فا

‫ Linux Kernel DCCP Packets Handling Memory Corruption Vulnerabilities

IRCAD2014033206
Number:IRCAD2014033206
Date: 2014/03/19
Software:
Linux Kernel 2.6.x
Linux Kernel 3.10.x
Linux Kernel 3.12.x
Linux Kernel 3.13.x
Linux Kernel 3.2.x
Linux Kernel 3.4.x
Description
Multiple vulnerabilities have been reported in Linux Kernel, which can be exploited by malicious people to potentially compromise a vulnerable system.
The vulnerabilities are caused due to an error in the "dccp_new()", "dccp_packet()", and "dccp_error()" functions (net/netfilter/nf_conntrack_proto_dccp.c), which can be exploited to corrupt kernel stack memory via specially crafted DCCP packets.
Successful exploitation may allow execution of arbitrary code with kernel privileges.
The vulnerabilities are reported in versions 2.6.32.61, 3.2.55, 3.4.83, 3.10.33, 3.12.14, and 3.13.6.
Solution:
Fixed in the source code repository.
Resources:
secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 8 فروردین 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0