Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:C)
Производитель ПО
Наименование ПО
Linux Kernel
(Unknown)
Описание
Уязвимость существует в функции bcm_release в net/can/bcm.c в ядре Linux из-за некорректной проверки структуры данных сокета. Эксплуатация данной уязвимости позволяет локальному пользователю вызвать отказ в обслуживании (разыменование нулевого указателя) или оказать иное воздействие на систему, используя специально сформированную операцию освобождения.
Как исправить
Для устранения уязвимости необходимо установить последнюю версию продукта, соответствующую используемой платформе. Необходимую информацию можно получить по адресу:
https://rhn.redhat.com/errata/RHSA-2011-0836.html
https://rhn.redhat.com/errata/RHSA-2011-0836.html
Ссылки
CONFIRM (https://bugzilla.redhat.com/show_bug.cgi?id=698057): https://bugzilla.redhat.com/show_bug.cgi?id=698057
MLIST ([netdev] 20110420 Add missing socket check in can/bcm release.): http://permalink.gmane.org/gmane.linux.network/192898
MLIST ([oss-security] 20110420 Re: CVE request: kernel: missing socket check in can/bcm release): http://openwall.com/lists/oss-security/2011/04/20/6
MLIST ([oss-security] 20110420 CVE request: kernel: missing socket check in can/bcm release): http://openwall.com/lists/oss-security/2011/04/20/2
CONFIRM (http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c6914a6f261aca0c9f715f883a353ae7ff51fe83): http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c6914a6f261aca0c9f715f883a353ae7ff51fe83
BID (47503): http://www.securityfocus.com/bid/47503
CONFIRM (http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc6): http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc6
MLIST ([oss-security] 20110425 Re: CVE request: kernel: missing socket check in can/bcm release): http://openwall.com/lists/oss-security/2011/04/25/4
MLIST ([oss-security] 20110422 Re: CVE request: kernel: missing socket check in can/bcm release): http://openwall.com/lists/oss-security/2011/04/22/2
MLIST ([oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release): http://openwall.com/lists/oss-security/2011/04/21/7
MLIST ([oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release): http://openwall.com/lists/oss-security/2011/04/21/2
MLIST ([oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release): http://openwall.com/lists/oss-security/2011/04/21/1
MLIST ([oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release): http://openwall.com/lists/oss-security/2011/04/20/7
Источник: CVE
Наименование: CVE-2011-1598
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1598
MLIST ([netdev] 20110420 Add missing socket check in can/bcm release.): http://permalink.gmane.org/gmane.linux.network/192898
MLIST ([oss-security] 20110420 Re: CVE request: kernel: missing socket check in can/bcm release): http://openwall.com/lists/oss-security/2011/04/20/6
MLIST ([oss-security] 20110420 CVE request: kernel: missing socket check in can/bcm release): http://openwall.com/lists/oss-security/2011/04/20/2
CONFIRM (http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c6914a6f261aca0c9f715f883a353ae7ff51fe83): http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c6914a6f261aca0c9f715f883a353ae7ff51fe83
BID (47503): http://www.securityfocus.com/bid/47503
CONFIRM (http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc6): http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.39-rc6
MLIST ([oss-security] 20110425 Re: CVE request: kernel: missing socket check in can/bcm release): http://openwall.com/lists/oss-security/2011/04/25/4
MLIST ([oss-security] 20110422 Re: CVE request: kernel: missing socket check in can/bcm release): http://openwall.com/lists/oss-security/2011/04/22/2
MLIST ([oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release): http://openwall.com/lists/oss-security/2011/04/21/7
MLIST ([oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release): http://openwall.com/lists/oss-security/2011/04/21/2
MLIST ([oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release): http://openwall.com/lists/oss-security/2011/04/21/1
MLIST ([oss-security] 20110421 Re: CVE request: kernel: missing socket check in can/bcm release): http://openwall.com/lists/oss-security/2011/04/20/7
Источник: CVE
Наименование: CVE-2011-1598
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1598