel images are affected. - CVE-2008-2812 Alan Cox discovered an issue in multiple tty drivers that allows local users to trigger a denial of service (NULL pointer dereference) and possibly obtain elevated privileges. - CVE-2008-2826 Gabriel Campana discovered an integer overflow in the sctp code that can be exploited by local users to cause a denial of service. - CVE-2008-2931 Miklos Szeredi reported a missing privilege check in the do_change_type() function. This allows local, unprivileged users to change the properties of mount points. - CVE-2008-3272 Tobias Klein reported a locally exploitable data leak in the snd_seq_oss_synth_make_info() function. This may allow local users to gain access to sensitive information. - CVE-2008-3275 Zoltan Sogor discovered a coding error in the VFS that allows local users to exploit a kernel memory leak resulting in a denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id34032
    published2008-08-24
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34032
    titleDebian DSA-1630-1 : linux-2.6 - denial of service/information leak
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2009-0014.NASL
    descriptiona. Service Console update for DHCP and third-party library update for DHCP client. DHCP is an Internet-standard protocol by which a computer can be connected to a local network, ask to be given configuration information, and receive from a server enough information to configure itself as a member of that network. A stack-based buffer overflow in the script_write_params method in ISC DHCP dhclient allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0692 to this issue. An insecure temporary file use flaw was discovered in the DHCP daemon
    last seen2020-06-01
    modified2020-06-02
    plugin id42179
    published2009-10-19
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42179
    titleVMSA-2009-0014 : VMware ESX patches for DHCP, Service Console kernel, and JRE resolve multiple security issues
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-5700.NASL
    descriptionThe openSUSE 10.3 kernel was update to 2.6.22.19. This includes bugs and security fixes. CVE-2008-4576: Fixed a crash in SCTP INIT-ACK, on mismatch between SCTP AUTH availability. This might be exploited remotely for a denial of service (crash) attack. CVE-2008-3528: The ext[234] filesystem code fails to properly handle corrupted data structures. With a mounted filesystem image or partition that have corrupted dir->i_size and dir->i_blocks, a user performing either a read or write operation on the mounted image or partition can lead to a possible denial of service by spamming the logfile. CVE-2007-6716: fs/direct-io.c in the dio subsystem in the Linux kernel did not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. CVE-2008-3525: Added missing capability checks in sbni_ioctl(). CVE-2008-3272: Fixed range checking in the snd_seq OSS ioctl, which could be used to leak information from the kernel. CVE-2008-3276: An integer overflow flaw was found in the Linux kernel dccp_setsockopt_change() function. An attacker may leverage this vulnerability to trigger a kernel panic on a victim
    last seen2020-06-01
    modified2020-06-02
    plugin id34457
    published2008-10-21
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34457
    titleopenSUSE 10 Security Update : kernel (kernel-5700)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-5566.NASL
    descriptionThis update of the SUSE Linux Enterprise 10 Service Pack 1 kernel contains lots of bugfixes and several security fixes : - Added missing capability checks in sbni_ioctl(). (CVE-2008-3525) - On AMD64 some string operations could leak kernel information into userspace. (CVE-2008-0598) - Added range checking in ASN.1 handling for the CIFS and SNMP NAT netfilter modules. (CVE-2008-1673) - Fixed range checking in the snd_seq OSS ioctl, which could be used to leak information from the kernel. (CVE-2008-3272) - Fixed a memory leak when looking up deleted directories which could be used to run the system out of memory. (CVE-2008-3275) - The do_change_type function in fs/namespace.c did not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. (CVE-2008-2931) - Various NULL ptr checks have been added to tty op functions, which might have been used by local attackers to execute code. We think that this affects only devices openable by root, so the impact is limited. (CVE-2008-2812)
    last seen2020-06-01
    modified2020-06-02
    plugin id34331
    published2008-10-02
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34331
    titleSuSE 10 Security Update : the Linux Kernel (x86) (ZYPP Patch Number 5566)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0612.NASL
    descriptionUpdated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2008-2136, Important) * a flaw was found in the Linux kernel setrlimit system call, when setting RLIMIT_CPU to a certain value. This could allow a local unprivileged user to bypass the CPU time limit. (CVE-2008-1294, Moderate) * multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate) These updated packages fix the following bugs : * the GNU libc stub resolver is a minimal resolver that works with Domain Name System (DNS) servers to satisfy requests from applications for names. The GNU libc stub resolver did not specify a source UDP port, and therefore used predictable port numbers. This could have made DNS spoofing attacks easier. The Linux kernel has been updated to implement random UDP source ports where none are specified by an application. This allows applications, such as those using the GNU libc stub resolver, to use random UDP source ports, helping to make DNS spoofing attacks harder. * when using certain hardware, a bug in UART_BUG_TXEN may have caused incorrect hardware detection, causing data flow to
    last seen2020-06-01
    modified2020-06-02
    plugin id43701
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43701
    titleCentOS 5 : kernel (CESA-2008:0612)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-5608.NASL
    descriptionThis update of the SUSE Linux Enterprise 10 Service Pack 1 kernel contains lots of bugfixes and several security fixes : - Added missing capability checks in sbni_ioctl(). (CVE-2008-3525) - On AMD64 some string operations could leak kernel information into userspace. (CVE-2008-0598) - Added range checking in ASN.1 handling for the CIFS and SNMP NAT netfilter modules. (CVE-2008-1673) - Fixed range checking in the snd_seq OSS ioctl, which could be used to leak information from the kernel. (CVE-2008-3272) - Fixed a memory leak when looking up deleted directories which could be used to run the system out of memory. (CVE-2008-3275) - The do_change_type function in fs/namespace.c did not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. (CVE-2008-2931) - Various NULL ptr checks have been added to the tty ops functions, which might have been used by local attackers to execute code. We think that this affects only devices openable by root, so the impact is limited. (CVE-2008-2812)
