kernel-2.6.18-128.15.AXS3
エラータID: AXSA:2010-166:02
リリース日:
2010/04/01 Thursday - 12:07
題名:
kernel-2.6.18-128.15.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下の項目について対処しました。
[Security Fix]
- ext4_decode_error関数にNULLポインタ逆参照の欠陥が検出されました。ジャーナルを持たないext4ファイルシステムをマウントすることによってサービス拒否を引き起こされる危険性がありましたが、これを修正しました。(CVE-2009-4308)
- ブートオプション"print-fatal-signals"を有効時にprint_fatal_signal関数に欠陥が検出されました。これによって権限のないローカルユーザに任意のメモリの内容を盗まれる、またはサービス拒否を引き起こされる危険性がありましたが、これを修正しました。(CVE-2010-0003)
- ip6_dst_lookup_tail関数は大量の近傍ノードを持つTUNネットワークインタフェースを含む特定の環境を適切に扱えておりませんでした。これによってアタッカーにサービス拒否を引き起こされる危険性がありましたが、これを修正しました。(CVE-2010-0437)
- netfilterフレームワークのebtablesモジュールにてルールの変更にCAP_NET_ADMINを要求しておりませんでした。権限のないローカルユーザが改造したebtablesアプリケーションを使ってアクセス制限を回避し、任意のフィルタリング設定を行われる危険性がありましたが、これを修正しました。(CVE-2010-0007)
- SCTPの実装に欠陥が検出されました。OOTBチャンクまたはlengthがゼロのチャンクを使ってリモートアタッカーにサービス拒否を引き起こされる危険性がありましたが、これを修正しました。(CVE-2010-0008)
- do_pages_move関数でノードのレンジチェックに漏れが検出されました。不正なノード値を指定することによって権限のないローカルユーザに任意のカーネルメモリを盗まれる、またはサービス拒否等の障害を引き起こされる危険性がありましたが、これを修正しました。(CVE-2009-0415)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2009-4308
The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal.
The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal.
CVE-2010-0003
The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address.
The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local users to cause a denial of service (system slowdown or crash) by jumping to an address.
CVE-2010-0007
net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application.
net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application.
CVE-2010-0008
The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length.
The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length.
CVE-2010-0415
The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set.
The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other impact by specifying a node that is not part of the kernel's node set.
CVE-2010-0437
The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via unknown vectors.
The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via unknown vectors.
CVE-2009-4537
drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.
drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.
CVE-2009-4536
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.
drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel 2.6.32.3 and earlier handles Ethernet frames that exceed the MTU by processing certain trailing payload data as if it were a complete frame, which allows remote attackers to bypass packet filters via a large packet with a crafted payload. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1385.
追加情報:
N/A
ダウンロード:
Asianux Server 3 for x86
- kernel-2.6.18-128.15.AXS3.i686.rpm
MD5: c99f45dd4ce04a3d80cfb0f1d49d654d
SHA-256: 06893ffcfe20887b395aabeadddabec6506dce46368c116116533cc83658771e
Size: 15.29 MB - kernel-devel-2.6.18-128.15.AXS3.i686.rpm
MD5: 4fc38714ac2092b878b6e3b160b5f5c0
SHA-256: 54f721a93195f4b4a9084adfbe01226a7505f702ec1425ce0362f3003f05dff4
Size: 5.11 MB - kernel-PAE-2.6.18-128.15.AXS3.i686.rpm
MD5: 0c461488762c03a691b85033e505dd40
SHA-256: 203423c43481f9aa18b6c69ffb14c9ae70a9a7ae31394c57a9b63791f4a866dc
Size: 15.31 MB - kernel-PAE-devel-2.6.18-128.15.AXS3.i686.rpm
MD5: ee326d755a79869ca36a7d5133aee46b
SHA-256: c16a13199581c7c4b862aaf4b54ae88817e7400a64d74063fcb648dee9aa9ced
Size: 5.11 MB - kernel-xen-2.6.18-128.15.AXS3.i686.rpm
MD5: dd851a2b8e6f6d94498e00073691ca02
SHA-256: 667a8c07b525dfd0399614394e632beed26f39eb597bdfbf1ce1f6779be327e1
Size: 16.27 MB - kernel-xen-devel-2.6.18-128.15.AXS3.i686.rpm
MD5: 5e274229102edee2dd793737ef7ceb3e
SHA-256: 08b7f6e7288f12fed488f4e2f0a53358c924648f949845a62b97afdac7df983f
Size: 5.11 MB - kernel-doc-2.6.18-128.15.AXS3.noarch.rpm
MD5: e16a49051c9e1fd499e1f50915df8dc9
SHA-256: dfbafcab3d8361614e0ed995cfea2acfe67bfec492f0584f92656a2a1e982bf2
Size: 2.92 MB - kernel-headers-2.6.18-128.15.AXS3.i386.rpm
MD5: a75ca8d674f4b86955cc08a2bb4d0e94
SHA-256: fc5aa165f7b50fc3ac1e2b52133ca68d86c2fc08c9f488e25983635432a35a01
Size: 946.27 kB
Asianux Server 3 for x86_64
- kernel-2.6.18-128.15.AXS3.x86_64.rpm
MD5: 9b746d7acf9425126dc029eb650d18ab
SHA-256: 73a0d571609626e14c4aa647471d16826a34dbcc54e6a6c8603aae2f8a162e23
Size: 16.85 MB - kernel-devel-2.6.18-128.15.AXS3.x86_64.rpm
MD5: 3718184742dde25915c9a24aaae63a41
SHA-256: fd695c020c349e25f5063ba9ab49430b9cd01221f02ad5ab17a58f3648b48e9b
Size: 5.30 MB - kernel-headers-2.6.18-128.15.AXS3.x86_64.rpm
MD5: 4fb57a36c48a9ecf0c779a5ae16f029c
SHA-256: bb0eda0808468a699d6fc3c4a5908b99cf2b343fa7e6c1e1e2910b7cb76f53f0
Size: 0.96 MB - kernel-xen-2.6.18-128.15.AXS3.x86_64.rpm
MD5: dd49a827de833e3056f4143c02ddee2c
SHA-256: 046582af83135e73334200688b3367cbfdf685b8ed3c1faa4647ee8373f53c01
Size: 17.50 MB - kernel-xen-devel-2.6.18-128.15.AXS3.x86_64.rpm
MD5: 16b25839dd1329324dca0dd0db0d2d66
SHA-256: 7684ad6f4b0daa177f98098b6ef787ddc70259c9873c7561f18616f8b5090f57
Size: 5.30 MB - kernel-doc-2.6.18-128.15.AXS3.noarch.rpm
MD5: 1b97d4d59c663fc09bcd65caae62ba02
SHA-256: b1da25e7ea07e8c70f068b5b92a5971d20dc6a52c5fc466c03f0bbb1b32b321e
Size: 2.92 MB