Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Производитель ПО
Наименование ПО
Linux Kernel
(Unknown)
Описание
Переполнение буфера в net/sctp/sm_statefuns.c в реализации протокола SCTP (Stream Control Transmission Protocol) для ядра Linux позволяет злоумышленникам, действующим удаленно, оказать воздействие на систему, используя блок данных FWD-TSN (FORWARD-TSN) с большим значением идентификатора потока.
Как исправить
Ссылки
FEDORA (FEDORA-2009-0816): https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01045.html
CONFIRM (https://bugzilla.redhat.com/show_bug.cgi?id=478800): https://bugzilla.redhat.com/show_bug.cgi?id=478800
VUPEN (ADV-2009-2193): http://www.vupen.com/english/advisories/2009/2193
VUPEN (ADV-2009-0029): http://www.vupen.com/english/advisories/2009/0029
UBUNTU (USN-751-1): http://www.ubuntu.com/usn/usn-751-1
SECTRACK (1022698): http://www.securitytracker.com/id?1022698
BID (33113): http://www.securityfocus.com/bid/33113
REDHAT (RHSA-2009:1055): http://www.redhat.com/support/errata/RHSA-2009-1055.html
REDHAT (RHSA-2009:0331): http://www.redhat.com/support/errata/RHSA-2009-0331.html
REDHAT (RHSA-2009:0053): http://www.redhat.com/support/errata/RHSA-2009-0053.html
MLIST ([oss-security] 20090105 CVE request: kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID): http://www.openwall.com/lists/oss-security/2009/01/05/1
DEBIAN (DSA-1794): http://www.debian.org/security/2009/dsa-1794
DEBIAN (DSA-1787): http://www.debian.org/security/2009/dsa-1787
DEBIAN (DSA-1749): http://www.debian.org/security/2009/dsa-1749
CONFIRM (http://support.avaya.com/elmodocs2/security/ASA-2009-114.htm): http://support.avaya.com/elmodocs2/security/ASA-2009-114.htm
REDHAT (RHSA-2009:0264): http://rhn.redhat.com/errata/RHSA-2009-0264.html
CONFIRM (http://patchwork.ozlabs.org/patch/15024/): http://patchwork.ozlabs.org/patch/15024/
OVAL (oval:org.mitre.oval:def:10872): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10872
SUSE (SUSE-SA:2009:031): http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
SUSE (SUSE-SA:2009:030): http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
SUSE (SUSE-SA:2009:010): http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html
HP (SSSRT090149): http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01832118
HP (SSSRT090149): http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01832118
CONFIRM (http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9fcb95a105758b81ef0131cd18e2db5149f13e95): http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9fcb95a105758b81ef0131cd18e2db5149f13e95
Источник: CVE
Наименование: CVE-2009-0065
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0065
CONFIRM (https://bugzilla.redhat.com/show_bug.cgi?id=478800): https://bugzilla.redhat.com/show_bug.cgi?id=478800
VUPEN (ADV-2009-2193): http://www.vupen.com/english/advisories/2009/2193
VUPEN (ADV-2009-0029): http://www.vupen.com/english/advisories/2009/0029
UBUNTU (USN-751-1): http://www.ubuntu.com/usn/usn-751-1
SECTRACK (1022698): http://www.securitytracker.com/id?1022698
BID (33113): http://www.securityfocus.com/bid/33113
REDHAT (RHSA-2009:1055): http://www.redhat.com/support/errata/RHSA-2009-1055.html
REDHAT (RHSA-2009:0331): http://www.redhat.com/support/errata/RHSA-2009-0331.html
REDHAT (RHSA-2009:0053): http://www.redhat.com/support/errata/RHSA-2009-0053.html
MLIST ([oss-security] 20090105 CVE request: kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID): http://www.openwall.com/lists/oss-security/2009/01/05/1
DEBIAN (DSA-1794): http://www.debian.org/security/2009/dsa-1794
DEBIAN (DSA-1787): http://www.debian.org/security/2009/dsa-1787
DEBIAN (DSA-1749): http://www.debian.org/security/2009/dsa-1749
CONFIRM (http://support.avaya.com/elmodocs2/security/ASA-2009-114.htm): http://support.avaya.com/elmodocs2/security/ASA-2009-114.htm
REDHAT (RHSA-2009:0264): http://rhn.redhat.com/errata/RHSA-2009-0264.html
CONFIRM (http://patchwork.ozlabs.org/patch/15024/): http://patchwork.ozlabs.org/patch/15024/
OVAL (oval:org.mitre.oval:def:10872): http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10872
SUSE (SUSE-SA:2009:031): http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
SUSE (SUSE-SA:2009:030): http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
SUSE (SUSE-SA:2009:010): http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html
HP (SSSRT090149): http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01832118
HP (SSSRT090149): http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01832118
CONFIRM (http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9fcb95a105758b81ef0131cd18e2db5149f13e95): http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9fcb95a105758b81ef0131cd18e2db5149f13e95
Источник: CVE
Наименование: CVE-2009-0065
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0065