    last seen2020-06-01
    modified2020-06-02
    plugin id59131
    published2012-05-17
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59131
    titleSuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5608)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2008-0973.NASL
    descriptionUpdated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update addresses the following security issues : * Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local, unprivileged user to prepare and run a specially crafted binary which would use this deficiency to leak uninitialized and potentially sensitive data. (CVE-2008-0598, Important) * a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2008-2136, Important) * missing capability checks were found in the SBNI WAN driver which could allow a local user to bypass intended capability restrictions. (CVE-2008-3525, Important) * the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local, unprivileged user to obtain access to privileged information. (CVE-2008-4210, Important) * a buffer overflow flaw was found in Integrated Services Digital Network (ISDN) subsystem. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6063, Moderate) * multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate) * a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local, unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate) This update also fixes the following bugs : * the incorrect kunmap function was used in nfs_xdr_readlinkres. kunmap() was used where kunmap_atomic() should have been. As a consequence, if an NFSv2 or NFSv3 server exported a volume containing a symlink which included a path equal to or longer than the local system
    last seen2020-06-01
    modified2020-06-02
    plugin id35186
    published2008-12-17
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35186
    titleCentOS 3 : kernel (CESA-2008:0973)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2008-2005.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - fix utrace dead_engine ops race - fix ptrace_attach leak - CVE-2007-5093: kernel PWC driver DoS - CVE-2007-6282: IPSec ESP kernel panics - CVE-2007-6712: kernel: infinite loop in highres timers (kernel hang) - CVE-2008-1615: kernel: ptrace: Unprivileged crash on x86_64 %cs corruption - CVE-2008-1294: kernel: setrlimit(RLIMIT_CPUINFO) with zero value doesn
    last seen2020-06-01
    modified2020-06-02
    plugin id79447
    published2014-11-26
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79447
    titleOracleVM 2.1 : kernel (OVMSA-2008-2005)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0973.NASL
    descriptionUpdated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update addresses the following security issues : * Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local, unprivileged user to prepare and run a specially crafted binary which would use this deficiency to leak uninitialized and potentially sensitive data. (CVE-2008-0598, Important) * a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2008-2136, Important) * missing capability checks were found in the SBNI WAN driver which could allow a local user to bypass intended capability restrictions. (CVE-2008-3525, Important) * the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local, unprivileged user to obtain access to privileged information. (CVE-2008-4210, Important) * a buffer overflow flaw was found in Integrated Services Digital Network (ISDN) subsystem. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6063, Moderate) * multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate) * a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local, unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate) This update also fixes the following bugs : * the incorrect kunmap function was used in nfs_xdr_readlinkres. kunmap() was used where kunmap_atomic() should have been. As a consequence, if an NFSv2 or NFSv3 server exported a volume containing a symlink which included a path equal to or longer than the local system
    last seen2020-06-01
    modified2020-06-02
    plugin id35190
    published2008-12-17
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35190
    titleRHEL 3 : kernel (RHSA-2008:0973)
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2009-0014_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - ISC DHCP dhclient - Integrated Services Digital Network (ISDN) subsystem - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Web Start - Linux kernel - Linux kernel 32-bit and 64-bit emulation - Linux kernel Simple Internet Transition INET6 - Linux kernel tty - Linux kernel virtual file system (VFS) - Red Hat dhcpd init script for DHCP - SBNI WAN driver
    last seen2020-06-01
    modified2020-06-02
    plugin id89116
    published2016-03-03
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89116
    titleVMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0014) (remote check)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0612.NASL
    descriptionUpdated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2008-2136, Important) * a flaw was found in the Linux kernel setrlimit system call, when setting RLIMIT_CPU to a certain value. This could allow a local unprivileged user to bypass the CPU time limit. (CVE-2008-1294, Moderate) * multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate) These updated packages fix the following bugs : * the GNU libc stub resolver is a minimal resolver that works with Domain Name System (DNS) servers to satisfy requests from applications for names. The GNU libc stub resolver did not specify a source UDP port, and therefore used predictable port numbers. This could have made DNS spoofing attacks easier. The Linux kernel has been updated to implement random UDP source ports where none are specified by an application. This allows applications, such as those using the GNU libc stub resolver, to use random UDP source ports, helping to make DNS spoofing attacks harder. * when using certain hardware, a bug in UART_BUG_TXEN may have caused incorrect hardware detection, causing data flow to
    last seen2020-06-01
    modified2020-06-02
    plugin id33830
    published2008-08-05
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33830
    titleRHEL 5 : kernel (RHSA-2008:0612)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20081216_KERNEL_ON_SL3_X.NASL
