취약성 정보 - Sun Solaris SIOCSIPMSFILTER Kernel Integer Overflow Vulnerability

글수 1,555

Sun Solaris SIOCSIPMSFILTER Kernel Integer Overflow Vulnerability

id: sH4

sH4

2008.06.16 12:27:47

5021

http://wowhacker.com/194691

Title : Sun Solaris SIOCSIPMSFILTER Kernel Integer Overflow Vulnerability
Advisory ID : FrSIRT/ADV-2008-1832
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2008-06-13

세부설명
==========
Sun Solaris에서 로컬공격자가 서비스 거부를 발생시키거나 상승된 권한을 얻을 수 있는 취약점이 발견 되었다.
이 문제는 ip_set_srcfilter()" [ip_multi.c] 함수에서 일부러 조작한 SIOCSIPMSFILTER IOCTL 요청을 처리할 때
정수 오버플로우 에러가 발생하기 때문이다. 이것은 권한없는 악의적인 사용자가 시스템을 패닉상태 만들고 커널 권한으로
임의의 명령어들을 실행할 수 있다.

해결책
==========
Sun Solaris 10 (SPARC)- Apply patch 137111-01 or later
Sun OpenSolaris (SPARC) - Upgrade to build snv_92 or later

Sun Solaris 10 (x86) - Apply patch 137112-01 or later
Sun OpenSolaris (x86) - Upgrade to build snv_92 or later

레퍼런스
==========
http://www.frsirt.com/english/advisories/2008/1832
http://sunsolve.sun.com/search/document.do?assetkey=1-66-237965-1
http://www.trapkit.de/advisories/TKADV2008-003.txt

영향받는 버전
==========
Sun Solaris 10
Sun OpenSolaris builds snv_13 through snv_91

이 게시물을..

와우해커(WOWHACKER) 시누싱입니다.

목록

2008.09.12 11:56:12

cxb

runescape money runescape gold http://www.runescapemoney-runescapegold.cn>runescape money buy runescape gold http://www.runescapemoney-runescapegold.cn>buy runescape money runescape money runescape gold wow power leveling wow powerleveling Warcraft Power Leveling Warcraft PowerLeveling buy runescape gold buy runescape money runescape items runescape accounts runescape gp dofus kamas buy dofus kamas Guild Wars Gold buy Guild Wars Gold lotro gold buy lotro gold lotro gold buy lotro gold lotro gold buy lotro gold runescape money runescape power leveling runescape money runescape gold dofus kamas cheap runescape money cheap runescape gold Hellgate Palladium Hellgate London Palladium Hellgate money Tabula Rasa gold http://www.vgoldseller.com/tabula-rasa-c-1107.html>tabula rasa money Tabula Rasa Credit Tabula Rasa Credits Hellgate gold Hellgate London gold wow power leveling wow powerleveling Warcraft PowerLeveling Warcraft Power Leveling World of Warcraft PowerLeveling World of Warcraft Power Leveling runescape power leveling runescape powerleveling eve isk eve online isk eve isk eve online isk tibia gold Fiesta Silver Fiesta Gold Age of Conan Gold buy Age of Conan Gold aoc gold 肝血管瘤、音乐剧、呼吸机、针灸减肥、会计师事务所、呼吸机、压力变送器 china travel beijing tour、tibet tour 、tibet travel 、tibet travel service 、tibet tour 、chengdu travel agency 、yangtze river cruise

이 댓글을..

2008.10.30 09:45:35

dfssre

rsertser sertsert

이 댓글을..

2008.10.30 09:46:03

seryse

이 댓글을..

글쓴이 비밀번호 이메일 주소 홈페이지 비밀

배경, 글자, 이미지, 인용문등에서 더블클릭을 하시면 상세한 컴포넌트 설정이 가능합니다

HTML

파일 첨부 선택 삭제 본문 삽입

문서 첨부 제한 : 0Byte/ 2.00MB
파일 제한 크기 : 2.00MB (허용 확장자 : *.*)

번호	제목	글쓴이	조회수	날짜
1555	Adobe AIR Multiple Code Execution and Security Bypass Vulnerabilities	sH4	59	2008-11-20
1554	Opera Browser "file://" URI Handling Buffer Overflow Vulnerability	sH4	58	2008-11-20
1553	Netgear WGR614 Interface Denial of Service Vulnerability	sH4	73	2008-11-19
1552	OpenSSH Cipher-Block Chaining Mode Plaintext Recovery Vulnerability	sH4	70	2008-11-19
1551	Sun Solaris IP Filter NAT Service DNS Cache Poisoning Vulnerability 1	sH4	220	2008-11-13
1550	Trend Micro ServerProtect Multiple Code Execution Vulnerabilities 1	sH4	150	2008-11-13
1549	Gnome Manual Pages Editor Multiple Buffer Overflow Vulnerabilities 1	sH4	155	2008-11-13
1548	Microsoft XML Core Services Multiple Remote Vulnerabilities (MS08-069) 1	sH4	207	2008-11-12
1547	Microsoft Windows SMB Credential Reflection Vulnerability (MS08-068) 1	sH4	159	2008-11-12
1546	Apple iLife and Aperture Image Handling Code Execution Vulnerabilities 1	sH4	140	2008-11-12
1545	VMware Privilege Escalation and Directory Traversal Vulnerabilities 1	sH4	172	2008-11-10
1544	IBM Hardware Management Console Denial of Service Vulnerability 1	sH4	181	2008-11-10
1543	Sun System Firmware Local Unauthorized Data Access Vulnerability 1	sH4	180	2008-11-10
1542	Adobe ColdFusion Local Sandbox Security Bypass Vulnerability 1	sH4	164	2008-11-10
1541	HP System Management Homepage Unauthorized Access 1	sH4	273	2008-11-04
1540	phpMyadmin "db" Parameter Handling Cross Site Scripting Vulnerability 1	sH4	339	2008-10-30
1539	OpenOffice.org WMF and EMF Handling Heap Overflow Vulnerabilities 1	sH4	315	2008-10-30
1538	Microsoft Windows Server Service Vulnerability (MS08-067)	sH4	492	2008-10-24
1537	Sun Integrated Lights-Out Manager Denial of Service Vulnerability	sH4	751	2008-10-23
1536	HP OpenView Shared Trace Service Denial of Service Vulnerability	sH4	404	2008-10-23

목록

쓰기

1 2 3 4 5 6 7 8 9 10