    descriptionThis update addresses the following security issues : - Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local, unprivileged user to prepare and run a specially crafted binary which would use this deficiency to leak uninitialized and potentially sensitive data. (CVE-2008-0598, Important) - a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2008-2136, Important) - missing capability checks were found in the SBNI WAN driver which could allow a local user to bypass intended capability restrictions. (CVE-2008-3525, Important) - the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local, unprivileged user to obtain access to privileged information. (CVE-2008-4210, Important) - a buffer overflow flaw was found in Integrated Services Digital Network (ISDN) subsystem. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6063, Moderate) - multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate) - a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local, unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate) This update also fixes the following bugs : - the incorrect kunmap function was used in nfs_xdr_readlinkres. kunmap() was used where kunmap_atomic() should have been. As a consequence, if an NFSv2 or NFSv3 server exported a volume containing a symlink which included a path equal to or longer than the local system
    last seen2020-06-01
    modified2020-06-02
    plugin id60507
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60507
    titleScientific Linux Security Update : kernel on SL3.x i386/x86_64
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-637-1.NASL
    descriptionIt was discovered that there were multiple NULL pointer function dereferences in the Linux kernel terminal handling code. A local attacker could exploit this to execute arbitrary code as root, or crash the system, leading to a denial of service. (CVE-2008-2812) The do_change_type routine did not correctly validation administrative users. A local attacker could exploit this to block mount points or cause private mounts to be shared, leading to denial of service or a possible loss of privacy. (CVE-2008-2931) Tobias Klein discovered that the OSS interface through ALSA did not correctly validate the device number. A local attacker could exploit this to access sensitive kernel memory, leading to a denial of service or a loss of privacy. (CVE-2008-3272) Zoltan Sogor discovered that new directory entries could be added to already deleted directories. A local attacker could exploit this, filling up available memory and disk space, leading to a denial of service. (CVE-2008-3275) In certain situations, the fix for CVE-2008-0598 from USN-623-1 was causing infinite loops in the writev syscall. This update corrects the mistake. We apologize for the inconvenience. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id34048
    published2008-08-26
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/34048
    titleUbuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : linux, linux-source-2.6.15/20/22 vulnerabilities (USN-637-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_KERNEL-080721.NASL
    descriptionThe openSUSE 11.0 kernel was updated to 2.6.25.11. It fixes following security problems: CVE-2008-2812: Various tty / serial devices did not check functionpointers for NULL before calling them, leading to potential crashes or code execution. The devices affected are usually only accessible by the root user though. CVE-2008-2750: The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a crafted PPPOL2TP packet that results in a large value for a certain length variable. No CVE yet: On x86_64 systems, a incorrect buffersize in LDT handling might lead to local untrusted attackers causing a crash of the machine or potentially execute code with kernel privileges. The update also has lots of other bugfixes that are listed in the RPM changelog.
    last seen2020-06-01
    modified2020-06-02
    plugin id40008
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40008
    titleopenSUSE Security Update : kernel (kernel-111)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0612.NASL
    descriptionFrom Red Hat Security Advisory 2008:0612 : Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues : * a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2008-2136, Important) * a flaw was found in the Linux kernel setrlimit system call, when setting RLIMIT_CPU to a certain value. This could allow a local unprivileged user to bypass the CPU time limit. (CVE-2008-1294, Moderate) * multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate) These updated packages fix the following bugs : * the GNU libc stub resolver is a minimal resolver that works with Domain Name System (DNS) servers to satisfy requests from applications for names. The GNU libc stub resolver did not specify a source UDP port, and therefore used predictable port numbers. This could have made DNS spoofing attacks easier. The Linux kernel has been updated to implement random UDP source ports where none are specified by an application. This allows applications, such as those using the GNU libc stub resolver, to use random UDP source ports, helping to make DNS spoofing attacks harder. * when using certain hardware, a bug in UART_BUG_TXEN may have caused incorrect hardware detection, causing data flow to
    last seen2020-06-01
    modified2020-06-02
    plugin id67730
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67730
    titleOracle Linux 5 : kernel (ELSA-2008-0612)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-5473.NASL
    descriptionThis is a respin of the previous kernel update, which got retracted due to an IDE-CDROM regression, where any IDE CDROM access would hang or crash the system. Only this problem was fixed additionally. This kernel update fixes the following security problems : - On x86_64 a denial of service attack could be used by local attackers to immediately panic / crash the machine. (CVE-2008-1615) - Fixed a SMP ordering problem in fcntl_setlk could potentially allow local attackers to execute code by timing file locking. (CVE-2008-1669) - Fixed a resource starvation problem in the handling of ZERO mmap pages. (CVE-2008-2372) - The asn1 implementation in (a) the Linux kernel, as used in the cifs and ip_nat_snmp_basic modules does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding. (CVE-2008-1673) - Various tty / serial devices did not check functionpointers for NULL before calling them, leading to potential crashes or code execution. The devices affected are usually only accessible by the root user though. (CVE-2008-2812) - A missing permission check in mount changing was added which could have been used by local attackers to change the mountdirectory. (CVE-2008-2931) Additionally a very large number of bugs was fixed. Details can be found in the RPM changelog of the included packages. OCFS2 has been upgraded to the 1.4.1 release : - Endian fixes - Use slab caches for DLM objects - Export DLM state info to debugfs - Avoid ENOSPC in rare conditions when free inodes are reserved by other nodes - Error handling fix in ocfs2_start_walk_page_trans() - Cleanup lockres printing - Allow merging of extents - Fix to allow changing permissions of symlinks - Merged local fixes upstream (no code change)
    last seen2020-06-01
    modified2020-06-02
    plugin id41533
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41533
    titleSuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5473)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2008-0973.NASL
    descriptionFrom Red Hat Security Advisory 2008:0973 : Updated kernel packages that resolve several security issues and fix various bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update addresses the following security issues : * Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local, unprivileged user to prepare and run a specially crafted binary which would use this deficiency to leak uninitialized and potentially sensitive data. (CVE-2008-0598, Important) * a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2008-2136, Important) * missing capability checks were found in the SBNI WAN driver which could allow a local user to bypass intended capability restrictions. (CVE-2008-3525, Important) * the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local, unprivileged user to obtain access to privileged information. (CVE-2008-4210, Important) * a buffer overflow flaw was found in Integrated Services Digital Network (ISDN) subsystem. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2007-6063, Moderate) * multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate) * a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local, unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate) This update also fixes the following bugs : * the incorrect kunmap function was used in nfs_xdr_readlinkres. kunmap() was used where kunmap_atomic() should have been. As a consequence, if an NFSv2 or NFSv3 server exported a volume containing a symlink which included a path equal to or longer than the local system
    last seen2020-06-01
    modified2020-06-02
    plugin id67763
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67763
    titleOracle Linux 3 : kernel (ELSA-2008-0973)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2008-0665.NASL
    descriptionUpdated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux 4. This is the seventh regular update. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux operating system. Kernel Feature Support: * iostat displays I/O performance for partitions * I/O task accounting added to getrusage(), allowing comprehensive core statistics * page cache pages count added to show_mem() output * tux O_ATOMICLOOKUP flag removed from the open() system call: replaced with O_CLOEXEC * the kernel now exports process limit information to /proc/[PID]/limits * implement udp_poll() to reduce likelihood of false positives returned from select() * the TCP_RTO_MIN parameter can now be configured to a maximum of 3000 milliseconds. This is configured using
    last seen2020-06-01
    modified2020-06-02
    plugin id33581
    published2008-07-25
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/33581
    titleRHEL 4 : kernel (RHSA-2008:0665)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20080804_KERNEL_ON_SL5_X.NASL
    descriptionThese updated packages fix the following security issues : - a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2008-2136, Important) - a flaw was found in the Linux kernel setrlimit system call, when setting RLIMIT_CPU to a certain value. This could allow a local unprivileged user to bypass the CPU time limit. (CVE-2008-1294, Moderate) - multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate) These updated packages fix the following bugs : - the GNU libc stub resolver is a minimal resolver that works with Domain Name System (DNS) servers to satisfy requests from applications for names. The GNU libc stub resolver did not specify a source UDP port, and therefore used predictable port numbers. This could have made DNS spoofing attacks easier. The Linux kernel has been updated to implement random UDP source ports where none are specified by an application. This allows applications, such as those using the GNU libc stub resolver, to use random UDP source ports, helping to make DNS spoofing attacks harder. - when using certain hardware, a bug in UART_BUG_TXEN may have caused incorrect hardware detection, causing data flow to
    last seen2020-06-01
    modified2020-06-02
    plugin id60459
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60459
    titleScientific Linux Security Update : kernel on SL5.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-5751.NASL
    descriptionThis kernel update fixes various bugs and also several security issues : CVE-2008-4576: Fixed a crash in SCTP INIT-ACK, on mismatch between SCTP AUTH availability. This might be exploited remotely for a denial of service (crash) attack. CVE-2008-3833: The generic_file_splice_write function in fs/splice.c in the Linux kernel does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory. CVE-2008-4210: fs/open.c in the Linux kernel before 2.6.22 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by creating an executable file in a setgid directory through the (1) truncate or (2) ftruncate function in conjunction with memory-mapped I/O. CVE-2008-4302: fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a denial of service (kernel BUG and system crash), as demonstrated by the fio I/O tool. CVE-2008-3528: The ext[234] filesystem code fails to properly handle corrupted data structures. With a mounted filesystem image or partition that have corrupted dir->i_size and dir->i_blocks, a user performing either a read or write operation on the mounted image or partition can lead to a possible denial of service by spamming the logfile. CVE-2007-6716: fs/direct-io.c in the dio subsystem in the Linux kernel did not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test. CVE-2008-3525: Added missing capability checks in sbni_ioctl(). CVE-2008-3272: Fixed range checking in the snd_seq OSS ioctl, which could be used to leak information from the kernel. CVE-2008-2931: The do_change_type function in fs/namespace.c did not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. CVE-2008-2812: Various NULL ptr checks have been added to tty op functions, which might have been used by local attackers to execute code. We think that this affects only devices openable by root, so the impact is limited. CVE-2008-1673: Added range checking in ASN.1 handling for the CIFS and SNMP NAT netfilter modules. CVE-2008-3527: arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 did not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions.
    last seen2020-06-01
    modified2020-06-02
    plugin id34755
    published2008-11-12
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/34755
    titleopenSUSE 10 Security Update : kernel (kernel-5751)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KERNEL-5477.NASL
    descriptionThis is a respin of the previous kernel update, which got retracted due to an IDE-CDROM regression, where any IDE CDROM access would hang or crash the system. Only this problem was fixed additionally. This kernel update fixes the following security problems : - On x86_64 a denial of service attack could be used by local attackers to immediately panic / crash the machine. (CVE-2008-1615) - Fixed a SMP ordering problem in fcntl_setlk could potentially allow local attackers to execute code by timing file locking. (CVE-2008-1669) - Fixed a resource starvation problem in the handling of ZERO mmap pages. (CVE-2008-2372) - The asn1 implementation in (a) the Linux kernel, as used in the cifs and ip_nat_snmp_basic modules does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding. (CVE-2008-1673) - Various tty / serial devices did not check functionpointers for NULL before calling them, leading to potential crashes or code execution. The devices affected are usually only accessible by the root user though. (CVE-2008-2812) - A missing permission check in mount changing was added which could have been used by local attackers to change the mountdirectory. (CVE-2008-2931) Additionally a very large number of bugs was fixed. Details can be found in the RPM changelog of the included packages. OCFS2 has been upgraded to the 1.4.1 release : - Endian fixes - Use slab caches for DLM objects - Export DLM state info to debugfs - Avoid ENOSPC in rare conditions when free inodes are reserved by other nodes - Error handling fix in ocfs2_start_walk_page_trans() - Cleanup lockres printing - Allow merging of extents - Fix to allow changing permissions of symlinks - Merged local fixes upstream (no code change)
    last seen2020-06-01
    modified2020-06-02
    plugin id59129
    published2012-05-17
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/59129
    titleSuSE 10 Security Update : Linux kernel (ZYPP Patch Number 5477)

Oval

  • accepted2013-04-29T04:15:06.973-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionThe Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
    familyunix
    idoval:org.mitre.oval:def:11632
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleThe Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
    version27
  • accepted2010-01-11T04:02:09.076-05:00
    classvulnerability
    contributors
    nameMichael Wood
    organizationHewlett-Packard
    definition_extensions
    commentVMware ESX Server 3.5.0 is installed
    ovaloval:org.mitre.oval:def:5887
    descriptionThe Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL pointer dereference of function pointers in (1) hamradio/6pack.c, (2) hamradio/mkiss.c, (3) irda/irtty-sir.c, (4) ppp_async.c, (5) ppp_synctty.c, (6) slip.c, (7) wan/x25_asy.c, and (8) wireless/strip.c in drivers/net/.
    familyunix
    idoval:org.mitre.oval:def:6633
    statusaccepted
    submitted2009-09-23T15:39:02.000-04:00
    titleLinux Kernel TTY Operations NULL Pointer Dereference Denial of Service Vulnerabilities
    version4

Redhat

advisories
  • bugzilla
    id456117
    title[REG][5.3] Soft lockup is detected
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • commentkernel earlier than 0:2.6.18-92.1.10.el5 is currently running
          ovaloval:com.redhat.rhsa:tst:20080612025
        • commentkernel earlier than 0:2.6.18-92.1.10.el5 is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20080612026
      • OR
        • AND
          • commentkernel-doc is earlier than 0:2.6.18-92.1.10.el5
            ovaloval:com.redhat.rhsa:tst:20080612001
          • commentkernel-doc is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314002
        • AND
          • commentkernel-debug is earlier than 0:2.6.18-92.1.10.el5
            ovaloval:com.redhat.rhsa:tst:20080612003
          • commentkernel-debug is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314014
        • AND
          • commentkernel is earlier than 0:2.6.18-92.1.10.el5
            ovaloval:com.redhat.rhsa:tst:20080612005
          • commentkernel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314008
        • AND
          • commentkernel-xen is earlier than 0:2.6.18-92.1.10.el5
            ovaloval:com.redhat.rhsa:tst:20080612007
          • commentkernel-xen is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314018
        • AND
          • commentkernel-debug-devel is earlier than 0:2.6.18-92.1.10.el5
            ovaloval:com.redhat.rhsa:tst:20080612009
          • commentkernel-debug-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314004
        • AND
          • commentkernel-headers is earlier than 0:2.6.18-92.1.10.el5
            ovaloval:com.redhat.rhsa:tst:20080612011
          • commentkernel-headers is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314006
        • AND
          • commentkernel-xen-devel is earlier than 0:2.6.18-92.1.10.el5
            ovaloval:com.redhat.rhsa:tst:20080612013
          • commentkernel-xen-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314020
        • AND
          • commentkernel-devel is earlier than 0:2.6.18-92.1.10.el5
            ovaloval:com.redhat.rhsa:tst:20080612015
          • commentkernel-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314016
        • AND
          • commentkernel-kdump is earlier than 0:2.6.18-92.1.10.el5
            ovaloval:com.redhat.rhsa:tst:20080612017
          • commentkernel-kdump is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314010
        • AND
          • commentkernel-kdump-devel is earlier than 0:2.6.18-92.1.10.el5
            ovaloval:com.redhat.rhsa:tst:20080612019
          • commentkernel-kdump-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314012
        • AND
          • commentkernel-PAE is earlier than 0:2.6.18-92.1.10.el5
            ovaloval:com.redhat.rhsa:tst:20080612021
          • commentkernel-PAE is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314024
        • AND
          • commentkernel-PAE-devel is earlier than 0:2.6.18-92.1.10.el5
            ovaloval:com.redhat.rhsa:tst:20080612023
          • commentkernel-PAE-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhba:tst:20080314022
    rhsa
    idRHSA-2008:0612
    released2008-08-06
    severityImportant
    titleRHSA-2008:0612: kernel security and bug fix update (Important)
  • bugzilla
    id453419
    titleCVE-2008-2812 kernel: NULL ptr dereference in multiple network drivers due to missing checks in tty code
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • commentkernel earlier than 0:2.6.9-78.EL is currently running
          ovaloval:com.redhat.rhsa:tst:20080665023
        • commentkernel earlier than 0:2.6.9-78.EL is set to boot up on next boot
          ovaloval:com.redhat.rhsa:tst:20080665024
      • OR
        • AND
          • commentkernel-doc is earlier than 0:2.6.9-78.EL
            ovaloval:com.redhat.rhsa:tst:20080665001
          • commentkernel-doc is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304002
        • AND
          • commentkernel-largesmp is earlier than 0:2.6.9-78.EL
            ovaloval:com.redhat.rhsa:tst:20080665003
          • commentkernel-largesmp is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304010
        • AND
          • commentkernel is earlier than 0:2.6.9-78.EL
            ovaloval:com.redhat.rhsa:tst:20080665005
          • commentkernel is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304018
        • AND
          • commentkernel-smp is earlier than 0:2.6.9-78.EL
            ovaloval:com.redhat.rhsa:tst:20080665007
          • commentkernel-smp is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304004
        • AND
          • commentkernel-xenU is earlier than 0:2.6.9-78.EL
            ovaloval:com.redhat.rhsa:tst:20080665009
          • commentkernel-xenU is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304006
        • AND
          • commentkernel-xenU-devel is earlier than 0:2.6.9-78.EL
            ovaloval:com.redhat.rhsa:tst:20080665011
          • commentkernel-xenU-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304014
        • AND
          • commentkernel-largesmp-devel is earlier than 0:2.6.9-78.EL
            ovaloval:com.redhat.rhsa:tst:20080665013
          • commentkernel-largesmp-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304008
        • AND
          • commentkernel-smp-devel is earlier than 0:2.6.9-78.EL
            ovaloval:com.redhat.rhsa:tst:20080665015
          • commentkernel-smp-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304012
        • AND
          • commentkernel-devel is earlier than 0:2.6.9-78.EL
            ovaloval:com.redhat.rhsa:tst:20080665017
          • commentkernel-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304016
        • AND
          • commentkernel-hugemem is earlier than 0:2.6.9-78.EL
            ovaloval:com.redhat.rhsa:tst:20080665019
          • commentkernel-hugemem is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304020
        • AND
          • commentkernel-hugemem-devel is earlier than 0:2.6.9-78.EL
            ovaloval:com.redhat.rhsa:tst:20080665021
          • commentkernel-hugemem-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhba:tst:20070304022
    rhsa
    idRHSA-2008:0665
    released2008-07-24
    severityModerate
    titleRHSA-2008:0665: Updated kernel packages for Red Hat Enterprise Linux 4.7 (Moderate)
  • rhsa
    idRHSA-2008:0973
rpms
  • kernel-0:2.6.18-92.1.10.el5
  • kernel-PAE-0:2.6.18-92.1.10.el5
  • kernel-PAE-debuginfo-0:2.6.18-92.1.10.el5
  • kernel-PAE-devel-0:2.6.18-92.1.10.el5
  • kernel-debug-0:2.6.18-92.1.10.el5
  • kernel-debug-debuginfo-0:2.6.18-92.1.10.el5
  • kernel-debug-devel-0:2.6.18-92.1.10.el5
  • kernel-debuginfo-0:2.6.18-92.1.10.el5
  • kernel-debuginfo-common-0:2.6.18-92.1.10.el5
  • kernel-devel-0:2.6.18-92.1.10.el5
  • kernel-doc-0:2.6.18-92.1.10.el5
  • kernel-headers-0:2.6.18-92.1.10.el5
  • kernel-kdump-0:2.6.18-92.1.10.el5
  • kernel-kdump-debuginfo-0:2.6.18-92.1.10.el5
  • kernel-kdump-devel-0:2.6.18-92.1.10.el5
  • kernel-xen-0:2.6.18-92.1.10.el5
  • kernel-xen-debuginfo-0:2.6.18-92.1.10.el5
  • kernel-xen-devel-0:2.6.18-92.1.10.el5
  • kernel-0:2.6.9-78.EL
  • kernel-debuginfo-0:2.6.9-78.EL
  • kernel-devel-0:2.6.9-78.EL
  • kernel-doc-0:2.6.9-78.EL
  • kernel-hugemem-0:2.6.9-78.EL
  • kernel-hugemem-devel-0:2.6.9-78.EL
  • kernel-largesmp-0:2.6.9-78.EL
  • kernel-largesmp-devel-0:2.6.9-78.EL
  • kernel-smp-0:2.6.9-78.EL
  • kernel-smp-devel-0:2.6.9-78.EL
  • kernel-xenU-0:2.6.9-78.EL
  • kernel-xenU-devel-0:2.6.9-78.EL
  • kernel-0:2.4.21-58.EL
  • kernel-BOOT-0:2.4.21-58.EL
  • kernel-debuginfo-0:2.4.21-58.EL
  • kernel-doc-0:2.4.21-58.EL
  • kernel-hugemem-0:2.4.21-58.EL
  • kernel-hugemem-unsupported-0:2.4.21-58.EL
  • kernel-smp-0:2.4.21-58.EL
  • kernel-smp-unsupported-0:2.4.21-58.EL
  • kernel-source-0:2.4.21-58.EL
  • kernel-unsupported-0:2.4.21-58.EL

Seebug

  • bulletinFamilyexploit
    descriptionBUGTRAQ ID: 30076 CVE ID:CVE-2008-2812 CNCVE ID:CNCVE-20082812 Linux是一款开放源代码的操作系统。 Linux TTY操作在主线上的重写存在NULL指针引用问题,本地攻击者可以利用漏洞使系统崩溃。 目前没有详细漏洞细节提供。 Linux kernel 2.6.25 .5 Linux kernel 2.6.25 Linux kernel 2.6.24 .2 Linux kernel 2.6.24 .1 Linux kernel 2.6.24 -rc5 Linux kernel 2.6.24 -rc4 Linux kernel 2.6.24 -rc3 Linux kernel 2.6.23 .7 Linux kernel 2.6.23 .6 Linux kernel 2.6.23 .5 Linux kernel 2.6.23 .4 Linux kernel 2.6.23 .3 Linux kernel 2.6.23 .2 Linux kernel 2.6.23 -rc2 Linux kernel 2.6.23 -rc1 Linux kernel 2.6.23 Linux kernel 2.6.22 7 Linux kernel 2.6.22 1 Linux kernel 2.6.22 .8 Linux kernel 2.6.22 .6 Linux kernel 2.6.22 .5 Linux kernel 2.6.22 .4 Linux kernel 2.6.22 .3 Linux kernel 2.6.22 .17 Linux kernel 2.6.22 .16 Linux kernel 2.6.22 .15 Linux kernel 2.6.22 .14 Linux kernel 2.6.22 .13 Linux kernel 2.6.22 .12 Linux kernel 2.6.22 .11 Linux kernel 2.6.22 Linux kernel 2.6.21 4 Linux kernel 2.6.21 .7 Linux kernel 2.6.21 .6 Linux kernel 2.6.21 .2 Linux kernel 2.6.21 .1 Linux kernel 2.6.21 Linux kernel 2.6.20 .9 Linux kernel 2.6.20 .8 Linux kernel 2.6.20 .5 Linux kernel 2.6.20 .4 Linux kernel 2.6.20 .15 Linux kernel 2.6.20 Linux kernel 2.6.19 1 Linux kernel 2.6.19 .2 Linux kernel 2.6.19 .1 Linux kernel 2.6.19 -rc4 Linux kernel 2.6.19 -rc3 Linux kernel 2.6.19 -rc2 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.19 -rc1 Linux kernel 2.6.19 Linux kernel 2.6.18 .4 Linux kernel 2.6.18 .3 Linux kernel 2.6.18 .1 Linux kernel 2.6.18 Linux kernel 2.6.17 .8 Linux kernel 2.6.17 .7 Linux kernel 2.6.17 .6 Linux kernel 2.6.17 .5 Linux kernel 2.6.17 .3 Linux kernel 2.6.17 .2 Linux kernel 2.6.17 .14 Linux kernel 2.6.17 .13 Linux kernel 2.6.17 .12 Linux kernel 2.6.17 .11 Linux kernel 2.6.17 .10 Linux kernel 2.6.17 .1 Linux kernel 2.6.17 -rc5 Linux kernel 2.6.17 Linux kernel 2.6.16 27 Linux kernel 2.6.16 13 Linux kernel 2.6.16 .9 Linux kernel 2.6.16 .7 Linux kernel 2.6.16 .23 Linux kernel 2.6.16 .19 Linux kernel 2.6.16 .12 Linux kernel 2.6.16 .11 Linux kernel 2.6.16 .1 Linux kernel 2.6.16 -rc1 Linux kernel 2.6.16 Linux kernel 2.6.15 .4 Linux kernel 2.6.15 .3 Linux kernel 2.6.15 .2 Linux kernel 2.6.15 .1 Linux kernel 2.6.15 -rc3 Linux kernel 2.6.15 -rc2 Linux kernel 2.6.15 -rc1 Linux kernel 2.6.15 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.14 .5 Linux kernel 2.6.14 .4 Linux kernel 2.6.14 .3 Linux kernel 2.6.14 .2 Linux kernel 2.6.14 .1 Linux kernel 2.6.14 -rc4 Linux kernel 2.6.14 -rc3 Linux kernel 2.6.14 -rc2 Linux kernel 2.6.14 -rc1 Linux kernel 2.6.14 Linux kernel 2.6.13 .4 Linux kernel 2.6.13 .3 Linux kernel 2.6.13 .2 Linux kernel 2.6.13 .1 Linux kernel 2.6.13 -rc7 Linux kernel 2.6.13 -rc6 Linux kernel 2.6.13 -rc4 Linux kernel 2.6.13 -rc1 Linux kernel 2.6.13 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.12 .6 Linux kernel 2.6.12 .5 Linux kernel 2.6.12 .4 Linux kernel 2.6.12 .3 Linux kernel 2.6.12 .22 Linux kernel 2.6.12 .2 Linux kernel 2.6.12 .12 Linux kernel 2.6.12 .1 Linux kernel 2.6.12 -rc5 Linux kernel 2.6.12 -rc4 Linux kernel 2.6.12 -rc1 Linux kernel 2.6.12 Linux kernel 2.6.11 .8 Linux kernel 2.6.11 .7 Linux kernel 2.6.11 .6 Linux kernel 2.6.11 .5 Linux kernel 2.6.11 .4 Linux kernel 2.6.11 .12 Linux kernel 2.6.11 .11 Linux kernel 2.6.11 -rc4 Linux kernel 2.6.11 -rc3 Linux kernel 2.6.11 -rc2 Linux kernel 2.6.11 + Trustix Secure Enterprise Linux 2.0 + Trustix Secure Linux 2.2 + Trustix Secure Linux 2.1 + Trustix Secure Linux 2.0 Linux kernel 2.6.10 rc2 Linux kernel 2.6.10 Linux kernel 2.6.9 Linux kernel 2.6.8 rc3 Linux kernel 2.6.8 rc2 Linux kernel 2.6.8 rc1 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Linux kernel 2.6.8 Linux kernel 2.6.7 rc1 Linux kernel 2.6.7 Linux kernel 2.6.6 rc1 Linux kernel 2.6.6 Linux kernel 2.6.5 Linux kernel 2.6.4 Linux kernel 2.6.3 Linux kernel 2.6.2 Linux kernel 2.6.1 -rc2 Linux kernel 2.6.1 -rc1 Linux kernel 2.6.1 Linux kernel 2.6 .10 Linux kernel 2.6 -test9-CVS Linux kernel 2.6 -test9 Linux kernel 2.6 -test8 Linux kernel 2.6 -test7 Linux kernel 2.6 -test6 Linux kernel 2.6 -test5 Linux kernel 2.6 -test4 Linux kernel 2.6 -test3 Linux kernel 2.6 -test2 Linux kernel 2.6 -test11 Linux kernel 2.6 -test10 Linux kernel 2.6 -test1 Linux kernel 2.6 Linux kernel 2.6.8.1 + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Linux kernel 2.6.25.4 Linux kernel 2.6.25.3 Linux kernel 2.6.25.2 Linux kernel 2.6.25.1 Linux kernel 2.6.24.6 Linux kernel 2.6.24-rc2 Linux kernel 2.6.24-rc1 Linux kernel 2.6.23.14 Linux kernel 2.6.23.10 Linux kernel 2.6.23.1 Linux kernel 2.6.23.09 Linux kernel 2.6.22-rc7 Linux kernel 2.6.22-rc1 Linux kernel 2.6.21-RC6 Linux kernel 2.6.21-RC5 Linux kernel 2.6.21-RC4 Linux kernel 2.6.21-RC3 Linux kernel 2.6.21-RC3 Linux kernel 2.6.20.3 Linux kernel 2.6.20.2 Linux kernel 2.6.20.13 Linux kernel 2.6.20.11 Linux kernel 2.6.20.1 Linux kernel 2.6.20-rc2 Linux kernel 2.6.20-2 Linux kernel 2.6.18-8.1.8.el5 Linux kernel 2.6.18-53 Linux kernel 2.6.18 Linux kernel 2.6.15.5 Linux kernel 2.6.15.11 Linux kernel 2.6.15-27.48 Linux kernel 2.6.11.4 升级到最新内核: Linux kernel 2.6.20.2 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.21-RC3 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.21-RC3 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.25.3 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.23.14 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.11.4 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.20-rc2 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.22-rc1 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.20-2 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.21-RC4 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.20.3 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.8.1 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6 -test6 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6 -test4 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6 -test2 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6 -test9-CVS Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6 -test7 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6 -test9 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.1 -rc2 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.1 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.10 rc2 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.11 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.11 -rc3 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.11 .11 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.12 .4 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.12 .1 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.12 -rc4 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.12 .12 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.12 .22 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.12 .2 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.13 -rc4 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.13 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.14 .4 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.15 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.15 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.15 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.15 -rc1 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.15 -rc3 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.15 .4 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.15 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.16 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.16 .9 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.16 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.16 .1 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.16 .23 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.16 -rc1 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.17 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.17 .5 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.17 .1 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.17 .7 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.17 .13 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.17 .10 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.17 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.17 -rc5 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.18 .3 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.19 -rc2 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.2 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.20 .15 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.20 .4 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.20 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.21 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.21 .7 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.21 4 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.21 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.22 .17 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.22 .4 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.22 .6 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.22 .15 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.22 1 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.22 .11 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.23 .7 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.23 -rc1 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.23 -rc2 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.24 -rc3 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.24 -rc5 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.24 .1 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.25 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.25 .5 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.4 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.6 rc1 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.7 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.8 rc2 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a> Linux kernel 2.6.8 rc1 Linux linux-2.6.25.10.tar.bz2 <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a>
    idSSV:3554
    last seen2017-11-19
    modified2008-07-07
    published2008-07-07
    reporterRoot
    titleLinux Kernel TTY操作NULL指针引用拒绝服务漏洞
  • bulletinFamilyexploit
    descriptionBUGTRAQ ID: 30076 CVE(CAN) ID: CVE-2008-2812 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel没有正确地执行tty操作,本地用户可以在drivers/net/的以下文件中触发空指针引用,导致系统崩溃: (1) hamradio/6pack.c (2) hamradio/mkiss.c (3) irda/irtty-sir.c (4) ppp_async.c (5) ppp_synctty.c (6) slip.c (7) wan/x25_asy.c (8) wireless/strip.c Linux kernel &lt; 2.6.25.10 Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2 target=_blank>http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.25.10.tar.bz2</a>
    idSSV:3609
    last seen2017-11-19
    modified2008-07-14
    published2008-07-14
    reporterRoot
    titleLinux Kernel TTY操作空指针引用拒绝服务漏洞

References